diff --git a/routes/auth/signup.js b/routes/auth/signup.js index 519d8cc04..ca4713740 100644 --- a/routes/auth/signup.js +++ b/routes/auth/signup.js @@ -1,7 +1,7 @@ import { COOKIE_MAX_AGE } from '../../server/constants.js'; import getUser from '../../database/account-info/get-user.js'; import createUser from '../../database/account-info/create-user.js'; -import { generateToken, saltAndHashPassword, sendVerificationEmail, validateUsername } from '../../server/authentication.js'; +import { generateToken, saltAndHashPassword, sendVerificationEmail, validateEmail, validateUsername } from '../../server/authentication.js'; import { Router } from 'express'; @@ -30,8 +30,13 @@ router.post('/', async (req, res) => { req.session.token = generateToken(username); req.session.expires = expires; - const password = saltAndHashPassword(req.body.password); const email = req.body.email; + if (email && !validateEmail(email)) { + res.sendStatus(400); + return; + } + + const password = saltAndHashPassword(req.body.password); await createUser(username, password, email); sendVerificationEmail(username); // console.log(`/api/auth: SIGNUP: User ${username} successfully signed up.`); diff --git a/server/authentication.js b/server/authentication.js index 33d17e082..a777fe187 100644 --- a/server/authentication.js +++ b/server/authentication.js @@ -133,6 +133,15 @@ export function updatePassword (username, newPassword) { return updateUser(username, { password: saltAndHashPassword(newPassword) }); } +/** + * + * @param {string} email + * @returns {boolean} True if the email is valid, and false otherwise. + */ +export function validateEmail (email) { + return /^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(email); +} + /** * * @param {string} username