Hotfix: limit username length

2025-06-06 11:34:09 +02:00
parent 3606a008f0
commit ea623b2d76
2 changed files with 14 additions and 3 deletions
--- a/db/models.py
+++ b/db/models.py
@@ -20,7 +20,11 @@ import secrets
 from sqlalchemy import create_engine, text
 from fastapi import HTTPException

-DATABASE_URL = "sqlite:///./test.db"
+import os
+from dotenv import load_dotenv
+
+DATABASE_FILE = os.getenv("DATABASE_FILE", "test.db")
+DATABASE_URL = "sqlite:///" + str(DATABASE_FILE)

 engine = create_engine(DATABASE_URL, connect_args={"check_same_thread": False})

--- a/main.py
+++ b/main.py
@@ -25,6 +25,8 @@ from db.models import set_prepaid_user_money
 from db.models import del_user_prepaid

 from auth import oidc
+import os
+from dotenv import load_dotenv



@@ -32,7 +34,10 @@ ADMIN_GROUP = "Getraenkeliste Verantwortliche"
 FS_GROUP = "Getraenkeliste Postpaid"

 app = FastAPI()
-app.add_middleware(SessionMiddleware, secret_key="my_secret_key")
+load_dotenv()
+SECRET_KEY = os.getenv("SECRET_KEY", "my_secret_key")
+
+app.add_middleware(SessionMiddleware, secret_key=str(SECRET_KEY))
 app.include_router(oidc.router)

 app.mount("/static", StaticFiles(directory="static"), name="static")
@@ -236,9 +241,11 @@ def add_prepaid_user(request: Request, username: str = Form(...), start_money: f

    if user_exists:
        raise HTTPException(status_code=400, detail="User already exists")
-    
+
    if start_money < 0 or start_money > 100:
        raise HTTPException(status_code=400, detail="Start money must be between 0 and 100")
+    if len(username) < 3 or len(username) > 20:
+        raise HTTPException(status_code=400, detail="Username must be between 3 and 20 characters")

    create_prepaid_user(username, active_user_db_id, int(start_money*100))