fix: properly validate usernames

backend/src/main/java/io/papermc/hangar/config/hangar/UserConfig.java

@@ -1,6 +1,7 @@
 package io.papermc.hangar.config.hangar;
 
 import io.papermc.hangar.model.internal.api.responses.Validation;
+import io.papermc.hangar.util.PatternWrapper;
 import java.util.List;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.boot.context.properties.bind.DefaultValue;
@@ -10,7 +11,9 @@ public record UserConfig(
     @DefaultValue("100") int maxTaglineLen,
     @DefaultValue({"Hangar_Admin", "Hangar_Mod"}) List<String> staffRoles,
     @DefaultValue("30") int nameChangeInterval,
-    @DefaultValue("90") int nameChangeHistory
+    @DefaultValue("90") int nameChangeHistory,
+    @DefaultValue("20") int maxNameLen,
+    @DefaultValue("^[a-zA-Z0-9-_]{3,}$") PatternWrapper nameRegex
 ) {
 
     public Validation userTagline() {

backend/src/main/java/io/papermc/hangar/service/ValidationService.java

@@ -29,8 +29,15 @@ public class ValidationService {
         name = StringUtils.compact(name.toLowerCase(Locale.ROOT));
         if (BANNED_ROUTES.contains(name)) {
             return false;
+        } else if (name.length() < 3) {
+            return false;
+        } else if (name.length() > this.config.user.maxNameLen()) {
+            return false;
+        } else if (!this.config.user.nameRegex().test(name)) {
+            return false;
+        } else {
+            return true;
         }
-        return name.length() >= 3;
     }
 
     public @Nullable String isValidProjectName(String name) {

backend/src/main/resources/application.yml

@@ -145,6 +145,8 @@ hangar:
       - Hangar_Dev
     name-change-interval: 30
     name-change-history: 90
+    max-name-len: 20
+    name-regex: "^[a-zA-Z0-9-_]{3,}$"
 
   security:
     secure: false