Merge pull request mongo-express#339 from dozoisch/dash_in_db_name

Changed Database Name Validation Process
VISCHub · May 2, 2017 · ef516ee · ef516ee
2 parents 9a4163e + e2a7f0c
commit ef516ee
Show file tree

Hide file tree

Showing 5 changed files with 51 additions and 13 deletions.
diff --git a/lib/routes/database.js b/lib/routes/database.js
@@ -50,17 +50,8 @@ var routes = function () {
   exp.addDatabase = function (req, res) {
 
     var name = req.body.database;
-
-    if (name === undefined || name.length === 0) {
-      //TODO: handle error
-      console.error('That database name is invalid.');
-      req.session.error = 'That database name is invalid.';
-      return res.redirect('back');
-    }
-
-    //Database names must begin with a letter or underscore, and can contain only letters, underscores, numbers or dots
-    if (!name.match(/^[a-zA-Z_][a-zA-Z0-9._]*$/)) {
-      //TODO: handle error
+    if (!utils.isValidDatabaseName(name)) {
+      // TODO: handle error
       console.error('That database name is invalid.');
       req.session.error = 'That database name is invalid.';
       return res.redirect('back');

diff --git a/lib/scripts/index.js b/lib/scripts/index.js
@@ -2,7 +2,7 @@ import $ from 'jquery';
 
 $(document).ready(() => {
   $('#database').popover({
-    content: 'Database names must begin with a letter or underscore, and can contain only letters, numbers, underscores and dots.',
+    content: 'Database names cannot be empty, must have fewer than 64 characters and must not contain /. "$*<>:|?',
   });
 
   const $deleteButton = $('.deleteButton');

diff --git a/lib/utils.js b/lib/utils.js
@@ -105,3 +105,16 @@ exports.roughSizeOfObject = function (object) {
 exports.buildCollectionURL = function (base, dbName, collectionName) {
   return base + 'db/' + dbName + '/' + encodeURIComponent(collectionName);
 };
+
+exports.isValidDatabaseName = function (name) {
+  if (!name || name.length > 63) {
+    return false;
+  }
+
+  // https://docs.mongodb.com/manual/reference/limits/#naming-restrictions
+  if (name.match(/[/. "$*<>:|?]/)) {
+    return false;
+  }
+
+  return true;
+};
diff --git a/test/lib/filtersSpec.js b/test/lib/filtersSpec.js
@@ -3,7 +3,6 @@
 const expect = require('chai').expect;
 const filters = require('../../lib/filters');
 
-
 describe('filters', function () {
   describe('to_display', function () {
     it('should escape properly a string', () => {

diff --git a/test/lib/utilsSpec.js b/test/lib/utilsSpec.js
@@ -0,0 +1,35 @@
+'use strict';
+
+const expect = require('chai').expect;
+const utils = require('../../lib/utils');
+
+describe('utils', function () {
+  describe('isValidDatabaseName', function () {
+    it('should be valid', () => {
+      const validNames = [
+        'somedb_123123',
+        'somedb-123123',
+        'SOME_DB-1231',
+        'SOMEDB&1231',
+      ];
+      validNames.forEach((n) => {
+        expect(utils.isValidDatabaseName(n)).to.equal(true, `Expected "${n}" to be a valid name`);
+      });
+    });
+
+    it('should be invalid', () => {
+      const invalidNames = [
+        '',
+        'somedb 123123',
+        'SOME$DB1231',
+        'SOMEDB<1231',
+        'SOMEDB>1231',
+        '1234567890123456789012345678901234567890123456789012345678901234',
+        'SOMEDB"123',
+      ];
+      invalidNames.forEach((n) => {
+        expect(utils.isValidDatabaseName(n)).to.equal(false, `Expected "${n}" to be an invalid name`);
+      });
+    });
+  });
+});