Only allow number IDs to the user handlers

2024-08-30 18:23:09 +00:00 · 2022-05-18 22:54:44 +03:00 · 2022-05-18 22:54:44 +03:00 · 4c397ff454
commit 4c397ff454
parent 2bc26ef3fd
2 changed files with 4 additions and 3 deletions
--- a/app/classes/web/routes/api/api_handlers.py
+++ b/app/classes/web/routes/api/api_handlers.py
@ -49,7 +49,7 @@ def api_handlers(handler_args):
            handler_args,
        ),
        (
-            r"/api/v2/users/([a-z0-9_]+)/?",
+            r"/api/v2/users/([0-9]+)/?",
            ApiUsersUserIndexHandler,
            handler_args,
        ),
@ -59,7 +59,7 @@ def api_handlers(handler_args):
            handler_args,
        ),
        (
-            r"/api/v2/users/([a-z0-9_]+)/pfp/?",
+            r"/api/v2/users/([0-9]+)/pfp/?",
            ApiUsersUserPfpHandler,
            handler_args,
        ),
@ -69,7 +69,7 @@ def api_handlers(handler_args):
            handler_args,
        ),
        (
-            r"/api/v2/users/([a-z0-9_]+)/public/?",
+            r"/api/v2/users/([0-9]+)/public/?",
            ApiUsersUserPublicHandler,
            handler_args,
        ),
--- a/app/classes/web/routes/api/users/index.py
+++ b/app/classes/web/routes/api/users/index.py
@ -134,6 +134,7 @@ class ApiUsersIndexHandler(BaseApiHandler):
                )
            permissions_mask = "".join(permissions_mask)

+        # TODO: do this in the most efficient way
        user_id = self.controller.users.add_user(
            username,
            password,