feat: not contain null&NTFS

mv check to /validator
add validator test,

Author: Brownjy

controller/branch_ctl.go

@@ -3,14 +3,10 @@ package controller
 import (
 	"context"
 	"errors"
-	"fmt"
-	"net/http"
-	"regexp"
-	"strings"
-
 	"github.com/jiaozifs/jiaozifs/block/params"
-
+	"github.com/jiaozifs/jiaozifs/controller/validator"
 	"github.com/jiaozifs/jiaozifs/versionmgr"
+	"net/http"
 
 	"github.com/jiaozifs/jiaozifs/api"
 	"github.com/jiaozifs/jiaozifs/auth"
@@ -19,36 +15,6 @@ import (
 	"go.uber.org/fx"
 )
 
-var MaxBranchNameLength = 40
-var branchNameRegex = regexp.MustCompile(`^[\w]+\/?[\w]+$`)
-
-func CheckBranchName(name string) error {
-	for _, blackName := range RepoNameBlackList {
-		if name == blackName {
-			return errors.New("repository name is black list")
-		}
-	}
-
-	if len(name) > MaxBranchNameLength {
-		return fmt.Errorf("branch name is too long")
-	}
-
-	seg := strings.Split(name, "/")
-	if len(seg) > 2 {
-		return fmt.Errorf("branch format must be <name> or <name>/<name>")
-	}
-
-	if !branchNameRegex.Match([]byte(seg[0])) {
-		return fmt.Errorf("invalid branch name: %s, must start with a number or letter and can only contain numbers, letters, hyphens or underscores", seg[0])
-	}
-	if len(seg) > 2 {
-		if !branchNameRegex.Match([]byte(seg[1])) {
-			return fmt.Errorf("invalid branch name: %s, must start with a number or letter and can only contain numbers, letters, hyphens or underscores", seg[1])
-		}
-	}
-	return nil
-}
-
 type BranchController struct {
 	fx.In
 
@@ -127,7 +93,7 @@ func (bct BranchController) ListBranches(ctx context.Context, w *api.JiaozifsRes
 }
 
 func (bct BranchController) CreateBranch(ctx context.Context, w *api.JiaozifsResponse, _ *http.Request, body api.CreateBranchJSONRequestBody, ownerName string, repositoryName string) {
-	if err := CheckBranchName(body.Name); err != nil {
+	if err := validator.ValidateBranchName(body.Name); err != nil {
 		w.BadRequest(err.Error())
 		return
 	}

controller/object_ctl.go

@@ -4,11 +4,11 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"github.com/jiaozifs/jiaozifs/controller/validator"
 	"io"
 	"mime"
 	"mime/multipart"
 	"net/http"
-	"regexp"
 	"time"
 
 	"github.com/go-openapi/swag"
@@ -26,14 +26,6 @@ import (
 )
 
 var objLog = logging.Logger("object_ctl")
-var pathRegex = regexp.MustCompile(`^([a-zA-Z0-9]+\/)*[a-zA-Z0-9]+(?:\.[a-zA-Z0-9]+)?$`) //nolint
-
-func CheckObjectPath(path string) error {
-	if !pathRegex.MatchString(path) {
-		return fmt.Errorf("invalid object path: it must start with a letter or digit, can contain letters, digits, and must be separated by slashes")
-	}
-	return nil
-}
 
 type ObjectController struct {
 	fx.In
@@ -321,7 +313,7 @@ func (oct ObjectController) UploadObject(ctx context.Context, w *api.JiaozifsRes
 	}
 	defer reader.Close() //nolint
 
-	err = CheckObjectPath(params.Path)
+	err = validator.ValidateObjectPath(params.Path)
 	if err != nil {
 		w.BadRequest(err.Error())
 		return

controller/repository_ctl.go

@@ -3,11 +3,10 @@ package controller
 import (
 	"context"
 	"encoding/json"
-	"errors"
 	"fmt"
+	"github.com/jiaozifs/jiaozifs/controller/validator"
 	"io"
 	"net/http"
-	"regexp"
 	"time"
 
