Require user to be UUID

Cargo.lock

@@ -862,6 +862,7 @@ dependencies = [
  "serde_json",
  "sha2",
  "tokio",
+ "uuid",
 ]
 
 [[package]]
@@ -1073,6 +1074,12 @@ version = "0.2.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "06abde3611657adf66d383f00b093d7faecc7fa57071cce2578660c9f1010821"
 
+[[package]]
+name = "uuid"
+version = "1.10.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "81dfa00651efa65069b0b6b651f4aaa31ba9e3c3ce0137aaad053604ee7e0314"
+
 [[package]]
 name = "version_check"
 version = "0.9.5"

Cargo.toml

@@ -16,3 +16,4 @@ serde = { version = "1", features = ["derive"] }
 serde_json = "1"
 sha2 = "0.10.8"
 tokio = { version = "1", features = ["full"] }
+uuid = "1.10.0"

src/main.rs

@@ -11,6 +11,7 @@ use jsonwebtoken::{
 use serde::{Deserialize, Serialize};
 use sha2::Sha256;
 use tokio::{fs, net::TcpListener};
+use uuid::Uuid;
 
 #[derive(Debug, Serialize, Deserialize)]
 struct AuthenticationClaims {
@@ -140,7 +141,7 @@ async fn validation_handler(
         Ok(token) => token.claims,
         Err(_) => return StatusCode::FORBIDDEN,
     };
-    if claims.sub == payload.user {
+    if claims.sub == payload.user && Uuid::try_parse(&payload.user).is_ok() {
         StatusCode::OK
     } else {
         StatusCode::FORBIDDEN