pacnpal/thrilltrack-explorer
1
0
Fork 0
mirror of https://github.com/pacnpal/thrilltrack-explorer.git synced 2025-12-20 11:51:14 -05:00
Code Issues Packages Projects Releases Wiki Activity

Refactor: Improve validation schemas

Browse Source
This commit is contained in:
gpt-engineer-app[bot]
2025-10-14 17:52:50 +00:00
parent a255442616
commit 7a6273111d
8 changed files with 113 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/components/auth/MFAChallenge.tsx
View File

@@ -89,6 +89,7 @@ export function MFAChallenge({ factorId, onSuccess, onCancel }: MFAChallengeProp
value={code}
onChange={setCode}
onComplete={handleVerify}
onPaste={(e) => e.preventDefault()}
>
<InputOTPGroup>
<InputOTPSlot index={0} />

1
src/components/auth/TOTPSetup.tsx
View File

@@ -220,6 +220,7 @@ export function TOTPSetup() {
id="verificationCode"
value={verificationCode}
onChange={(e) => setVerificationCode(e.target.value)}
onPaste={(e) => e.preventDefault()}
placeholder="000000"
maxLength={6}
className="text-center text-lg tracking-widest font-mono"

9
src/components/settings/AccountProfileTab.tsx
View File

@@ -1,7 +1,6 @@
import { useState, useEffect } from 'react';
import { useForm } from 'react-hook-form';
import { zodResolver } from '@hookform/resolvers/zod';
import { z } from 'zod';
import { Button } from '@/components/ui/button';
import { Input } from '@/components/ui/input';
import { Textarea } from '@/components/ui/textarea';
@@ -24,11 +23,13 @@ import { Alert, AlertDescription, AlertTitle } from '@/components/ui/alert';
import { toast as sonnerToast } from 'sonner';
import { AccountDeletionDialog } from './AccountDeletionDialog';
import { DeletionStatusBanner } from './DeletionStatusBanner';
import { usernameSchema, displayNameSchema, bioSchema } from '@/lib/validation';
import { z } from 'zod';
const profileSchema = z.object({
username: z.string().min(3).max(30).regex(/^[a-zA-Z0-9_-]+$/),
display_name: z.string().max(50).optional(),
bio: z.string().max(500).optional(),
username: usernameSchema,
display_name: displayNameSchema,
bio: bioSchema,
preferred_pronouns: z.string().max(20).optional(),
show_pronouns: z.boolean(),
preferred_language: z.string()

14
src/components/settings/EmailChangeDialog.tsx
View File

@@ -157,9 +157,17 @@ export function EmailChangeDialog({ open, onOpenChange, currentEmail, userId }:
setStep('success');
} catch (error: any) {
console.error('Email change error:', error);
toast.error('Failed to change email', {
description: error.message || 'Please try again.',
});
// Handle rate limiting specifically
if (error.message?.includes('rate limit') || error.status === 429) {
toast.error('Too Many Attempts', {
description: 'Please wait a few minutes before trying again.',
});
} else {
toast.error('Failed to change email', {
description: error.message || 'Please try again.',
});
}
} finally {
setLoading(false);
}

4
src/components/settings/LocationTab.tsx
View File

@@ -15,11 +15,13 @@ import { useProfile } from '@/hooks/useProfile';
import { useUnitPreferences } from '@/hooks/useUnitPreferences';
import { supabase } from '@/integrations/supabase/client';
import { MapPin, Calendar, Globe, Accessibility, Ruler } from 'lucide-react';
import { personalLocationSchema } from '@/lib/validation';
const locationSchema = z.object({
preferred_pronouns: z.string().max(20).optional(),
timezone: z.string(),
preferred_language: z.string(),
personal_location: z.string().max(100).optional(),
personal_location: personalLocationSchema,
home_park_id: z.string().optional()
});
type LocationFormData = z.infer<typeof locationSchema>;

