Loading CHANGELOG.md +1 −0 Original line number Diff line number Diff line Loading @@ -12,6 +12,7 @@ The format is based on [keep a changelog](http://keepachangelog.com) and this pr - Improve unfiltered group listings responses. - Improve error when attempting to create a group with the system user. - Add userId field for permission validation in JS/Lua runtimes group update functions. - Allow standard space characters in usernames. ### Fixed - Fix creator id being read from the wrong argument in JS runtime group update function. Loading server/api_authenticate.go +12 −11 Original line number Diff line number Diff line Loading @@ -31,6 +31,7 @@ import ( ) var ( invalidUsernameRegex = regexp.MustCompilePOSIX("([[:cntrl:]]|[[\t\n\r\f\v]])+") invalidCharsRegex = regexp.MustCompilePOSIX("([[:cntrl:]]|[[:space:]])+") emailRegex = regexp.MustCompile("^.+@.+\\..+$") ) Loading Loading @@ -88,7 +89,7 @@ func (s *ApiServer) AuthenticateApple(ctx context.Context, in *api.AuthenticateA username := in.Username if username == "" { username = generateUsername() } else if invalidCharsRegex.MatchString(username) { } else if invalidUsernameRegex.MatchString(username) { return nil, status.Error(codes.InvalidArgument, "Username invalid, no spaces or control characters allowed.") } else if len(username) > 128 { return nil, status.Error(codes.InvalidArgument, "Username invalid, must be 1-128 bytes.") Loading Loading @@ -154,7 +155,7 @@ func (s *ApiServer) AuthenticateCustom(ctx context.Context, in *api.Authenticate username := in.Username if username == "" { username = generateUsername() } else if invalidCharsRegex.MatchString(username) { } else if invalidUsernameRegex.MatchString(username) { return nil, status.Error(codes.InvalidArgument, "Username invalid, no spaces or control characters allowed.") } else if len(username) > 128 { return nil, status.Error(codes.InvalidArgument, "Username invalid, must be 1-128 bytes.") Loading Loading @@ -220,7 +221,7 @@ func (s *ApiServer) AuthenticateDevice(ctx context.Context, in *api.Authenticate username := in.Username if username == "" { username = generateUsername() } else if invalidCharsRegex.MatchString(username) { } else if invalidUsernameRegex.MatchString(username) { return nil, status.Error(codes.InvalidArgument, "Username invalid, no spaces or control characters allowed.") } else if len(username) > 128 { return nil, status.Error(codes.InvalidArgument, "Username invalid, must be 1-128 bytes.") Loading Loading @@ -305,7 +306,7 @@ func (s *ApiServer) AuthenticateEmail(ctx context.Context, in *api.AuthenticateE // Email address was supplied, we are allowed to generate a username. username = generateUsername() } else if invalidCharsRegex.MatchString(username) { } else if invalidUsernameRegex.MatchString(username) { return nil, status.Error(codes.InvalidArgument, "Username invalid, no spaces or control characters allowed.") } else if len(username) > 128 { return nil, status.Error(codes.InvalidArgument, "Username invalid, must be 1-128 bytes.") Loading Loading @@ -378,7 +379,7 @@ func (s *ApiServer) AuthenticateFacebook(ctx context.Context, in *api.Authentica username := in.Username if username == "" { username = generateUsername() } else if invalidCharsRegex.MatchString(username) { } else if invalidUsernameRegex.MatchString(username) { return nil, status.Error(codes.InvalidArgument, "Username invalid, no spaces or control characters allowed.") } else if len(username) > 128 { return nil, status.Error(codes.InvalidArgument, "Username invalid, must be 1-128 bytes.") Loading Loading @@ -445,7 +446,7 @@ func (s *ApiServer) AuthenticateFacebookInstantGame(ctx context.Context, in *api username := in.Username if username == "" { username = generateUsername() } else if invalidCharsRegex.MatchString(username) { } else if invalidUsernameRegex.MatchString(username) { return nil, status.Error(codes.InvalidArgument, "Username invalid, no spaces or control characters allowed.") } else if len(username) > 128 { return nil, status.Error(codes.InvalidArgument, "Username invalid, must be 1-128 bytes.") Loading Loading @@ -518,7 +519,7 @@ func (s *ApiServer) AuthenticateGameCenter(ctx context.Context, in *api.Authenti username := in.Username if username == "" { username = generateUsername() } else if invalidCharsRegex.MatchString(username) { } else if invalidUsernameRegex.MatchString(username) { return nil, status.Error(codes.InvalidArgument, "Username invalid, no spaces or