From 3f003b5353e1e440fe55a0240206b4e316489610 Mon Sep 17 00:00:00 2001
From: Sam <sam@sam.wf>
Date: Tue, 2 May 2023 02:18:35 +0200
Subject: [PATCH] feat: disallow {} in member names

---
 backend/db/member.go                         | 2 +-
 backend/routes/member/create_member.go       | 2 +-
 frontend/src/lib/api/regex.ts                | 2 +-
 frontend/src/routes/@[username]/+page.svelte | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/backend/db/member.go b/backend/db/member.go
index 85ad5a2..08e75e7 100644
--- a/backend/db/member.go
+++ b/backend/db/member.go
@@ -35,7 +35,7 @@ const (
 )
 
 // member names must match this regex
-var memberNameRegex = regexp.MustCompile("^[^@\\?!#/\\\\[\\]\"'$%&()+<=>^|~`,]{1,100}$")
+var memberNameRegex = regexp.MustCompile("^[^@\\?!#/\\\\[\\]\"\\{\\}'$%&()+<=>^|~`,]{1,100}$")
 
 func MemberNameValid(name string) bool {
 	return memberNameRegex.MatchString(name)
diff --git a/backend/routes/member/create_member.go b/backend/routes/member/create_member.go
index 3724cd6..63dd571 100644
--- a/backend/routes/member/create_member.go
+++ b/backend/routes/member/create_member.go
@@ -80,7 +80,7 @@ func (s *Server) createMember(w http.ResponseWriter, r *http.Request) (err error
 	if !db.MemberNameValid(cmr.Name) {
 		return server.APIError{
 			Code:    server.ErrBadRequest,
-			Details: "Member name cannot contain any of the following: @, ?, !, #, /, \\, [, ], \", ', $, %, &, (, ), +, <, =, >, ^, |, ~, `, ,",
+			Details: "Member name cannot contain any of the following: @, ?, !, #, /, \\, [, ], \", ', $, %, &, (, ), {, }, +, <, =, >, ^, |, ~, `, ,",
 		}
 	}
 
diff --git a/frontend/src/lib/api/regex.ts b/frontend/src/lib/api/regex.ts
index a8f30e6..45db77c 100644
--- a/frontend/src/lib/api/regex.ts
+++ b/frontend/src/lib/api/regex.ts
@@ -1,2 +1,2 @@
-export const memberNameRegex = /^[^@\\?!#/\\\\[\]"'$%&()+<=>^|~`,]{1,100}$/;
+export const memberNameRegex = /^[^@\\?!#/\\\\[\]"\\{\\}'$%&()+<=>^|~`,]{1,100}$/;
 export const usernameRegex = /^[\w-.]{2,40}$/;
diff --git a/frontend/src/routes/@[username]/+page.svelte b/frontend/src/routes/@[username]/+page.svelte
index 407d80a..202fa9b 100644
--- a/frontend/src/routes/@[username]/+page.svelte
+++ b/frontend/src/routes/@[username]/+page.svelte
@@ -274,7 +274,7 @@
         <p class="text-muted my-2">
           <Icon name="info-circle-fill" aria-label="Info" /> Your members must have distinct names. Member
           names must be 100 characters long at most, and cannot contain the following characters: @ ?
-          ! # / \ [ ] " ' $ % & ( ) + &lt; = &gt; ^ | ~ ` and ,
+          ! # / \ [ ] " ' $ % & ( ) &lbrace; &rbrace; + &lt; = &gt; ^ | ~ ` and ,
         </p>
         {#if newMemberError}
           <ErrorAlert error={newMemberError} />