From 184316c38eb761072310eea96563e63de7fe9537 Mon Sep 17 00:00:00 2001
From: Martii <martii@users.noreply.github.com>
Date: Fri, 16 Oct 2020 23:43:54 -0600
Subject: [PATCH] Limit username length

* This prevents some flooding
* Can tweak this a little bit but we'll see
* Checked with `db.users.find({$where:'this.name.length > 65'}).pretty();`
---
 controllers/auth.js | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/controllers/auth.js b/controllers/auth.js
index 90e407a01..d1059e14d 100644
--- a/controllers/auth.js
+++ b/controllers/auth.js
@@ -150,6 +150,11 @@ exports.auth = function (aReq, aRes, aNext) {
     return;
   }
 
+  if (username.length > 64) {
+    aRes.redirect('/login?toolong');
+    return;
+  }
+
   // Store the username in the session so we still have it when they
   // get back from authentication
   if (!aReq.session.username) {