control characters allowed.") } else if len(username) > 128 { return nil, status.Error(codes.InvalidArgument, "Username invalid, must be 1-128 bytes.") Loading Loading @@ -580,7 +581,7 @@ func (s *ApiServer) AuthenticateGoogle(ctx context.Context, in *api.Authenticate username := in.Username if username == "" { username = generateUsername() } else if invalidCharsRegex.MatchString(username) { } else if invalidUsernameRegex.MatchString(username) { return nil, status.Error(codes.InvalidArgument, "Username invalid, no spaces or control characters allowed.") } else if len(username) > 128 { return nil, status.Error(codes.InvalidArgument, "Username invalid, must be 1-128 bytes.") Loading Loading @@ -646,7 +647,7 @@ func (s *ApiServer) AuthenticateSteam(ctx context.Context, in *api.AuthenticateS username := in.Username if username == "" { username = generateUsername() } else if invalidCharsRegex.MatchString(username) { } else if invalidUsernameRegex.MatchString(username) { return nil, status.Error(codes.InvalidArgument, "Username invalid, no spaces or control characters allowed.") } else if len(username) > 128 { return nil, status.Error(codes.InvalidArgument, "Username invalid, must be 1-128 bytes.") Loading server/console_account.go +1 −1 Original line number Diff line number Diff line Loading @@ -459,7 +459,7 @@ func (s *ConsoleServer) UpdateAccount(ctx context.Context, in *console.UpdateAcc if len(v.Value) == 0 { return nil, status.Error(codes.InvalidArgument, "Username cannot be emptypb.") } if invalidCharsRegex.MatchString(v.Value) { if invalidUsernameRegex.MatchString(v.Value) { return nil, status.Error(codes.InvalidArgument, "Username cannot contain spaces or control characters.") } params = append(params, v.Value) Loading server/core_account.go +1 −1 Original line number Diff line number Diff line Loading @@ -275,7 +275,7 @@ func updateAccounts(ctx context.Context, logger *zap.Logger, tx *sql.Tx, updates params = append(params, update.userID) if update.username != "" { if invalidCharsRegex.MatchString(update.username) { if invalidUsernameRegex.MatchString(update.username) { return errors.New("Username invalid, no spaces or control characters allowed.") } params = append(params, update.username) Loading server/runtime_go_nakama.go +9 −9 Original line number Diff line number Diff line Loading @@ -98,7 +98,7 @@ func (n *RuntimeGoNakamaModule) AuthenticateApple(ctx context.Context, token, us if username == "" { username = generateUsername() } else if invalidCharsRegex.MatchString(username) { } else if invalidUsernameRegex.MatchString(username) { return "", "", false, errors.New("expects username to be valid, no spaces or control characters allowed") } else if len(username) > 128 { return "", "", false, errors.New("expects id to be valid, must be 1-128 bytes") Loading @@ -118,7 +118,7 @@ func (n *RuntimeGoNakamaModule) AuthenticateCustom(ctx context.Context, id, user if username == "" { username = generateUsername() } else if invalidCharsRegex.MatchString(username) { } else if invalidUsernameRegex.MatchString(username) { return "", "", false, errors.New("expects username to be valid, no spaces or control characters allowed") } else if len(username) > 128 { return "", "", false, errors.New("expects id to be valid, must be 1-128 bytes") Loading @@ -138,7 +138,7 @@ func (n *RuntimeGoNakamaModule) AuthenticateDevice(ctx context.Context, id, user if username == "" { username = generateUsername() } else if invalidCharsRegex.MatchString(username) { } else if invalidUsernameRegex.MatchString(username) { return "", "", false, errors.New("expects username to be valid, no spaces or control characters allowed") } else if len(username) > 128 { return "", "", false, errors.New("expects id to be valid, must be 1-128 bytes") Loading Loading @@ -171,7 +171,7 @@ func (n *RuntimeGoNakamaModule) AuthenticateEmail(ctx context.Context, email, pa } username = generateUsername() } else if invalidCharsRegex.MatchString(username) { } else if invalidUsernameRegex.MatchString(username) { return "", "", false, errors.New("expects username to be valid, no spaces or control characters allowed") } else if len(username) > 128 { return "", "", false, errors.New("expects id to be valid, must be 1-128 bytes") Loading @@ -194,7 +194,7 @@ func (n *RuntimeGoNakamaModule) AuthenticateFacebook(ctx context.Context, token if username == "" { username = generateUsername() } else if invalidCharsRegex.MatchString(username) { } else