feat(backend): send coins via alias

2025-12-13 07:45:54 +00:00 · 2023-05-16 04:02:26 +02:00 · 2023-05-16 04:02:26 +02:00 · 6aa8ae9bf4
commit 6aa8ae9bf4
parent 7f91c378c1
3 changed files with 11 additions and 4 deletions
--- a/backend/src/graphql/resolver/TransactionResolver.ts
+++ b/backend/src/graphql/resolver/TransactionResolver.ts
@ -323,6 +323,7 @@ export class TransactionResolver {
    }
    // TODO this is subject to replay attacks
    // --- WHY?
    const senderUser = getUser(context)
    // validate recipient user
--- a/backend/src/graphql/resolver/util/findUserByIdentifier.ts
+++ b/backend/src/graphql/resolver/util/findUserByIdentifier.ts
@ -4,6 +4,8 @@ import { validate, version } from 'uuid'
 import { LogError } from '@/server/LogError'
 import { validAliasRegex } from './validateAlias'
 export const findUserByIdentifier = async (identifier: string): Promise<DbUser> => {
  let user: DbUser | undefined
  if (validate(identifier) && version(identifier) === 4) {
@ -27,8 +29,12 @@ export const findUserByIdentifier = async (identifier: string): Promise<DbUser>
    }
    user = userContact.user
    user.emailContact = userContact
  } else if (validAliasRegex.exec(identifier)) {
    user = await DbUser.findOne({ where: { alias: identifier }, relations: ['emailContact'] })
    if (!user) {
      throw new LogError('No user found to given identifier', identifier)
    }
  } else {
    // last is alias when implemented
    throw new LogError('Unknown identifier type', identifier)
  }
--- a/backend/src/graphql/resolver/util/validateAlias.ts
+++ b/backend/src/graphql/resolver/util/validateAlias.ts
@ -3,6 +3,8 @@ import { User as DbUser } from '@entity/User'
 import { LogError } from '@/server/LogError'
 export const validAliasRegex = /^(?=.{3,20}$)[a-zA-Z0-9]+(?:[_-][a-zA-Z0-9])*$/
 const reservedAlias = [
  'admin',
  'email',
@ -24,9 +26,7 @@ const reservedAlias = [
 export const validateAlias = async (alias: string): Promise<boolean> => {
  if (alias.length < 3) throw new LogError('Given alias is too short', alias)
  if (alias.length > 20) throw new LogError('Given alias is too long', alias)
-  /* eslint-disable-next-line security/detect-unsafe-regex */
+  if (!alias.match(validAliasRegex)) throw new LogError('Invalid characters in alias', alias)
  if (!alias.match(/^[0-9A-Za-z]([_-]?[A-Za-z0-9])+$/))
    throw new LogError('Invalid characters in alias', alias)
  if (reservedAlias.includes(alias.toLowerCase())) throw new LogError('Alias is not allowed', alias)
  const aliasInUse = await DbUser.find({
    where: { alias: Raw((a) => `LOWER(${a}) = "${alias.toLowerCase()}"`) },