feat: added custom validation for loginId/userId when tried to auto l…

[Gopal-001]

**My PR closes #716 **

👨‍💻 Changes proposed(What did you do ?)

• Added validateUserID for both client and server for validating the loginId.
• In client added check in AuthContext to prevent illegal usage or local storage auth.
• the validateUserID function in client checks weather
  • the id stored in local storage is for type email or anonymous login and validated the id based on respective patterns
  • if type is email than we generated a hex id which is a (in our case) 24 char long string consisting of only [a-f0-9]
  • if type anonymous than id should be valid 12 char long string with characters of only [a-z0-9].
• in validateUserID server function added it as a module export which will verify the case
  • where email and id is being given to add a user (i.e when an anonymous user tries to add profile),
  • if only email (i.e id is undefined in case of email login add new user) no change required.

Client function

export const validateUserID = (userID, userType) => {
  const userIDPattern = /^[a-z0-9]{12}$/;
  const userHexIdPattern = /^[a-f0-9]{24}$/;
  
  if (userType === 'email') {
    // user id validation for hex pattern of email login
    return userHexIdPattern.test(userID);
  } else {
    // user id validation for anonymous login
    return userIDPattern.test(userID);
  }
};

Server function

const validateUserID = (req, res, next) => {
  const {id} = req.body;
  const userIDPattern = /^[a-z0-9]{12}$/;

  if(id !== undefined && (typeof id !== 'string' || !userIDPattern.test(id))){
    //if id of type string is coming it'll be via the anonymous validation
    return res.status(NOT_ACCEPTABLE).json({
      message: 'Invalid login Id.'
    });
  }else{
    // if id is not there or the id is valid move ahead
    next();
  }
}

✔️ Check List (Check all the applicable boxes)

• My code follows the code style of this project.
• This PR does not contain plagiarized content.
• The title and description of the PR is clear and explains the approach.

Note to reviewers

Yes regarding the userId type I've checked the id generated by the function crypto.randomBytes(12).toString('hex'); was of 24 char and the regex as mentioned above, that's why needed to add extra regex check for the hex id pattern.

📷 Screenshots

NA

[vercel]

Someone is attempting to deploy a commit to the dunsin's projects Team on Vercel.

A member of the Team first needs to authorize it.

[Dun-sin]

You did great @Gopal-001, thanks for contributing, I hope you will stick around and continue to contribute to this project.

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
whisper-b2p2	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Nov 29, 2024 0:05am

[Gopal-001]

You did great @Gopal-001, thanks for contributing, I hope you will stick around and continue to contribute to this project.

Thank you so much @Dun-sin ! It’s been a pleasure contributing, and I look forward to learning and adding more value to the project. 😊