torsten/yourpart3
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(user): enhance email handling with validation and normalization functions
All checks were successful
Deploy to production / deploy (push) Successful in 2m56s
Details

Browse Source 
- Introduced `looksLikePlausibleEmail` to validate email format, ensuring only plausible addresses are processed.
- Added `normalizeEmailCandidate` to standardize email input, returning null for invalid formats.
- Updated `decodeEncryptedBlob` to utilize normalization functions for both UTF-8 and hex formats, improving email decryption reliability.
- Adjusted `SettingsService` to ensure email is set after merging adult access state, maintaining data integrity.
This commit is contained in:
Torsten Schulz (local)
2026-04-02 08:07:25 +02:00
parent 3fb4fb92c6
commit 13534498fa
2 changed files with 30 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
backend/models/community/user.js
View File

@@ -8,6 +8,26 @@ function encodeEncryptedValueToBlob(value) {
return Buffer.from(encrypted, 'utf8');
}
/** Nur echte Adressen zurückgeben — verhindert Anzeige von Base64-/Key-artigem Müll bei fehlender Entschlüsselung. */
function looksLikePlausibleEmail(s) {
if (typeof s !== 'string') {
return false;
}
const t = s.trim();
if (!t || t.length > 254) {
return false;
}
return /^[^\s@]+@[^\s@]+\.[^\s@]{2,}$/i.test(t);
}
function normalizeEmailCandidate(s) {
if (!s || typeof s !== 'string') {
return null;
}
const t = s.trim();
return looksLikePlausibleEmail(t) ? t : null;
}
function decodeEncryptedBlob(value) {
if (!value) {
return null;
@@ -16,8 +36,9 @@ function decodeEncryptedBlob(value) {
try {
const encryptedUtf8 = value.toString('utf8');
const decryptedUtf8 = decrypt(encryptedUtf8);
if (decryptedUtf8) {
return decryptedUtf8;
const fromUtf8 = normalizeEmailCandidate(decryptedUtf8);
if (fromUtf8) {
return fromUtf8;
}
} catch (error) {
console.warn('Email utf8 decryption failed, trying legacy hex format:', error.message);
@@ -26,15 +47,16 @@ function decodeEncryptedBlob(value) {
try {
const encryptedHex = value.toString('hex');
const decryptedHex = decrypt(encryptedHex);
if (decryptedHex) {
return decryptedHex;
const fromHex = normalizeEmailCandidate(decryptedHex);
if (fromHex) {
return fromHex;
}
} catch (error) {
console.warn('Email legacy hex decryption failed:', error.message);
}
try {
return value.toString('utf8');
return normalizeEmailCandidate(value.toString('utf8'));
} catch (error) {
console.warn('Email could not be read as plain text:', error.message);
return null;