if invalidUsernameRegex.MatchString(username) { return "", "", false, errors.New("expects username to be valid, no spaces or control characters allowed") } else if len(username) > 128 { return "", "", false, errors.New("expects id to be valid, must be 1-128 bytes") Loading @@ -216,7 +216,7 @@ func (n *RuntimeGoNakamaModule) AuthenticateFacebookInstantGame(ctx context.Cont if username == "" { username = generateUsername() } else if invalidCharsRegex.MatchString(username) { } else if invalidUsernameRegex.MatchString(username) { return "", "", false, errors.New("expects username to be valid, no spaces or control characters allowed") } else if len(username) > 128 { return "", "", false, errors.New("expects id to be valid, must be 1-128 bytes") Loading Loading @@ -247,7 +247,7 @@ func (n *RuntimeGoNakamaModule) AuthenticateGameCenter(ctx context.Context, play if username == "" { username = generateUsername() } else if invalidCharsRegex.MatchString(username) { } else if invalidUsernameRegex.MatchString(username) { return "", "", false, errors.New("expects username to be valid, no spaces or control characters allowed") } else if len(username) > 128 { return "", "", false, errors.New("expects id to be valid, must be 1-128 bytes") Loading @@ -263,7 +263,7 @@ func (n *RuntimeGoNakamaModule) AuthenticateGoogle(ctx context.Context, token, u if username == "" { username = generateUsername() } else if invalidCharsRegex.MatchString(username) { } else if invalidUsernameRegex.MatchString(username) { return "", "", false, errors.New("expects username to be valid, no spaces or control characters allowed") } else if len(username) > 128 { return "", "", false, errors.New("expects id to be valid, must be 1-128 bytes") Loading @@ -283,7 +283,7 @@ func (n *RuntimeGoNakamaModule) AuthenticateSteam(ctx context.Context, token, us if username == "" { username = generateUsername() } else if invalidCharsRegex.MatchString(username) { } else if invalidUsernameRegex.MatchString(username) { return "", "", false, errors.New("expects username to be valid, no spaces or control characters allowed") } else if len(username) > 128 { return "", "", false, errors.New("expects id to be valid, must be 1-128 bytes") Loading Loading
CHANGELOG.md +1 −0 Original line number Diff line number Diff line Loading @@ -12,6 +12,7 @@ The format is based on [keep a changelog](http://keepachangelog.com) and this pr - Improve unfiltered group listings responses. - Improve error when attempting to create a group with the system user. - Add userId field for permission validation in JS/Lua runtimes group update functions. - Allow standard space characters in usernames. ### Fixed - Fix creator id being read from the wrong argument in JS runtime group update function. Loading
server/api_authenticate.go +12 −11 Original line number Diff line number Diff line Loading @@ -31,6 +31,7 @@ import ( ) var ( invalidUsernameRegex = regexp.MustCompilePOSIX("([[:cntrl:]]|[[\t\n\r\f\v]])+") invalidCharsRegex = regexp.MustCompilePOSIX("([[:cntrl:]]|[[:space:]])+") emailRegex = regexp.MustCompile("^.+@.+\\..+$") ) Loading Loading @@ -88,7 +89,7 @@ func (s *ApiServer) AuthenticateApple(ctx context.Context, in *api.AuthenticateA username := in.Username if username == "" { username = generateUsername() } else if invalidCharsRegex.MatchString(username) { } else if invalidUsernameRegex.MatchString(username) { return nil, status.Error(codes.InvalidArgument, "Username invalid, no spaces or control characters allowed.") } else if len(username) > 128 { return nil, status.Error(codes.InvalidArgument, "Username invalid, must be 1-128 bytes.") Loading Loading @@ -154,7 +155,7 @@ func (s *ApiServer) AuthenticateCustom(ctx context.Context, in *api.Authenticate username := in.Username if username == "" { username = generateUsername() } else if invalidCharsRegex.MatchString(username) { } else if invalidUsernameRegex.MatchString(username) { return nil, status.Error(codes.InvalidArgument, "Username invalid, no spaces or control characters allowed.") } else if len(username) > 128 { return nil, status.Error(codes.InvalidArgument, "Username invalid, must be 1-128 bytes.") Loading Loading @@ -220,7 +221,7 @@ func (s *ApiServer) AuthenticateDevice(ctx context.Context, in *api.Authenticate username := in.Username if username == "" { username = generateUsername() } else if invalidCharsRegex.MatchString(username) { } else if invalidUsernameRegex.MatchString(username) { return