account_service.py: 添加注册时用户名的非法字符过滤

2022-10-21 10:44:39 +08:00 · 2022-10-21 10:44:39 +08:00 · 5844eab6d5
parent 02ffcd3b59
commit 5844eab6d5
1 changed files with 13 additions and 1 deletions
--- a/app/account_service.py
+++ b/app/account_service.py
@ -19,7 +19,19 @@ def signup():
        # POST方法需判断是否注册成功，再根据结果返回不同的内容
        username = escape(request.form['username'])
        password = escape(request.form['password'])
-
+        #! 添加如下代码为了过滤注册时的非法字符
+        if len(username) > 20:
+            return '用户名过长'
+        # 正则匹配非法字符
+        check_useful = re.search(u'^[_a-zA-Z0-9\u4e00-\u9fa5]+$', username)
+        if not check_useful:
+            return '存在非法字符'
+        # 判断用户名是否和接口重名
+        if username in ["signup", "login", "logout", 
+                        "reset", "mark", "back", 
+                        "unfamiliar", "familiar", 'del']:
+            return '请勿与接口同名'
+        
        available = check_username_availability(username)
        if not available: # 用户名不可用
            flash('用户名 %s 已经被注册。' % (username))