fix: implement strict regex validation (no pure numbers, no special chars) on both frontend user creation form and backend auth service
This commit is contained in:
@ -205,6 +205,16 @@ class AuthService:
|
|||||||
if not cn_name or not pinyin_base:
|
if not cn_name or not pinyin_base:
|
||||||
raise Exception("姓名和账号不能为空")
|
raise Exception("姓名和账号不能为空")
|
||||||
|
|
||||||
|
# 后端兜底正则校验:允许中英数,禁止纯数字,无特殊字符
|
||||||
|
import re
|
||||||
|
name_pattern = re.compile(r'^(?!\d+$)[a-zA-Z0-9\u4e00-\u9fa5]+$')
|
||||||
|
|
||||||
|
if not name_pattern.match(cn_name):
|
||||||
|
raise Exception("姓名格式错误:仅支持中英文和数字,不能为纯数字,且不支持特殊字符")
|
||||||
|
|
||||||
|
if not name_pattern.match(pinyin_base):
|
||||||
|
raise Exception("账号格式错误:仅支持中英文和数字,不能为纯数字,且不支持特殊字符")
|
||||||
|
|
||||||
role_raw = data.get('role')
|
role_raw = data.get('role')
|
||||||
role = role_raw.upper() if role_raw else None
|
role = role_raw.upper() if role_raw else None
|
||||||
|
|
||||||
@ -220,7 +230,7 @@ class AuthService:
|
|||||||
if operator_role_upper == UserRole.SUPERVISOR and role == UserRole.SUPER_ADMIN:
|
if operator_role_upper == UserRole.SUPERVISOR and role == UserRole.SUPER_ADMIN:
|
||||||
raise Exception("权限不足:主管无法创建超级管理员")
|
raise Exception("权限不足:主管无法创建超级管理员")
|
||||||
|
|
||||||
email = data.get('email', '')
|
email = data.get('email', '') or None # 空字符串转 None,避免 unique 冲突
|
||||||
if email and SysUser.query.filter_by(email=email).first():
|
if email and SysUser.query.filter_by(email=email).first():
|
||||||
raise Exception("邮箱已被使用")
|
raise Exception("邮箱已被使用")
|
||||||
|
|
||||||
|
|||||||
@ -302,10 +302,30 @@ const roleOptions = computed(() => {
|
|||||||
return options
|
return options
|
||||||
})
|
})
|
||||||
|
|
||||||
|
// 自定义校验:仅支持中英文、数字,禁止纯数字,禁止特殊字符
|
||||||
|
const validateNameStrict = (rule: any, value: string, callback: any) => {
|
||||||
|
if (!value) {
|
||||||
|
callback(new Error('该字段不能为空'));
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
const reg = /^(?!\d+$)[a-zA-Z0-9\u4e00-\u9fa5]+$/;
|
||||||
|
if (!reg.test(value)) {
|
||||||
|
callback(new Error('仅支持中英文和数字,不能为纯数字,且不支持特殊字符'));
|
||||||
|
} else {
|
||||||
|
callback();
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
const rules = computed(() => {
|
const rules = computed(() => {
|
||||||
const commonRules: any = {
|
const commonRules: any = {
|
||||||
cn_name: [{ required: true, message: '请输入真实姓名', trigger: 'blur' }],
|
cn_name: [
|
||||||
username: [{ required: true, message: '账号不能为空', trigger: 'blur' }],
|
{ required: true, message: '请输入真实姓名', trigger: 'blur' },
|
||||||
|
{ validator: validateNameStrict, trigger: 'blur' }
|
||||||
|
],
|
||||||
|
username: [
|
||||||
|
{ required: true, message: '账号不能为空', trigger: 'blur' },
|
||||||
|
{ validator: validateNameStrict, trigger: 'blur' }
|
||||||
|
],
|
||||||
role: [{ required: true, message: '请选择角色', trigger: 'change' }],
|
role: [{ required: true, message: '请选择角色', trigger: 'change' }],
|
||||||
department: [{ required: true, message: '请输入或选择部门', trigger: ['blur', 'change'] }],
|
department: [{ required: true, message: '请输入或选择部门', trigger: ['blur', 'change'] }],
|
||||||
email: [
|
email: [
|
||||||
|
|||||||
Reference in New Issue
Block a user