nil, status.Error(codes.InvalidArgument, "Username invalid, no spaces or control characters allowed.") } else if len(username) > 128 { return nil, status.Error(codes.InvalidArgument, "Username invalid, must be 1-128 bytes.") Loading Loading @@ -305,7 +306,7 @@ func (s *ApiServer) AuthenticateEmail(ctx context.Context, in *api.AuthenticateE // Email address was supplied, we are allowed to generate a username. username = generateUsername() } else if invalidCharsRegex.MatchString(username) { } else if invalidUsernameRegex.MatchString(username) { return nil, status.Error(codes.InvalidArgument, "Username invalid, no spaces or control characters allowed.") } else if len(username) > 128 { return nil, status.Error(codes.InvalidArgument, "Username invalid, must be 1-128 bytes.") Loading Loading @@ -378,7 +379,7 @@ func (s *ApiServer) AuthenticateFacebook(ctx context.Context, in *api.Authentica username := in.Username if username == "" { username = generateUsername() } else if invalidCharsRegex.MatchString(username) { } else if invalidUsernameRegex.MatchString(username) { return nil, status.Error(codes.InvalidArgument, "Username invalid, no spaces or control characters allowed.") } else if len(username) > 128 { return nil, status.Error(codes.InvalidArgument, "Username invalid, must be 1-128 bytes.") Loading Loading @@ -445,7 +446,7 @@ func (s *ApiServer) AuthenticateFacebookInstantGame(ctx context.Context, in *api username := in.Username if username == "" { username = generateUsername() } else if invalidCharsRegex.MatchString(username) { } else if invalidUsernameRegex.MatchString(username) { return nil, status.Error(codes.InvalidArgument, "Username invalid, no spaces or control characters allowed.") } else if len(username) > 128 { return nil, status.Error(codes.InvalidArgument, "Username invalid, must be 1-128 bytes.") Loading Loading @@ -518,7 +519,7 @@ func (s *ApiServer) AuthenticateGameCenter(ctx context.Context, in *api.Authenti username := in.Username if username == "" { username = generateUsername() } else if invalidCharsRegex.MatchString(username) { } else if invalidUsernameRegex.MatchString(username) { return nil, status.Error(codes.InvalidArgument, "Username invalid, no spaces or control characters allowed.") } else if len(username) > 128 { return nil, status.Error(codes.InvalidArgument, "Username invalid, must be 1-128 bytes.") Loading Loading @@ -580,7 +581,7 @@ func (s *ApiServer) AuthenticateGoogle(ctx context.Context, in *api.Authenticate username := in.Username if username == "" { username = generateUsername() } else if invalidCharsRegex.MatchString(username) { } else if invalidUsernameRegex.MatchString(username) { return nil, status.Error(codes.InvalidArgument, "Username invalid, no spaces or control characters allowed.") } else if len(username) > 128 { return nil, status.Error(codes.InvalidArgument, "Username invalid, must be 1-128 bytes.") Loading Loading @@ -646,7 +647,7 @@ func (s *ApiServer) AuthenticateSteam(ctx context.Context, in *api.AuthenticateS username := in.Username if username == "" { username = generateUsername() } else if invalidCharsRegex.MatchString(username) { } else if invalidUsernameRegex.MatchString(username) { return nil, status.Error(codes.InvalidArgument, "Username invalid, no spaces or control characters allowed.") } else if len(username) > 128 { return nil, status.Error(codes.InvalidArgument, "Username invalid, must be 1-128 bytes.") Loading
server/console_account.go +1 −1 Original line number Diff line number Diff line Loading @@ -459,7 +459,7 @@ func (s *ConsoleServer) UpdateAccount(ctx context.Context, in *console.UpdateAcc if len(v.Value) == 0 { return nil, status.Error(codes.InvalidArgument, "Username cannot be emptypb.") } if invalidCharsRegex.MatchString(v.Value) { if invalidUsernameRegex.MatchString(v.Value) { return nil, status.Error(codes.InvalidArgument, "Username cannot contain spaces or control characters.") } params = append(params, v.Value) Loading
server/core_account.go +1 −1 Original line number Diff line number Diff line Loading @@ -275,7 +275,7 @@ func updateAccounts(ctx context.Context, logger *zap.Logger, tx *sql.Tx, updates params = append(params, update.userID) if update.username != "" { if invalidCharsRegex.MatchString(update.username) { if invalidUsernameRegex.MatchString(update.username) { return errors.New("Username invalid, no spaces or control characters allowed.") } params = append(params, update.username) Loading
