chore: extended input validation to email

Utilitycoder · Utilitycoder · commit 701495c17104 · 2023-06-12T23:52:25.000+01:00
diff --git a/src/domain.rs b/src/domain.rs
diff --git a/src/domain/mod.rs b/src/domain/mod.rs
@@ -0,0 +1,6 @@
+mod new_subscriber;
+mod subscriber_email;
+mod subscriber_name;
+
+pub use new_subscriber::NewSubscriber;
+pub use subscriber_name::SubscriberName;
diff --git a/src/domain/new_subscriber.rs b/src/domain/new_subscriber.rs
@@ -0,0 +1,5 @@
+use crate::domain::subscriber_name::SubscriberName;
+pub struct NewSubscriber {
+    pub email: String,
+    pub name: SubscriberName,
+}
diff --git a/src/domain/subscriber_email.rs b/src/domain/subscriber_email.rs
@@ -0,0 +1 @@
+
diff --git a/src/domain/subscriber_name.rs b/src/domain/subscriber_name.rs
@@ -0,0 +1,90 @@
+#[derive(Debug)]
+pub struct SubscriberName(String);
+
+impl AsRef<str> for SubscriberName {
+    fn as_ref(&self) -> &str {
+        &self.0
+    }
+}
+
+impl SubscriberName {
+    pub fn parse(s: String) -> Result<SubscriberName, String> {
+        let name = s.trim().to_string();
+        let is_empty_or_whitespace = name.trim().is_empty();
+        let is_too_long = name.len() > 256;
+        let forbidden_characters = ['/', '(', ')', '"', '<', '>', '\\', '{', '}'];
+        let contains_forbidden_characters = name
+            .chars()
+            .any(|char| forbidden_characters.contains(&char));
+        if is_empty_or_whitespace || is_too_long || contains_forbidden_characters {
+            Err(format!(
+                "`{}` is not a valid subscriber name. Subscriber name cannot be empty, more than 256 characters long, or contain the following characters: {:?}",
+                name,
+                forbidden_characters,
+            ))
+        } else {
+            Ok(Self(name))
+        }
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use claim::{assert_err, assert_ok};
+
+    #[test]
+    fn a_256_graheme_long_name_is_valid() {
+        let name = "a".repeat(256);
+        assert_ok!(SubscriberName::parse(name));
+    }
+
+    #[test]
+    fn a_name_longer_than_256_graphemes_is_rejected() {
+        let name = "a".repeat(257);
+        assert_err!(SubscriberName::parse(name));
+    }
+
+    #[test]
+    fn empty_string_is_rejected() {
+        let name = "".to_string();
+        assert_err!(SubscriberName::parse(name));
+    }
+
+    #[test]
+    fn whitespace_only_name_is_rejected() {
+        let name = " ".to_string();
+        assert_err!(SubscriberName::parse(name));
+    }
+
+    #[test]
+    fn a_name_containing_a_invalid_character_is_rejected() {
+        let invalid_characters = vec!['/', '(', ')', '"', '<', '>', '\\', '{', '}'];
+        for character in invalid_characters {
+            let name = format!("name{}", character);
+            assert_err!(SubscriberName::parse(name));
+        }
+    }
+
+    #[test]
+    fn a_name_containing_a_valid_character_is_valid() {
+        let valid_characters = vec!['a', 'A', '1', '-', '.', '_'];
+        for character in valid_characters {
+            let name = format!("name{}", character);
+            assert_ok!(SubscriberName::parse(name));
+        }
+    }
+
+    #[test]
+    fn a_valid_name_is_trimmed() {
+        let name = "  John Doe  ".to_string();
+        let parsed_name = SubscriberName::parse(name).unwrap();
+        assert_eq!(parsed_name.as_ref(), "John Doe");
+    }
+
+    #[test]
+    fn a_name_with_valid_characters_is_valid() {
+        let name = "John Doe".to_string();
+        assert_ok!(SubscriberName::parse(name));
+    }
+}
diff --git a/src/routes/subscriptions.rs b/src/routes/subscriptions.rs
@@ -1,8 +1,8 @@
+use crate::domain::{NewSubscriber, SubscriberName};
 use actix_web::{web, HttpResponse};
 use chrono::Utc;
 use sqlx::types::Uuid;
 use sqlx::PgPool;
-use crate::domain::{NewSubscriber, SubscriberName};
 
 #[allow(dead_code)]
 #[derive(serde::Deserialize)]
@@ -21,10 +21,16 @@ pub struct FormData {
 )]
 
 pub async fn subscribe(form: web::Form<FormData>, pool: web::Data<PgPool>) -> HttpResponse {
+    let subscriber_name = match SubscriberName::parse(form.0.name) {
+        Ok(name) => name,
+        Err(_) => return HttpResponse::BadRequest().finish(),
+    };
+
     let new_subscriber = NewSubscriber {
         email: form.0.email,
-        name: SubscriberName::parse(form.0.name),
+        name: subscriber_name,
     };
+
     match insert_subscriber(&new_subscriber, &pool).await {
         Ok(_) => HttpResponse::Ok().finish(),
         Err(e) => {
@@ -38,7 +44,10 @@ pub async fn subscribe(form: web::Form<FormData>, pool: web::Data<PgPool>) -> Ht
     name = "Saving a new subscriber details in the database",
     skip(new_subscriber, pool)
 )]
-async fn insert_subscriber(new_subscriber: &NewSubscriber, pool: &PgPool) -> Result<(), sqlx::Error> {
+async fn insert_subscriber(
+    new_subscriber: &NewSubscriber,
+    pool: &PgPool,
+) -> Result<(), sqlx::Error> {
     let subscribe_id = Uuid::new_v4();
     sqlx::query!(
         r#"
@@ -47,7 +56,7 @@ async fn insert_subscriber(new_subscriber: &NewSubscriber, pool: &PgPool) -> Res
         "#,
         subscribe_id,
         new_subscriber.email,
-        new_subscriber.name.inner_ref(),
+        new_subscriber.name.as_ref(),
         Utc::now()
     )
     .execute(pool)
