diff --git a/admin/admin.go b/admin/admin.go
index e3fd616..df4da4e 100644
--- a/admin/admin.go
+++ b/admin/admin.go
@@ -16,6 +16,7 @@ import (
"net/http"
"os"
"path/filepath"
+ "regexp"
)
func apiGetTableList(next http.Handler, udb auth.UserStore) http.Handler {
@@ -80,6 +81,13 @@ func apiCreateTable(next http.Handler, udb auth.UserStore, dbAdapter mongodb.DbA
return
}
+ r := regexp.MustCompile("^[a-zA-Z0-9_]+$")
+ if !r.MatchString(tableKey.Name) || !r.MatchString(tableKey.Passcode) {
+ w.WriteHeader(422)
+ next.ServeHTTP(w, req)
+ return
+ }
+
// table name is primary key so w edon't need to check
err = dbAdapter.CreateTable(tableKey)
diff --git a/static/admin.js b/static/admin.js
index 56615ce..d5390c2 100644
--- a/static/admin.js
+++ b/static/admin.js
@@ -127,7 +127,9 @@ async function destroyTable() {
});
if (res.ok) {
conn.close(1000);
+ initializeMap("");
getTables();
+
} else {
setErr(await res.json());
}
diff --git a/static/index.html b/static/index.html
index b11660e..b86d8b5 100644
--- a/static/index.html
+++ b/static/index.html
@@ -24,11 +24,9 @@
-
-
- dice
+ dice