From b788340bdb48ee02679eb517b71cd533304f7088 Mon Sep 17 00:00:00 2001
From: Ivan <vaniasai05@gmail.com>
Date: Mon, 19 Feb 2024 15:19:45 +0200
Subject: [PATCH] update: added username check

---
 server/src/modules/auth/base/auth.service.ts | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/server/src/modules/auth/base/auth.service.ts b/server/src/modules/auth/base/auth.service.ts
index 1ba885a4..70497de5 100644
--- a/server/src/modules/auth/base/auth.service.ts
+++ b/server/src/modules/auth/base/auth.service.ts
@@ -397,6 +397,18 @@ export class AuthService {
       );
     }
 
+    if (userDto.username && !this.isUsernameAllowed(userDto.username)) {
+      throw new HttpException(
+        {
+          status: HttpStatus.UNPROCESSABLE_ENTITY,
+          errors: {
+            username: 'invalid',
+          },
+        },
+        HttpStatus.UNPROCESSABLE_ENTITY
+      );
+    }
+
     await this.sessionService.softDelete({
       user: {
         id: currentUser.id,
@@ -411,6 +423,10 @@ export class AuthService {
     });
   }
 
+  private isUsernameAllowed(username: string) {
+    return /^[A-Za-z0-9]+$/.test(username);
+  }
+
   async refreshToken(
     data: Pick<JwtRefreshPayloadType, 'sessionId'>
   ): Promise<Omit<LoginResponseType, 'user'>> {