abonander
commented
2 years ago It would be interesting to use https://github.com/Keats/validator, it's almost exactly what I was thinking when I mentioned an input validator framework in the Reddit thread.
The only thing it's missing, IMO, is enforcement of validation via typestate, so you can't forget to apply validation before you access the struct fields. I've made the suggestion there: https://github.com/Keats/validator/issues/185
As pointed out by /u/LucasMathWalker on Reddit: https://www.reddit.com/r/rust/comments/shetb1/show_rrust_a_rust_implementation_of_the_realworld/hv42wuo/
Text inputs in various routes are not properly validated. That's an oversight on my part. Were I designing these routes from scratch I would have considered it, but the Realworld spec is silent on input validation so I wasn't thinking about it.
Where variables are given, pick reasonable values for the context but don't assume they are the same values between routes:
users::create_user(): https://github.com/launchbadge/realworld-axum-sqlx/blob/main/src/http/users.rs#L60usernameshould be between X and Y characters longpasswordshould be between X and Y characters long (allow long passwords but not super long)emailshould be non-empty and "look like an email" and at most X characters long@users::update_user():bioto X characters in length.articles::create_article(): https://github.com/launchbadge/realworld-axum-sqlx/blob/main/src/http/articles/mod.rs#L137titleshould be between X and Y characters longdescriptionshould be between X and Y characters longbodyis not empty and at most X characters in length (Reddit uses 5000 for a comment, seems reasonable.)tag_listto N elements; limit each tag to X characters in lengtharticles::update_article(): https://github.com/launchbadge/realworld-axum-sqlx/blob/main/src/http/articles/mod.rs#L204articles::comments::add_comment(): https://github.com/launchbadge/realworld-axum-sqlx/blob/main/src/http/articles/comments.rs#L121bodyis not empty and limit it to X characters in length.