Checking what kind of token you receive probably helps before writing a validator
All checks were successful
Build & Publish to GHCR / build (push) Successful in 21s
All checks were successful
Build & Publish to GHCR / build (push) Successful in 21s
This commit is contained in:
parent
09ec45d6ef
commit
f0792a3d21
@ -2,28 +2,19 @@ from argon2 import PasswordHasher
|
||||
import re
|
||||
|
||||
def is_valid_platform(platform) -> bool:
|
||||
if platform not in ["ios","android","web"]:
|
||||
if platform not in ["android"]:
|
||||
return False
|
||||
return True
|
||||
|
||||
def is_valid_token(token: str) -> bool:
|
||||
"""
|
||||
Validate a push notification token.
|
||||
|
||||
Criteria:
|
||||
- Must be a string
|
||||
- Correct length (e.g., 140–200 chars)
|
||||
- Only safe characters (alphanumeric, dash, underscore)
|
||||
Validates the format ExponentPushToken[<22-letter-long-string>]
|
||||
"""
|
||||
if not isinstance(token, str):
|
||||
return False
|
||||
|
||||
if not (140 <= len(token) <= 200):
|
||||
pattern = r"^ExponentPushToken\[([A-Za-z]{22})\]$"
|
||||
if not re.match(pattern, token):
|
||||
return False
|
||||
|
||||
if not re.match(r'^[A-Za-z0-9\-_]+$', token):
|
||||
return False
|
||||
|
||||
|
||||
return True
|
||||
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user