server/runtime_go_nakama.go +9 −9 Original line number Diff line number Diff line Loading @@ -98,7 +98,7 @@ func (n *RuntimeGoNakamaModule) AuthenticateApple(ctx context.Context, token, us if username == "" { username = generateUsername() } else if invalidCharsRegex.MatchString(username) { } else if invalidUsernameRegex.MatchString(username) { return "", "", false, errors.New("expects username to be valid, no spaces or control characters allowed") } else if len(username) > 128 { return "", "", false, errors.New("expects id to be valid, must be 1-128 bytes") Loading @@ -118,7 +118,7 @@ func (n *RuntimeGoNakamaModule) AuthenticateCustom(ctx context.Context, id, user if username == "" { username = generateUsername() } else if invalidCharsRegex.MatchString(username) { } else if invalidUsernameRegex.MatchString(username) { return "", "", false, errors.New("expects username to be valid, no spaces or control characters allowed") } else if len(username) > 128 { return "", "", false, errors.New("expects id to be valid, must be 1-128 bytes") Loading @@ -138,7 +138,7 @@ func (n *RuntimeGoNakamaModule) AuthenticateDevice(ctx context.Context, id, user if username == "" { username = generateUsername() } else if invalidCharsRegex.MatchString(username) { } else if invalidUsernameRegex.MatchString(username) { return "", "", false, errors.New("expects username to be valid, no spaces or control characters allowed") } else if len(username) > 128 { return "", "", false, errors.New("expects id to be valid, must be 1-128 bytes") Loading Loading @@ -171,7 +171,7 @@ func (n *RuntimeGoNakamaModule) AuthenticateEmail(ctx context.Context, email, pa } username = generateUsername() } else if invalidCharsRegex.MatchString(username) { } else if invalidUsernameRegex.MatchString(username) { return "", "", false, errors.New("expects username to be valid, no spaces or control characters allowed") } else if len(username) > 128 { return "", "", false, errors.New("expects id to be valid, must be 1-128 bytes") Loading @@ -194,7 +194,7 @@ func (n *RuntimeGoNakamaModule) AuthenticateFacebook(ctx context.Context, token if username == "" { username = generateUsername() } else if invalidCharsRegex.MatchString(username) { } else if invalidUsernameRegex.MatchString(username) { return "", "", false, errors.New("expects username to be valid, no spaces or control characters allowed") } else if len(username) > 128 { return "", "", false, errors.New("expects id to be valid, must be 1-128 bytes") Loading @@ -216,7 +216,7 @@ func (n *RuntimeGoNakamaModule) AuthenticateFacebookInstantGame(ctx context.Cont if username == "" { username = generateUsername() } else if invalidCharsRegex.MatchString(username) { } else if invalidUsernameRegex.MatchString(username) { return "", "", false, errors.New("expects username to be valid, no spaces or control characters allowed") } else if len(username) > 128 { return "", "", false, errors.New("expects id to be valid, must be 1-128 bytes") Loading Loading @@ -247,7 +247,7 @@ func (n *RuntimeGoNakamaModule) AuthenticateGameCenter(ctx context.Context, play if username == "" { username = generateUsername() } else if invalidCharsRegex.MatchString(username) { } else if invalidUsernameRegex.MatchString(username) { return "", "", false, errors.New("expects username to be valid, no spaces or control characters allowed") } else if len(username) > 128 { return "", "", false, errors.New("expects id to be valid, must be 1-128 bytes") Loading @@ -263,7 +263,7 @@ func (n *RuntimeGoNakamaModule) AuthenticateGoogle(ctx context.Context, token, u if username == "" { username = generateUsername() } else if invalidCharsRegex.MatchString(username) { } else if invalidUsernameRegex.MatchString(username) { return "", "", false, errors.New("expects username to be valid, no spaces or control characters allowed") } else if len(username) > 128 { return "", "", false, errors.New("expects id to be valid, must be 1-128 bytes") Loading @@ -283,7 +283,7 @@ func (n *RuntimeGoNakamaModule) AuthenticateSteam(ctx context.Context, token, us if username == "" { username = generateUsername() } else if invalidCharsRegex.MatchString(username) { } else if invalidUsernameRegex.MatchString(username) { return "", "", false, errors.New("expects username to be valid, no spaces or control characters allowed") } else if len(username) > 128 { return "", "", false, errors.New("expects id to be valid, must be 1-128 bytes") Loading