 	"github.com/google/uuid"
@@ -27,23 +26,6 @@ import (
 const DefaultBranchName = "main"
 
 var repoLog = logging.Logger("repo control")
-var alphanumeric = regexp.MustCompile(`^[a-zA-Z0-9][a-zA-Z0-9_\-]{1,61}[a-zA-Z0-9]$`)
-
-// RepoNameBlackList forbid repo name, reserve for routes
-var RepoNameBlackList = []string{"repository", "repositories", "wip", "wips", "object", "objects", "commit", "commits", "ref", "refs", "repo", "repos", "user", "users"}
-
-func CheckRepositoryName(name string) error {
-	for _, blackName := range RepoNameBlackList {
-		if name == blackName {
-			return errors.New("repository name is black list")
-		}
-	}
-
-	if !alphanumeric.MatchString(name) {
-		return errors.New("repository name must start with a number or letter, can only contain numbers, letters, or hyphens, and must be between 3 and 63 characters in length")
-	}
-	return nil
-}
 
 type RepositoryController struct {
 	fx.In
@@ -150,7 +132,7 @@ func (repositoryCtl RepositoryController) ListRepository(ctx context.Context, w
 }
 
 func (repositoryCtl RepositoryController) CreateRepository(ctx context.Context, w *api.JiaozifsResponse, _ *http.Request, body api.CreateRepositoryJSONRequestBody) {
-	err := CheckRepositoryName(body.Name)
+	err := validator.ValidateRepoName(body.Name)
 	if err != nil {
 		w.BadRequest(err.Error())
 		return

controller/user_ctl.go

@@ -3,9 +3,8 @@ package controller
 import (
 	"context"
 	"encoding/hex"
-	"errors"
+	"github.com/jiaozifs/jiaozifs/controller/validator"
 	"net/http"
-	"regexp"
 	"time"
 
 	"github.com/jiaozifs/jiaozifs/utils"
@@ -23,19 +22,11 @@ import (
 )
 
 var userCtlLog = logging.Logger("user_ctl")
-var usernameRegex = regexp.MustCompile(`^[a-zA-Z0-9][a-zA-Z0-9_-]{1,28}[a-zA-Z0-9]$`)
 
 const (
 	AuthHeader = "Authorization"
 )
 
-func CheckUserName(name string) error {
-	if !usernameRegex.MatchString(name) {
-		return errors.New("invalid username: it must start and end with a letter or digit, can contain letters, digits, hyphens, and cannot start or end with a hyphen; the length must be between 3 and 30 characters")
-	}
-	return nil
-}
-
 type UserController struct {
 	fx.In
 
@@ -90,7 +81,7 @@ func (userCtl UserController) Login(ctx context.Context, w *api.JiaozifsResponse
 }
 
 func (userCtl UserController) Register(ctx context.Context, w *api.JiaozifsResponse, _ *http.Request, body api.RegisterJSONRequestBody) {
-	err := CheckUserName(body.Name)
+	err := validator.ValidateUsername(body.Name)
 	if err != nil {
 		w.BadRequest(err.Error())
 		return

