Add CSRF token support

2025-09-03 15:36:28 +01:00
parent bdbf33098f
commit 0c2a8f3d98
7 changed files with 66 additions and 22 deletions
--- a/players.rb
+++ b/players.rb
@@ -9,21 +9,24 @@ module Players
  end

  def self.mk_player(username, email, pass)
-    raise ArgumentError, "Email format is wrong!" unless email.match?(/\A[\w+\-.]+@[a-z\d\-.]+\.[a-z]+\z/)
+    # rubocop:disable Layout/LineLength
+    raise ArgumentError, "Email format is wrong!" unless
+      email.match?(%r[(?:[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*|"(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21\x23-\x5b\x5d-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])*")@(?:(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?|\[(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?|[a-z0-9-]*[a-z0-9]:(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21-\x5a\x53-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])+)\])])
+    # rubocop:enable Layout/LineLength
    raise ArgumentError, "Username must be at least 4 characters long and of valid format." unless
      username.match?(/\A[a-zA-Z][a-zA-Z0-9_.-]+\z/) && username.length >= 4
    raise ArgumentError, "Password must be at least 8 characters and of valid format." unless
      pass.match?(/\A[a-zA-Z0-9_.!?@#$%^&*()+=-]+\z/) && pass.length >= 8

    digest = XXhash.xxh32(pass, ENV_HASH["SALT"])
-    code = CODE_ENV == :prod ? Array.new(24) { ALPHANUM.sample }.join : "!"
+    code = ENV_HASH["ENV"] == "prod" ? Array.new(24) { ALPHANUM.sample }.join : "!"

    DB[
      "insert into Players (username, digest, email, activation_code) values (?, ?, ?, ?)",
      username, digest, email, code
    ].insert

-    send_email(:new, email, username, code) if CODE_ENV == :prod
+    send_email(:new, email, username, code) if ENV_HASH["ENV"] == "prod"

    [200, "Successfully signed up!"]
  rescue ArgumentError => e