1075fec53f
* Clean the user's display name on update. The user's display name should always be clean (see for example functions/src/create-user.ts). However, change-user-info.ts does not enforce this, thus potentially allowing a malicious user to change their name to something that doesn't satisfy the rules for clean display names. Note: this cannot happen currently because all callers (in profile.tsx) clean the name. However, doing it here is good defense in depth (similar to how the userName is cleaned). * Update display name max length to 30 * Add a script to hunt down too-long display names * Make util.isProd a function * Don't access admin.firestore() on top level of utils.ts Co-authored-by: Jonas Wagner <ltlygwayh@gmail.com>
13 lines
537 B
TypeScript
13 lines
537 B
TypeScript
export const cleanUsername = (name: string, maxLength = 25) => {
|
|
return name
|
|
.replace(/\s+/g, '')
|
|
.normalize('NFD') // split an accented letter in the base letter and the acent
|
|
.replace(/[\u0300-\u036f]/g, '') // remove all previously split accents
|
|
.replace(/[^A-Za-z0-9_]/g, '') // remove all chars not letters, numbers and underscores
|
|
.substring(0, maxLength)
|
|
}
|
|
|
|
export const cleanDisplayName = (displayName: string, maxLength = 30) => {
|
|
return displayName.replace(/\s+/g, ' ').substring(0, maxLength).trim()
|
|
}
|