feat(backend): send coins via alias

2025-12-13 07:45:54 +00:00 · 2023-05-16 04:02:26 +02:00 · 2023-05-16 04:02:26 +02:00 · 6aa8ae9bf4
commit 6aa8ae9bf4
parent 7f91c378c1
3 changed files with 11 additions and 4 deletions
--- a/backend/src/graphql/resolver/TransactionResolver.ts
+++ b/backend/src/graphql/resolver/TransactionResolver.ts
@ -323,6 +323,7 @@ export class TransactionResolver {
    }

    // TODO this is subject to replay attacks
+    // --- WHY?
    const senderUser = getUser(context)

    // validate recipient user
--- a/backend/src/graphql/resolver/util/findUserByIdentifier.ts
+++ b/backend/src/graphql/resolver/util/findUserByIdentifier.ts
@ -4,6 +4,8 @@ import { validate, version } from 'uuid'

 import { LogError } from '@/server/LogError'

+import { validAliasRegex } from './validateAlias'
+
 export const findUserByIdentifier = async (identifier: string): Promise<DbUser> => {
  let user: DbUser | undefined
  if (validate(identifier) && version(identifier) === 4) {
@ -27,8 +29,12 @@ export const findUserByIdentifier = async (identifier: string): Promise<DbUser>
    }
    user = userContact.user
    user.emailContact = userContact
+  } else if (validAliasRegex.exec(identifier)) {
+    user = await DbUser.findOne({ where: { alias: identifier }, relations: ['emailContact'] })
+    if (!user) {
+      throw new LogError('No user found to given identifier', identifier)
+    }
  } else {
-    // last is alias when implemented
    throw new LogError('Unknown identifier type', identifier)
  }

--- a/backend/src/graphql/resolver/util/validateAlias.ts
+++ b/backend/src/graphql/resolver/util/validateAlias.ts
@ -3,6 +3,8 @@ import { User as DbUser } from '@entity/User'

 import { LogError } from '@/server/LogError'

+export const validAliasRegex = /^(?=.{3,20}$)[a-zA-Z0-9]+(?:[_-][a-zA-Z0-9])*$/
+
 const reservedAlias = [
  'admin',
  'email',
@ -24,9 +26,7 @@ const reservedAlias = [
 export const validateAlias = async (alias: string): Promise<boolean> => {
  if (alias.length < 3) throw new LogError('Given alias is too short', alias)
  if (alias.length > 20) throw new LogError('Given alias is too long', alias)
-  /* eslint-disable-next-line security/detect-unsafe-regex */
-  if (!alias.match(/^[0-9A-Za-z]([_-]?[A-Za-z0-9])+$/))
-    throw new LogError('Invalid characters in alias', alias)
+  if (!alias.match(validAliasRegex)) throw new LogError('Invalid characters in alias', alias)
  if (reservedAlias.includes(alias.toLowerCase())) throw new LogError('Alias is not allowed', alias)
  const aliasInUse = await DbUser.find({
    where: { alias: Raw((a) => `LOWER(${a}) = "${alias.toLowerCase()}"`) },