controller/validator/validate.go

@@ -0,0 +1,83 @@
+package validator
+
+import (
+	"errors"
+	"regexp"
+	"strings"
+)
+
+var (
+	MaxBranchNameLength = 40
+
+	ReValidRef  = regexp.MustCompile(`^\w+/?\w+$`)
+	ReValidRepo = regexp.MustCompile(`^[a-zA-Z0-9][a-zA-Z0-9_\-]{1,61}[a-zA-Z0-9]$`)
+	ReValidUser = regexp.MustCompile(`^[a-zA-Z0-9][a-zA-Z0-9_-]{1,28}[a-zA-Z0-9]$`)
+	ReValidPath = regexp.MustCompile(`^(?:[^\x00-\x1F\\/:*?"<>|]+/)*[^\x00-\x1F\\/:*?"<>|]+$`)
+
+	// RepoNameBlackList forbid repo name, reserve for routes
+	RepoNameBlackList = []string{"repository", "repositories", "wip", "wips", "object", "objects", "commit", "commits", "ref", "refs", "repo", "repos", "user", "users"}
+)
+
+var (
+	ErrNameBlackList     = errors.New("repository name is black list")
+	ErrNameTooLong       = errors.New("name too long")
+	ErrBranchFormat      = errors.New("branch format must be <name> or <name>/<name>")
+	ErrInvalidBranchName = errors.New("invalid branch name: must start with a number or letter and can only contain numbers, letters, hyphens or underscores")
+	ErrInvalidRepoName   = errors.New("repository name must start with a number or letter, can only contain numbers, letters, or hyphens, and must be between 3 and 63 characters in length")
+	ErrInvalidUsername   = errors.New("invalid username: it must start and end with a letter or digit, can contain letters, digits, hyphens, and cannot start or end with a hyphen; the length must be between 3 and 30 characters")
+	ErrInvalidObjectPath = errors.New("invalid object path: it must not contain null characters or NTFS forbidden characters")
+)
+
+func ValidateBranchName(name string) error {
+	for _, blackName := range RepoNameBlackList {
+		if name == blackName {
+			return ErrNameBlackList
+		}
+	}
+
+	if len(name) > MaxBranchNameLength {
+		return ErrNameTooLong
+	}
+
+	seg := strings.Split(name, "/")
+	if len(seg) > 2 {
+		return ErrBranchFormat
+	}
+
+	if !ReValidRef.Match([]byte(seg[0])) {
+		return ErrInvalidBranchName
+	}
+	if len(seg) > 1 {
+		if !ReValidRef.Match([]byte(seg[1])) {
+			return ErrInvalidBranchName
+		}
+	}
+	return nil
+}
+
+func ValidateRepoName(name string) error {
+	for _, blackName := range RepoNameBlackList {
+		if name == blackName {
+			return ErrNameBlackList
+		}
+	}
+
+	if !ReValidRepo.MatchString(name) {
+		return ErrInvalidRepoName
+	}
+	return nil
+}
+
+func ValidateUsername(name string) error {
+	if !ReValidUser.MatchString(name) {
+		return ErrInvalidUsername
+	}
+	return nil
+}
+
+func ValidateObjectPath(path string) error {
+	if !ReValidPath.MatchString(path) {
+		return ErrInvalidObjectPath
+	}
+	return nil
+}

