From 057fcf6274e3bf3768a9edb047fcb21da135bb05 Mon Sep 17 00:00:00 2001 From: Fuegovic <32828263+fuegovic@users.noreply.github.com> Date: Wed, 28 Feb 2024 14:27:57 -0500 Subject: [PATCH] =?UTF-8?q?=F0=9F=8C=8D=20feat:=20Extend=20regex=20to=20su?= =?UTF-8?q?pport=20international=20usernames=20(#1918)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * 🌍 Extend regex to support international usernames * update validators.spec.js --- api/strategies/validators.js | 16 +++++++++++++++- api/strategies/validators.spec.js | 3 --- 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/api/strategies/validators.js b/api/strategies/validators.js index 4cd43e5fc..e8ae300f0 100644 --- a/api/strategies/validators.js +++ b/api/strategies/validators.js @@ -1,6 +1,20 @@ const { z } = require('zod'); -const allowedCharactersRegex = /^[a-zA-Z0-9_.@#$%&*()\p{Script=Latin}\p{Script=Common}]+$/u; +const allowedCharactersRegex = new RegExp( + '^[' + + 'a-zA-Z0-9_.@#$%&*()' + // Basic Latin characters and symbols + '\\p{Script=Latin}' + // Latin script characters + '\\p{Script=Common}' + // Characters common across scripts + '\\p{Script=Cyrillic}' + // Cyrillic script for Russian, etc. + '\\p{Script=Devanagari}' + // Devanagari script for Hindi, etc. + '\\p{Script=Han}' + // Han script for Chinese characters, etc. + '\\p{Script=Arabic}' + // Arabic script + '\\p{Script=Hiragana}' + // Hiragana script for Japanese + '\\p{Script=Katakana}' + // Katakana script for Japanese + '\\p{Script=Hangul}' + // Hangul script for Korean + ']+$', // End of string + 'u', // Use Unicode mode +); const injectionPatternsRegex = /('|--|\$ne|\$gt|\$lt|\$or|\{|\}|\*|;|<|>|\/|=)/i; const usernameSchema = z diff --git a/api/strategies/validators.spec.js b/api/strategies/validators.spec.js index 7f4e02b60..312f06923 100644 --- a/api/strategies/validators.spec.js +++ b/api/strategies/validators.spec.js @@ -404,9 +404,6 @@ describe('Zod Schemas', () => { it('should reject invalid usernames', () => { const invalidUsernames = [ - 'Π”ΠΌΠΈΡ‚Ρ€ΠΈΠΉ', // Cyrillic characters - 'Ω…Ψ­Ω…Ψ―', // Arabic characters - '张伟', // Chinese characters 'john{doe}', // Contains `{` and `}` 'j', // Only one character 'a'.repeat(81), // More than 80 characters