2023-03-12 18:00:57 +03:00
// GoToSocial
// Copyright (C) GoToSocial Authors admin@gotosocial.org
// SPDX-License-Identifier: AGPL-3.0-or-later
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
2021-04-01 21:46:45 +03:00
2021-09-01 19:29:25 +03:00
package validate
2021-04-01 21:46:45 +03:00
import (
"errors"
"fmt"
"net/mail"
2022-05-09 11:31:46 +03:00
"strings"
2021-04-01 21:46:45 +03:00
2021-09-11 14:19:06 +03:00
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
2022-09-12 14:14:29 +03:00
"github.com/superseriousbusiness/gotosocial/internal/config"
2021-09-01 19:29:25 +03:00
"github.com/superseriousbusiness/gotosocial/internal/regexes"
2021-04-01 21:46:45 +03:00
pwv "github.com/wagslane/go-password-validator"
"golang.org/x/text/language"
)
2021-06-23 17:35:57 +03:00
const (
2023-01-23 01:25:11 +03:00
maximumPasswordLength = 256
2021-06-23 17:35:57 +03:00
minimumPasswordEntropy = 60 // dictates password strength. See https://github.com/wagslane/go-password-validator
minimumReasonLength = 40
maximumReasonLength = 500
maximumSiteTitleLength = 40
maximumShortDescriptionLength = 500
maximumDescriptionLength = 5000
maximumSiteTermsLength = 5000
2021-09-01 19:29:25 +03:00
maximumUsernameLength = 64
2022-09-12 14:14:29 +03:00
maximumCustomCSSLength = 5000
2022-11-15 01:47:27 +03:00
maximumEmojiCategoryLength = 64
2023-03-06 12:30:19 +03:00
maximumProfileFieldLength = 255
maximumProfileFields = 4
2021-06-23 17:35:57 +03:00
)
2021-09-01 19:29:25 +03:00
// NewPassword returns an error if the given password is not sufficiently strong, or nil if it's ok.
func NewPassword ( password string ) error {
2021-04-01 21:46:45 +03:00
if password == "" {
return errors . New ( "no password provided" )
}
2022-11-03 16:38:06 +03:00
if len ( [ ] rune ( password ) ) > maximumPasswordLength {
2021-05-08 15:25:55 +03:00
return fmt . Errorf ( "password should be no more than %d chars" , maximumPasswordLength )
2021-04-01 21:46:45 +03:00
}
2022-05-09 11:31:46 +03:00
if err := pwv . Validate ( password , minimumPasswordEntropy ) ; err != nil {
// Modify error message to include percentage requred entropy the password has
percent := int ( 100 * pwv . GetEntropy ( password ) / minimumPasswordEntropy )
return errors . New ( strings . ReplaceAll (
err . Error ( ) ,
"insecure password" ,
2022-08-08 11:40:51 +03:00
fmt . Sprintf ( "password is only %d%% strength" , percent ) ) )
2022-05-09 11:31:46 +03:00
}
return nil // pasword OK
2021-04-01 21:46:45 +03:00
}
2021-09-01 19:29:25 +03:00
// Username makes sure that a given username is valid (ie., letters, numbers, underscores, check length).
2021-04-01 21:46:45 +03:00
// Returns an error if not.
2021-09-01 19:29:25 +03:00
func Username ( username string ) error {
2021-04-01 21:46:45 +03:00
if username == "" {
return errors . New ( "no username provided" )
}
2021-09-01 19:29:25 +03:00
if ! regexes . Username . MatchString ( username ) {
2021-06-23 17:35:57 +03:00
return fmt . Errorf ( "given username %s was invalid: must contain only lowercase letters, numbers, and underscores, max %d characters" , username , maximumUsernameLength )
2021-04-01 21:46:45 +03:00
}
return nil
}
2021-09-01 19:29:25 +03:00
// Email makes sure that a given email address is a valid address.
2021-04-01 21:46:45 +03:00
// Returns an error if not.
