From 78d59b295c2ce1a94dd469925bdd51fe48dc9ef7 Mon Sep 17 00:00:00 2001
From: voldemort <5692900+yell0wsuit@users.noreply.github.com>
Date: Wed, 23 Jul 2025 16:37:52 +0700
Subject: [PATCH] Add module docstring to user_info.py for improved
 documentation; implement username sanitization and enhance error logging for
 better debugging.

---
 routes/user_info.py | 22 ++++++++++++++++++----
 1 file changed, 18 insertions(+), 4 deletions(-)

diff --git a/routes/user_info.py b/routes/user_info.py
index bddd83e..898f487 100644
--- a/routes/user_info.py
+++ b/routes/user_info.py
@@ -1,7 +1,10 @@
-from flask import Blueprint, request, jsonify, session
+"""Module to handle the user info request."""
+
 import os
 import glob
 import logging
+import re
+from flask import Blueprint, request, jsonify, session
 from custom_functions.database.user_db import (
     fetch_api_key,
     fetch_styled_username,
@@ -11,19 +14,30 @@ from custom_functions.database.user_db import (
 user_info_bp = Blueprint("user_info_bp", __name__)
 
 
+def sanitize_username(username):
+    """Sanitize the username."""
+    return re.sub(r"[^a-zA-Z0-9_\-]", "_", username).lower()
+
+
 @user_info_bp.route("/userinfo", methods=["POST"])
 def user_info():
+    """Handle the user info request."""
     username = session.get("username")
     if not username:
         try:
             headers = request.headers
             api_key = headers["Api-Key"]
             username = fetch_username_by_api_key(api_key)
-        except:
+        except Exception as e:
+            logging.exception("Error retrieving username by API key, %s", {e})
             return jsonify({"message": "False"}), 400
 
+    safe_username = sanitize_username(username)
+
     try:
-        base_path = os.path.join(os.getcwd(), "configs", "CDMs", username.lower())
+        base_path = os.path.join(
+            os.getcwd(), "configs", "CDMs", "users_uploaded", safe_username
+        )
         pr_files = [
             os.path.basename(f)
             for f in glob.glob(os.path.join(base_path, "PR", "*.prd"))
@@ -43,5 +57,5 @@ def user_info():
             }
         )
     except Exception as e:
-        logging.exception("Error retrieving device files")
+        logging.exception("Error retrieving device files, %s", {e})
         return jsonify({"message": "False"}), 500