From b530de8f52429b10d7cee257df4e9fe131c6b1df Mon Sep 17 00:00:00 2001
From: SauceyRed <saucey@saucey.red>
Date: Sat, 3 May 2025 02:20:37 +0200
Subject: [PATCH 1/3] fix: username regex

---
 src/api/v1/auth/mod.rs | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/api/v1/auth/mod.rs b/src/api/v1/auth/mod.rs
index ff74c6b..64dd5f6 100644
--- a/src/api/v1/auth/mod.rs
+++ b/src/api/v1/auth/mod.rs
@@ -19,8 +19,7 @@ static EMAIL_REGEX: LazyLock<Regex> = LazyLock::new(|| {
     Regex::new(r"[-A-Za-z0-9!#$%&'*+/=?^_`{|}~]+(?:\.[-A-Za-z0-9!#$%&'*+/=?^_`{|}~]+)*@(?:[A-Za-z0-9](?:[-A-Za-z0-9]*[A-Za-z0-9])?\.)+[A-Za-z0-9](?:[-A-Za-z0-9]*[A-Za-z0-9])?").unwrap()
 });
 
-// FIXME: This regex doesnt seem to be working
-static USERNAME_REGEX: LazyLock<Regex> = LazyLock::new(|| Regex::new(r"[a-zA-Z0-9.-_]").unwrap());
+static USERNAME_REGEX: LazyLock<Regex> = LazyLock::new(|| Regex::new(r"^[\w.-]+$").unwrap());
 
 // Password is expected to be hashed using SHA3-384
 static PASSWORD_REGEX: LazyLock<Regex> = LazyLock::new(|| Regex::new(r"[0-9a-f]{96}").unwrap());
-- 
2.47.2


From e29940d080cf1ea9b97558cd0fc60c7ae28ca4bc Mon Sep 17 00:00:00 2001
From: SauceyRed <saucey@saucey.red>
Date: Sat, 3 May 2025 03:04:07 +0200
Subject: [PATCH 2/3] feat: only allow lowercase usernames

---
 src/api/v1/auth/mod.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/api/v1/auth/mod.rs b/src/api/v1/auth/mod.rs
index 64dd5f6..a9ee803 100644
--- a/src/api/v1/auth/mod.rs
+++ b/src/api/v1/auth/mod.rs
@@ -19,7 +19,7 @@ static EMAIL_REGEX: LazyLock<Regex> = LazyLock::new(|| {
     Regex::new(r"[-A-Za-z0-9!#$%&'*+/=?^_`{|}~]+(?:\.[-A-Za-z0-9!#$%&'*+/=?^_`{|}~]+)*@(?:[A-Za-z0-9](?:[-A-Za-z0-9]*[A-Za-z0-9])?\.)+[A-Za-z0-9](?:[-A-Za-z0-9]*[A-Za-z0-9])?").unwrap()
 });
 
-static USERNAME_REGEX: LazyLock<Regex> = LazyLock::new(|| Regex::new(r"^[\w.-]+$").unwrap());
+static USERNAME_REGEX: LazyLock<Regex> = LazyLock::new(|| Regex::new(r"^[a-z_.-]+$").unwrap());
 
 // Password is expected to be hashed using SHA3-384
 static PASSWORD_REGEX: LazyLock<Regex> = LazyLock::new(|| Regex::new(r"[0-9a-f]{96}").unwrap());
-- 
2.47.2


From ab5c85c4f565dfd4edf0f2339c0bef7f4d3acbba Mon Sep 17 00:00:00 2001
From: SauceyRed <saucey@saucey.red>
Date: Sun, 4 May 2025 23:25:48 +0200
Subject: [PATCH 3/3] fix: add numbers to username regex

---
 src/api/v1/auth/mod.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/api/v1/auth/mod.rs b/src/api/v1/auth/mod.rs
index a9ee803..69f3fe3 100644
--- a/src/api/v1/auth/mod.rs
+++ b/src/api/v1/auth/mod.rs
@@ -19,7 +19,7 @@ static EMAIL_REGEX: LazyLock<Regex> = LazyLock::new(|| {
     Regex::new(r"[-A-Za-z0-9!#$%&'*+/=?^_`{|}~]+(?:\.[-A-Za-z0-9!#$%&'*+/=?^_`{|}~]+)*@(?:[A-Za-z0-9](?:[-A-Za-z0-9]*[A-Za-z0-9])?\.)+[A-Za-z0-9](?:[-A-Za-z0-9]*[A-Za-z0-9])?").unwrap()
 });
 
-static USERNAME_REGEX: LazyLock<Regex> = LazyLock::new(|| Regex::new(r"^[a-z_.-]+$").unwrap());
+static USERNAME_REGEX: LazyLock<Regex> = LazyLock::new(|| Regex::new(r"^[a-z0-9_.-]+$").unwrap());
 
 // Password is expected to be hashed using SHA3-384
 static PASSWORD_REGEX: LazyLock<Regex> = LazyLock::new(|| Regex::new(r"[0-9a-f]{96}").unwrap());
-- 
2.47.2