2021-09-01 19:29:25 +03:00
func Email ( email string ) error {
2021-04-01 21:46:45 +03:00
if email == "" {
return errors . New ( "no email provided" )
}
_ , err := mail . ParseAddress ( email )
return err
}
2021-09-01 19:29:25 +03:00
// Language checks that the given language string is a 2- or 3-letter ISO 639 code.
2021-04-01 21:46:45 +03:00
// Returns an error if the language cannot be parsed. See: https://pkg.go.dev/golang.org/x/text/language
2021-09-01 19:29:25 +03:00
func Language ( lang string ) error {
2021-04-01 21:46:45 +03:00
if lang == "" {
return errors . New ( "no language provided" )
}
_ , err := language . ParseBase ( lang )
return err
}
2021-09-01 19:29:25 +03:00
// SignUpReason checks that a sufficient reason is given for a server signup request
func SignUpReason ( reason string , reasonRequired bool ) error {
2021-04-01 21:46:45 +03:00
if ! reasonRequired {
// we don't care!
// we're not going to do anything with this text anyway if no reason is required
return nil
}
if reason == "" {
return errors . New ( "no reason provided" )
}
2022-11-03 16:38:06 +03:00
length := len ( [ ] rune ( reason ) )
if length < minimumReasonLength {
return fmt . Errorf ( "reason should be at least %d chars but '%s' was %d" , minimumReasonLength , reason , length )
2021-04-01 21:46:45 +03:00
}
2022-11-03 16:38:06 +03:00
if length > maximumReasonLength {
return fmt . Errorf ( "reason should be no more than %d chars but given reason was %d" , maximumReasonLength , length )
2021-04-01 21:46:45 +03:00
}
return nil
}
2021-09-01 19:29:25 +03:00
// DisplayName checks that a requested display name is valid
func DisplayName ( displayName string ) error {
2021-04-01 21:46:45 +03:00
// TODO: add some validation logic here -- length, characters, etc
return nil
}
2021-09-01 19:29:25 +03:00
// Note checks that a given profile/account note/bio is valid
func Note ( note string ) error {
2021-04-01 21:46:45 +03:00
// TODO: add some validation logic here -- length, characters, etc
return nil
}
2021-09-01 19:29:25 +03:00
// Privacy checks that the desired privacy setting is valid
func Privacy ( privacy string ) error {
2021-09-11 14:19:06 +03:00
if privacy == "" {
return fmt . Errorf ( "empty string for privacy not allowed" )
}
switch apimodel . Visibility ( privacy ) {
case apimodel . VisibilityDirect , apimodel . VisibilityMutualsOnly , apimodel . VisibilityPrivate , apimodel . VisibilityPublic , apimodel . VisibilityUnlisted :
return nil
}
2022-08-06 13:09:21 +03:00
return fmt . Errorf ( "privacy '%s' was not recognized, valid options are 'direct', 'mutuals_only', 'private', 'public', 'unlisted'" , privacy )
}
2023-03-02 14:06:40 +03:00
// StatusContentType checks that the desired status format setting is valid.
func StatusContentType ( statusContentType string ) error {
if statusContentType == "" {
2022-08-06 13:09:21 +03:00
return fmt . Errorf ( "empty string for status format not allowed" )
}
2023-03-02 14:06:40 +03:00
switch apimodel . StatusContentType ( statusContentType ) {
case apimodel . StatusContentTypePlain , apimodel . StatusContentTypeMarkdown :
2022-08-06 13:09:21 +03:00
return nil
}
2023-03-02 14:06:40 +03:00
return fmt . Errorf ( "status content type '%s' was not recognized, valid options are 'text/plain', 'text/markdown'" , statusContentType )
2021-04-01 21:46:45 +03:00
}
2021-04-19 20:42:19 +03:00
2022-09-12 14:14:29 +03:00
func CustomCSS ( customCSS string ) error {
if ! config . GetAccountsAllowCustomCSS ( ) {
return errors . New ( "accounts-allow-custom-css is not enabled for this instance" )
}
2022-11-03 16:38:06 +03:00
if length := len ( [ ] rune ( customCSS ) ) ; length > maximumCustomCSSLength {
2022-09-12 14:14:29 +03:00
return fmt . Errorf ( "custom_css must be less than %d characters, but submitted custom_css was %d characters" , maximumCustomCSSLength , length )
}
return nil
}
2021-09-01 19:29:25 +03:00
// EmojiShortcode just runs the given shortcode through the regular expression
2021-04-19 20:42:19 +03:00
// for emoji shortcodes, to figure out whether it's a valid shortcode, ie., 2-30 characters,
// lowercase a-z, numbers, and underscores.
