fix: 后端对用户名进行文件夹合法性校验

2025-09-08 19:30:28 +08:00
parent 706bb8584d
commit 41bb159542
3 changed files with 72 additions and 2 deletions
--- a/app/core/config.py
+++ b/app/core/config.py
@@ -194,7 +194,7 @@ class MaaUserConfig(ConfigBase):
    def __init__(self) -> None:
        super().__init__()

-        self.Info_Name = ConfigItem("Info", "Name", "新用户")
+        self.Info_Name = ConfigItem("Info", "Name", "新用户", UserNameValidator())
        self.Info_Id = ConfigItem("Info", "Id", "")
        self.Info_Mode = ConfigItem(
            "Info", "Mode", "简洁", OptionsValidator(["简洁", "详细"])
@@ -455,7 +455,7 @@ class GeneralUserConfig(ConfigBase):
    def __init__(self) -> None:
        super().__init__()

-        self.Info_Name = ConfigItem("Info", "Name", "新用户")
+        self.Info_Name = ConfigItem("Info", "Name", "新用户", UserNameValidator())
        self.Info_Status = ConfigItem("Info", "Status", True, BoolValidator())
        self.Info_RemainedDay = ConfigItem(
            "Info", "RemainedDay", -1, RangeValidator(-1, 9999)
--- a/app/models/ConfigBase.py
+++ b/app/models/ConfigBase.py
@@ -29,6 +29,7 @@ from typing import List, Any, Dict, Union, Optional


 from app.utils import dpapi_encrypt, dpapi_decrypt
+from app.utils.constants import RESERVED_NAMES, ILLEGAL_CHARS


 class ConfigValidator:
@@ -177,6 +178,46 @@ class FolderValidator(ConfigValidator):
        return Path(value).resolve().as_posix()


+class UserNameValidator(ConfigValidator):
+    """用户名验证器"""
+
+    def validate(self, value: Any) -> bool:
+        if not isinstance(value, str):
+            return False
+
+        if not value or not value.strip():
+            return False
+
+        if value != value.strip() or value != value.strip("."):
+            return False
+
+        if any(char in ILLEGAL_CHARS for char in value):
+            return False
+
+        if value.upper() in RESERVED_NAMES:
+            return False
+        if len(value) > 255:
+            return False
+
+        return True
+
+    def correct(self, value: Any) -> str:
+        if not isinstance(value, str):
+            value = "默认用户名"
+
+        value = value.strip().strip(".")
+
+        value = "".join(char for char in value if char not in ILLEGAL_CHARS)
+
+        if value.upper() in RESERVED_NAMES or not value:
+            value = "默认用户名"
+
+        if len(value) > 255:
+            value = value[:255]
+
+        return value
+
+
 class ConfigItem:
    """配置项"""

--- a/app/utils/constants.py
+++ b/app/utils/constants.py
@@ -226,3 +226,32 @@ MATERIALS_MAP = {
    "PR-D": "近卫/特种芯片",
 }
 """掉落物索引表"""
+
+RESERVED_NAMES = {
+    "CON",
+    "PRN",
+    "AUX",
+    "NUL",
+    "COM1",
+    "COM2",
+    "COM3",
+    "COM4",
+    "COM5",
+    "COM6",
+    "COM7",
+    "COM8",
+    "COM9",
+    "LPT1",
+    "LPT2",
+    "LPT3",
+    "LPT4",
+    "LPT5",
+    "LPT6",
+    "LPT7",
+    "LPT8",
+    "LPT9",
+}
+"""Windows保留名称列表"""
+
+ILLEGAL_CHARS = set('<>:"/\\|?*')
+"""文件名非法字符集合"""