nvrl/narlblog
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

validate slug

Browse Source
This commit is contained in:
Nils Pukropp
2026-05-09 06:02:42 +02:00
parent 801df057e0
commit e6cfd61307
1 changed files with 49 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/src/handlers/posts.rs
+49 -7
View File
@@ -16,14 +16,56 @@ use crate::{
const WORDS_PER_MINUTE: u32 = 200;
const MAX_SLUG_LEN: usize = 100;
const WINDOWS_RESERVED: &[&str] = &[
"CON", "PRN", "AUX", "NUL",
"COM1", "COM2", "COM3", "COM4", "COM5", "COM6", "COM7", "COM8", "COM9",
"LPT1", "LPT2", "LPT3", "LPT4", "LPT5", "LPT6", "LPT7", "LPT8", "LPT9",
];
fn validate_slug(s: &str) -> Result<(), AppError> {
if s.is_empty()
|| s.contains('/')
|| s.contains('\\')
|| s.contains("..")
|| s.contains('\0')
{
return Err(AppError::BadRequest("Invalid slug".to_string()));
if s.is_empty() {
return Err(AppError::BadRequest("Slug is empty".to_string()));
}
if s.len() > MAX_SLUG_LEN {
return Err(AppError::BadRequest(format!(
"Slug exceeds {} characters",
MAX_SLUG_LEN
)));
}
if s.starts_with('.') {
return Err(AppError::BadRequest(
"Slug cannot start with '.'".to_string(),
));
}
if s.ends_with('.') || s.ends_with(' ') {
return Err(AppError::BadRequest(
"Slug cannot end with '.' or space".to_string(),
));
}
if s.contains("..") {
return Err(AppError::BadRequest(
"Slug cannot contain '..'".to_string(),
));
}
for c in s.chars() {
if c.is_control() {
return Err(AppError::BadRequest(
"Slug contains control characters".to_string(),
));
}
if matches!(c, '/' | '\\' | '<' | '>' | ':' | '"' | '|' | '?' | '*') {
return Err(AppError::BadRequest(format!(
"Slug contains invalid character '{}'",
c
)));
}
}
let stem = s.split('.').next().unwrap_or("").to_ascii_uppercase();
if WINDOWS_RESERVED.iter().any(|r| *r == stem) {
return Err(AppError::BadRequest(
"Slug is a reserved name".to_string(),
));
}
Ok(())
}