From 09ab1dabdf25c9243cc93cc41abbb52a67c6701f Mon Sep 17 00:00:00 2001
From: Michael C <michael@mchang.name>
Date: Fri, 25 Jun 2021 11:57:27 -0400
Subject: [PATCH] set limit of 64 characters for lookup

---
 src/routes/getUserID.ts |  2 +-
 test/cases/getUserID.ts | 20 ++++++++++++++++++++
 2 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/src/routes/getUserID.ts b/src/routes/getUserID.ts
index 7e7317e..5e96491 100644
--- a/src/routes/getUserID.ts
+++ b/src/routes/getUserID.ts
@@ -5,7 +5,7 @@ import {Request, Response} from 'express';
 export async function getUserID(req: Request, res: Response) {
     let username = req.query.username as string;
 
-    if (username == undefined) {
+    if (username == undefined || username.length > 64) {
         //invalid request
         res.sendStatus(400);
         return;
diff --git a/test/cases/getUserID.ts b/test/cases/getUserID.ts
index cb3b8d9..24aabb3 100644
--- a/test/cases/getUserID.ts
+++ b/test/cases/getUserID.ts
@@ -11,6 +11,7 @@ describe('getUserID', () => {
         await db.prepare("run", insertUserNameQuery, [getHash("getuserid_user_03"), 'specific user 03']);
         await db.prepare("run", insertUserNameQuery, [getHash("getuserid_user_04"), 'repeating']);
         await db.prepare("run", insertUserNameQuery, [getHash("getuserid_user_05"), 'repeating']);
+        await db.prepare("run", insertUserNameQuery, [getHash("getuserid_user_06"), getHash("getuserid_user_06")]);
     });
 
     it('Should be able to get a 200', (done: Done) => {
@@ -32,6 +33,25 @@ describe('getUserID', () => {
         .catch(err => done('couldn\'t call endpoint'));
     });
 
+    it('Should be able to get a 200 (username is public id)', (done: Done) => {
+        fetch(getbaseURL() + '/api/userID?username='+getHash("getuserid_user_06"))
+        .then(async res => {
+            const text = await res.text()
+            if (res.status !== 200) done('non 200 (' + res.status + ')');
+            else done(); // pass
+        })
+        .catch(err => done('couldn\'t call endpoint'));
+    });
+
+    it('Should be able to get a 400 (username longer than 64 chars)', (done: Done) => {
+        fetch(getbaseURL() + '/api/userID?username='+getHash("getuserid_user_06")+'0')
+        .then(res => {
+            if (res.status !== 400) done('non 400 (' + res.status + ')');
+            else done(); // pass
+        })
+        .catch(err => done('couldn\'t call endpoint'));
+    });
+
     it('Should be able to get single username', (done: Done) => {
         fetch(getbaseURL() + '/api/userID?username=fuzzy+user+01')
         .then(async res => {