From cd7c0f95460a061baa7688559aa89f73baf42ee4 Mon Sep 17 00:00:00 2001
From: Claas Augner <495429+caugner@users.noreply.github.com>
Date: Tue, 26 Mar 2024 17:06:58 +0100
Subject: [PATCH] fix(newsletter): validate email (#454)

Returns HTTP 400 if the provided email is not an email address.
---
 src/api/newsletter.rs | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/api/newsletter.rs b/src/api/newsletter.rs
index 4ca906fe..43d5bb83 100644
--- a/src/api/newsletter.rs
+++ b/src/api/newsletter.rs
@@ -6,6 +6,7 @@ use actix_web::{
 use basket::{Basket, SubscribeOpts, YesNo};
 use diesel::PgConnection;
 use serde::{Deserialize, Serialize};
+use validator::Validate;
 
 use crate::{
     api::error::ApiError,
@@ -31,8 +32,9 @@ struct Subscribed {
     pub subscribed: bool,
 }
 
-#[derive(Deserialize, Serialize)]
+#[derive(Deserialize, Serialize, Validate)]
 pub struct SubscriptionRequest {
+    #[validate(email(message = "must be an email address"))]
     pub email: String,
 }
 
@@ -53,6 +55,7 @@ pub async fn subscribe_anonymous_handler(
     basket: Data<Option<Basket>>,
     subscription_req: web::Json<SubscriptionRequest>,
 ) -> Result<HttpResponse, ApiError> {
+    subscription_req.validate()?;
     if let Some(basket) = &**basket {
         basket
             .subscribe(