2021-09-01 19:29:25 +03:00
func EmojiShortcode ( shortcode string ) error {
if ! regexes . EmojiShortcode . MatchString ( shortcode ) {
2021-04-19 20:42:19 +03:00
return fmt . Errorf ( "shortcode %s did not pass validation, must be between 2 and 30 characters, lowercase letters, numbers, and underscores only" , shortcode )
}
return nil
}
2021-06-23 17:35:57 +03:00
2022-11-15 01:47:27 +03:00
// EmojiCategory validates the length of the given category string.
func EmojiCategory ( category string ) error {
if length := len ( category ) ; length > maximumEmojiCategoryLength {
return fmt . Errorf ( "emoji category %s did not pass validation, must be less than %d characters, but provided value was %d characters" , category , maximumEmojiCategoryLength , length )
}
return nil
}
2021-09-01 19:29:25 +03:00
// SiteTitle ensures that the given site title is within spec.
func SiteTitle ( siteTitle string ) error {
2022-11-03 16:38:06 +03:00
if length := len ( [ ] rune ( siteTitle ) ) ; length > maximumSiteTitleLength {
return fmt . Errorf ( "site title should be no more than %d chars but given title was %d" , maximumSiteTitleLength , length )
2021-06-23 17:35:57 +03:00
}
return nil
}
2021-09-01 19:29:25 +03:00
// SiteShortDescription ensures that the given site short description is within spec.
func SiteShortDescription ( d string ) error {
2022-11-03 16:38:06 +03:00
if length := len ( [ ] rune ( d ) ) ; length > maximumShortDescriptionLength {
return fmt . Errorf ( "short description should be no more than %d chars but given description was %d" , maximumShortDescriptionLength , length )
2021-06-23 17:35:57 +03:00
}
return nil
}
2021-09-01 19:29:25 +03:00
// SiteDescription ensures that the given site description is within spec.
func SiteDescription ( d string ) error {
2022-11-03 16:38:06 +03:00
if length := len ( [ ] rune ( d ) ) ; length > maximumDescriptionLength {
return fmt . Errorf ( "description should be no more than %d chars but given description was %d" , maximumDescriptionLength , length )
2021-06-23 17:35:57 +03:00
}
return nil
}
2021-09-01 19:29:25 +03:00
// SiteTerms ensures that the given site terms string is within spec.
func SiteTerms ( t string ) error {
2022-11-03 16:38:06 +03:00
if length := len ( [ ] rune ( t ) ) ; length > maximumSiteTermsLength {
return fmt . Errorf ( "terms should be no more than %d chars but given terms was %d" , maximumSiteTermsLength , length )
2021-06-23 17:35:57 +03:00
}
return nil
}
2021-08-29 17:52:23 +03:00
2021-09-01 19:29:25 +03:00
// ULID returns true if the passed string is a valid ULID.
func ULID ( i string ) bool {
return regexes . ULID . MatchString ( i )
2021-08-29 17:52:23 +03:00
}
2023-03-06 12:30:19 +03:00
func ProfileFieldsCount ( fields [ ] apimodel . UpdateField ) error {
if length := len ( fields ) ; length > maximumProfileFields {
return fmt . Errorf ( "cannot have more than %d profile fields" , maximumProfileFields )
}
return nil
}
func ProfileField ( f * string ) string {
s := [ ] rune ( * f )
if len ( s ) > maximumProfileFieldLength {
return string ( s [ : maximumProfileFieldLength ] ) // trim profile field to maximum allowed length
}
return string ( * f )
}