From 8dbdb58327e04b247c3fd782fda041ed0fecf1ab Mon Sep 17 00:00:00 2001
From: Asai Neko <sugar@sne.moe>
Date: Fri, 2 Jan 2026 16:56:26 +0800
Subject: [PATCH] Add bio base64 verification

Signed-off-by: Asai Neko <sugar@sne.moe>
---
 internal/cryptography/base64.go | 20 ++++++++++++++++++++
 service/user/update.go          |  8 ++++++++
 2 files changed, 28 insertions(+)
 create mode 100644 internal/cryptography/base64.go

diff --git a/internal/cryptography/base64.go b/internal/cryptography/base64.go
new file mode 100644
index 0000000..60bac3c
--- /dev/null
+++ b/internal/cryptography/base64.go
@@ -0,0 +1,20 @@
+package cryptography
+
+import (
+	"encoding/base64"
+	"strings"
+)
+
+func IsBase64Std(s string) bool {
+	if s == "" {
+		return false
+	}
+
+	s = strings.TrimSpace(s)
+	if len(s)%4 != 0 {
+		return false
+	}
+
+	_, err := base64.StdEncoding.Strict().DecodeString(s)
+	return err == nil
+}
diff --git a/service/user/update.go b/service/user/update.go
index ca842f0..5a37b6b 100644
--- a/service/user/update.go
+++ b/service/user/update.go
@@ -2,6 +2,7 @@ package user
 
 import (
 	"nixcn-cms/data"
+	"nixcn-cms/internal/cryptography"
 
 	"github.com/gin-gonic/gin"
 	"github.com/google/uuid"
@@ -37,6 +38,13 @@ func Update(c *gin.Context) {
 	user.Nickname = ReqInfo.Nickname
 	user.Subtitle = ReqInfo.Subtitle
 
+	if ReqInfo.Bio != "" {
+		if !cryptography.IsBase64Std(ReqInfo.Bio) {
+			c.JSON(400, gin.H{"status": "invalid base64"})
+		}
+	}
+	user.Bio = ReqInfo.Bio
+
 	// Update user info
 	user.UpdateByUserID(userId)