34
src/components/settings/PasswordUpdateDialog.tsx
View File

@@ -1,7 +1,6 @@
import { useState, useEffect } from 'react';
import { useForm } from 'react-hook-form';
import { zodResolver } from '@hookform/resolvers/zod';
import { z } from 'zod';
import {
Dialog,
DialogContent,
@@ -19,15 +18,9 @@ import { Loader2, Shield, CheckCircle2 } from 'lucide-react';
import { InputOTP, InputOTPGroup, InputOTPSlot } from '@/components/ui/input-otp';
import { TurnstileCaptcha } from '@/components/auth/TurnstileCaptcha';
import { useTheme } from '@/components/theme/ThemeProvider';
import { passwordSchema } from '@/lib/validation';
const passwordSchema = z.object({
currentPassword: z.string().min(1, 'Current password is required'),
newPassword: z.string().min(8, 'Password must be at least 8 characters'),
confirmPassword: z.string()
}).refine(data => data.newPassword === data.confirmPassword, {
message: "Passwords don't match",
path: ["confirmPassword"]
});
import { z } from 'zod';
type PasswordFormData = z.infer<typeof passwordSchema>;
@@ -124,11 +117,20 @@ export function PasswordUpdateDialog({ open, onOpenChange, onSuccess }: Password
await updatePasswordWithNonce(data.newPassword, generatedNonce);
}
} catch (error: any) {
toast({
title: 'Authentication Error',
description: error.message || 'Incorrect password. Please try again.',
variant: 'destructive'
});
// Handle rate limiting specifically
if (error.message?.includes('rate limit') || error.status === 429) {
toast({
title: 'Too Many Attempts',
description: 'Please wait a few minutes before trying again.',
variant: 'destructive'
});
} else {
toast({
title: 'Authentication Error',
description: error.message || 'Incorrect password. Please try again.',
variant: 'destructive'
});
}
} finally {
setLoading(false);
}
@@ -280,6 +282,9 @@ export function PasswordUpdateDialog({ open, onOpenChange, onSuccess }: Password
placeholder="Enter your new password"
disabled={loading}
/>
<p className="text-xs text-muted-foreground">
Must be 8+ characters with uppercase, lowercase, number, and special character
</p>
{form.formState.errors.newPassword && (
<p className="text-sm text-destructive">
{form.formState.errors.newPassword.message}
@@ -348,6 +353,7 @@ export function PasswordUpdateDialog({ open, onOpenChange, onSuccess }: Password
value={totpCode}
onChange={setTotpCode}
disabled={loading}
onPaste={(e) => e.preventDefault()}
>
<InputOTPGroup>
<InputOTPSlot index={0} />

35
src/components/settings/SecurityTab.tsx
View File

@@ -60,19 +60,36 @@ export function SecurityTab() {
};
const handleSocialLogin = async (provider: OAuthProvider) => {
const result = await connectIdentity(provider, '/settings?tab=security');
try {
const result = await connectIdentity(provider, '/settings?tab=security');
if (!result.success) {
if (!result.success) {
// Handle rate limiting
if (result.error?.includes('rate limit')) {
toast({
title: 'Too Many Attempts',
description: 'Please wait a few minutes before trying again.',
variant: 'destructive'
});
} else {
toast({
title: 'Connection Failed',
description: result.error,
variant: 'destructive'
});
}
} else {
toast({
title: 'Redirecting...',
description: `Connecting your ${provider} account...`
});
}
} catch (error: any) {
toast({
title: 'Connection Failed',
description: result.error,
title: 'Connection Error',
description: error.message || 'Failed to connect account',
variant: 'destructive'
});
} else {
toast({
title: 'Redirecting...',
description: `Connecting your ${provider} account...`
});
}
};

48
src/lib/validation.ts
View File

@@ -32,8 +32,14 @@ export const usernameSchema = z
.string()
.min(3, 'Username must be at least 3 characters')
.max(30, 'Username must be less than 30 characters')
.regex(/^[a-zA-Z0-9_-]+$/, 'Username can only contain letters, numbers, underscores, and hyphens')
.regex(/^[a-zA-Z0-9]/, 'Username must start with a letter or number')
.regex(
/^[a-zA-Z0-9]([a-zA-Z0-9_-]*[a-zA-Z0-9])?$/,
'Username must start and end with letters/numbers, and can only contain letters, numbers, hyphens, and underscores'
)
.refine(
(val) => !/[-_]{2,}/.test(val),
'Username cannot contain consecutive hyphens or underscores'
)
.transform(val => val.toLowerCase())
.refine(val => !FORBIDDEN_USERNAMES.has(val), 'This username is not allowed');
@@ -50,10 +56,46 @@ export const displayNameSchema = z
}, 'Display name contains inappropriate content')
.optional();
// Password validation schema with complexity requirements
export const passwordSchema = z.object({
currentPassword: z.string().min(1, 'Current password is required'),
newPassword: z.string()
.min(8, 'Password must be at least 8 characters')
.max(128, 'Password must be less than 128 characters')
.regex(/[A-Z]/, 'Password must contain at least one uppercase letter')
.regex(/[a-z]/, 'Password must contain at least one lowercase letter')
.regex(/[0-9]/, 'Password must contain at least one number')
.regex(/[^A-Za-z0-9]/, 'Password must contain at least one special character'),
confirmPassword: z.string()
}).refine(data => data.newPassword === data.confirmPassword, {
message: "Passwords don't match",
path: ["confirmPassword"]
});
// Bio field validation with sanitization
export const bioSchema = z.string()
.max(500, 'Bio must be less than 500 characters')
.transform(val => val?.trim())
.refine(
val => !val || !/[<>]/.test(val),
'Bio cannot contain HTML tags'
)
.optional();
// Personal location field validation with sanitization
export const personalLocationSchema = z.string()
.max(100, 'Location must be less than 100 characters')
.transform(val => val?.trim())
.refine(
val => !val || !/[<>{}]/.test(val),
'Location cannot contain special characters'
)
.optional();
export const profileEditSchema = z.object({
username: usernameSchema,
display_name: displayNameSchema,
bio: z.string().max(500, 'Bio must be less than 500 characters').optional(),
bio: bioSchema,
});
export type ProfileEditForm = z.infer<typeof profileEditSchema>;