You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Text inputs in various routes are not properly validated. That's an oversight on my part. Were I designing these routes from scratch I would have considered it, but the Realworld spec is silent on input validation so I wasn't thinking about it.
Where variables are given, pick reasonable values for the context but don't assume they are the same values between routes:
It would be interesting to use https://github.com/Keats/validator, it's almost exactly what I was thinking when I mentioned an input validator framework in the Reddit thread.
The only thing it's missing, IMO, is enforcement of validation via typestate, so you can't forget to apply validation before you access the struct fields. I've made the suggestion there: Keats/validator#185
As pointed out by /u/LucasMathWalker on Reddit: https://www.reddit.com/r/rust/comments/shetb1/show_rrust_a_rust_implementation_of_the_realworld/hv42wuo/
Text inputs in various routes are not properly validated. That's an oversight on my part. Were I designing these routes from scratch I would have considered it, but the Realworld spec is silent on input validation so I wasn't thinking about it.
Where variables are given, pick reasonable values for the context but don't assume they are the same values between routes:
users::create_user()
: https://github.com/launchbadge/realworld-axum-sqlx/blob/main/src/http/users.rs#L60username
should be between X and Y characters longpassword
should be between X and Y characters long (allow long passwords but not super long)email
should be non-empty and "look like an email" and at most X characters long@
users::update_user()
:bio
to X characters in length.articles::create_article()
: https://github.com/launchbadge/realworld-axum-sqlx/blob/main/src/http/articles/mod.rs#L137title
should be between X and Y characters longdescription
should be between X and Y characters longbody
is not empty and at most X characters in length (Reddit uses 5000 for a comment, seems reasonable.)tag_list
to N elements; limit each tag to X characters in lengtharticles::update_article()
: https://github.com/launchbadge/realworld-axum-sqlx/blob/main/src/http/articles/mod.rs#L204articles::comments::add_comment()
: https://github.com/launchbadge/realworld-axum-sqlx/blob/main/src/http/articles/comments.rs#L121body
is not empty and limit it to X characters in length.The text was updated successfully, but these errors were encountered: