protected agains bad room names

srcs/requirements/nestjs/api_back/src/chat/chat.controller.ts

@@ -10,10 +10,16 @@ import { setCurrentRoomDto } from './dto/setCurrentRoom.dto';
 
 @Controller('chat')
 export class ChatController {
+	
+	private allowed_chars: string;
 
 	constructor(
 		private chatService: ChatService,
-	) {}
+	)
+	{
+		this.allowed_chars = "#!?-_";
+	}
+
 
 	@UseGuards(AuthenticateGuard)
 	@UseGuards(TwoFactorGuard)
@@ -48,12 +54,27 @@ export class ChatController {
 		return res.status(HttpStatus.OK).json({ message: response });
 	}
 
+	@UseGuards(AuthenticateGuard)
+	@UseGuards(TwoFactorGuard)
+	@Get('allowedchars')
+	async allowedChars(@Res() res): Promise<object>
+	{
+		console.log("- in allowedChars controller");
+		console.log("- out allowedChars controller");
+		return res.status(HttpStatus.OK).json({ chars: this.allowed_chars });
+	}
+
 	@UseGuards(AuthenticateGuard)
 	@UseGuards(TwoFactorGuard)
 	@Post('create')
 	async createRoom(@Body() createRoomDto: createRoomDto, @Req() req, @Res() res): Promise<object>
 	{
 		console.log("- in createRoom controller");
+
+		let regex = new RegExp("^[a-zA-Z0-9\\s" + this.allowed_chars + "]+$/");
+		if (!regex.test(createRoomDto.room_name))
+			throw new HttpException(`Onlly special characters accepted in room name: ${this.allowed_chars}`, HttpStatus.UNPROCESSABLE_ENTITY);
+
 		const response = await this.chatService.addUserToNewRoom(req.user.username, createRoomDto);
 		console.log("- out createRoom controller");
 		return res.status(HttpStatus.OK).json({ room_name: createRoomDto.room_name, message: response });