Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BUG: invalid user|org / project name #154

Open
3 of 4 tasks
nelsonic opened this issue Mar 11, 2022 · 7 comments
Open
3 of 4 tasks

BUG: invalid user|org / project name #154

nelsonic opened this issue Mar 11, 2022 · 7 comments
Assignees
@SimonLab
Labels
awaiting-review bug chore priority-3 T1h technical

Comments

@nelsonic
Copy link
Member

nelsonic commented Mar 11, 2022
edited by SimonLab
Loading

Took a quick pomodoro break and looked at the Hits homepage: https://hits.dwyl.com

Noticed that there are still strange entries, e.g:

Fri, 11 Mar 2022 10:45:02 /' | remove_first: 'http:/' }}{{ page.url }}.svg 3618

What even is that? πŸ€·β€β™‚οΈ

Then there are the more innocuous but still incorrect ones:

Fri, 11 Mar 2022 10:43:12 /{mikel-brostrom}/{Yolov5_DeepSort_Pytorch}.svg 3562
Fri, 11 Mar 2022 10:06:13 /{cemac}/{SWIFTDB}.svg 22

image

I think we need to be more strict and actually reject requests that have invalid user|org or repo ... πŸ’­
We should create a new badge e.g: hits-invalid-url

https://img.shields.io/badge/hits-invalid%20url-red?style=flat-square

Todo

  • Write tests that attempt to request an invalid url using the samples above
    • Should return the "invalid url" badge
  • Implement the fix
  • Publish new version
@SimonLab
Copy link
Member

username rules:
image

@nelsonic
Copy link
Member Author

Indeed some form validation would go a long way.
but people are always going to do URL manipulation so we need some server side validation of requested SVGs. πŸ’­

@SimonLab
Copy link
Member

@SimonLab
Copy link
Member

I've created the following function to check the username and repository values:

defp user_valid?(user), do: String.match?(user, ~r/^([[:alnum:]]+-)*[[:alnum:]]+$/)
defp repository_valid?(repo), do: String.match?(repo, ~r/^[[:alnum:]-_.]+$/)

@nelsonic
Copy link
Member Author

Thanks for looking at this. πŸ‘
Definitely add comments for these functions and ref this issue. πŸ’­

SimonLab added a commit that referenced this issue Mar 14, 2022
@SimonLab
display 404 invalid badge when user or repository invalid, #154
e7bea54
@SimonLab SimonLab mentioned this issue Mar 14, 2022
Merged
@SimonLab SimonLab self-assigned this Mar 14, 2022
@nelsonic
Copy link
Member Author

@SimonLab thanks for creating the PR: #155
I think we need to have a basic 404 page in the app explaining that the URL needs to be valid for the badge to work just to improve the UX for the people who mistakenly created an invalid URL.

@SimonLab
Copy link
Member

I've created a new error page:
image

When a badge is created the link will direct to "/user/repository":
image

On this endpoint we check if the user and repository are valid and if not redirect to the new error page

nelsonic added a commit that referenced this issue Dec 19, 2022
@nelsonic
make /user/repo link in UI a clickable link! #154
8dad005
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@SimonLab SimonLab

Labels
awaiting-review bug chore priority-3 T1h technical
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nelsonic @SimonLab