controller/validator/validate_test.go

@@ -0,0 +1,121 @@
+package validator
+
+import (
+	"testing"
+)
+
+func TestValidateBranchName(t *testing.T) {
+	//Validate branch names
+	validBranchNames := []string{"main", "feat/branch", "fix/bugfix"}
+	for _, name := range validBranchNames {
+		err := ValidateBranchName(name)
+		if err != nil {
+			t.Errorf("Expected no error for branch name '%s', but got: %s", name, err)
+		}
+	}
+
+	//Invalidate branch names
+	invalidBranchNames := []struct {
+		name  string
+		error string
+	}{
+		{"repository", "repository name is black list"},
+		{"wip", "repository name is black list"},
+		{"too_long_branch_name_that_exceeds_max_length_limit", "name too long"},
+		{"invalid/name\x00", "invalid branch name: must start with a number or letter and can only contain numbers, letters, hyphens or underscores"},
+		{"invalid/branch/name", "branch format must be <name> or <name>/<name>"},
+	}
+
+	for _, testCase := range invalidBranchNames {
+		err := ValidateBranchName(testCase.name)
+		if err == nil || err.Error() != testCase.error {
+			t.Errorf("Expected error '%s' for invalid branch name '%s', but got: %v", testCase.error, testCase.name, err)
+		}
+	}
+}
+
+func TestValidateRepoName(t *testing.T) {
+	//Validate Repo names
+	validRepoNames := []string{"myrepo", "user123", "project-name", "repo123_name"}
+	for _, name := range validRepoNames {
+		err := ValidateRepoName(name)
+		if err != nil {
+			t.Errorf("Expected no error for repo name '%s', but got: %s", name, err)
+		}
+	}
+
+	//Invalidate Repo names
+	invalidRepoNames := []struct {
+		name  string
+		error string
+	}{
+		{"repository", "repository name is black list"},
+		{"wip", "repository name is black list"},
+		{"invalid/name", "repository name must start with a number or letter, can only contain numbers, letters, or hyphens, and must be between 3 and 63 characters in length"},
+	}
+
+	for _, testCase := range invalidRepoNames {
+		err := ValidateRepoName(testCase.name)
+		if err == nil || err.Error() != testCase.error {
+			t.Errorf("Expected error '%s' for invalid repo name '%s', but got: %v", testCase.error, testCase.name, err)
+		}
+	}
+}
+
+func TestValidateUsername(t *testing.T) {
+	//Validate Username
+	validUsernames := []string{"user123", "username", "user_name", "user-123"}
+	for _, name := range validUsernames {
+		err := ValidateUsername(name)
+		if err != nil {
+			t.Errorf("Expected no error for username '%s', but got: %s", name, err)
+		}
+	}
+
+	//Invalidate Username
+	invalidUsernames := []struct {
+		name  string
+		error string
+	}{
+		{"user name", "invalid username: it must start and end with a letter or digit, can contain letters, digits, hyphens, and cannot start or end with a hyphen; the length must be between 3 and 30 characters"},
+		{"user-with-hyphen-", "invalid username: it must start and end with a letter or digit, can contain letters, digits, hyphens, and cannot start or end with a hyphen; the length must be between 3 and 30 characters"},
+		{"invalid/username", "invalid username: it must start and end with a letter or digit, can contain letters, digits, hyphens, and cannot start or end with a hyphen; the length must be between 3 and 30 characters"},
+	}
+
+	for _, testCase := range invalidUsernames {
+		err := ValidateUsername(testCase.name)
+		if err == nil || err.Error() != testCase.error {
+			t.Errorf("Expected error '%s' for invalid username '%s', but got: %v", testCase.error, testCase.name, err)
+		}
+	}
+}
+
+func TestValidateObjectPath(t *testing.T) {
+	//Validate Obj Path
+	validObjectPaths := []string{"path/to/object", "file.txt", "folder/file.txt"}
+	for _, path := range validObjectPaths {
+		err := ValidateObjectPath(path)
+		if err != nil {
+			t.Errorf("Expected no error for object path '%s', but got: %s", path, err)
+		}
+	}
+
+	//Invalidate Obj Path
+	invalidObjectPaths := []struct {
+		path  string
+		error string
+	}{
+		{"path/with/null\x00character", "invalid object path: it must not contain null characters or NTFS forbidden characters"},
+		{"path/with/invalid/characters/:", "invalid object path: it must not contain null characters or NTFS forbidden characters"},
+		{"path/with/invalid/characters/*", "invalid object path: it must not contain null characters or NTFS forbidden characters"},
+		{"path/with/invalid/characters/\"", "invalid object path: it must not contain null characters or NTFS forbidden characters"},
+		{"path/with/invalid/characters/<?", "invalid object path: it must not contain null characters or NTFS forbidden characters"},
+	}
+
+	for _, testCase := range invalidObjectPaths {
+		err := ValidateObjectPath(testCase.path)
+		if err == nil || err.Error() != testCase.error {
+			t.Errorf("Expected error '%s' for invalid object path '%s', but got: %v", testCase.error, testCase.path, err)
+		}
+	}
+}