Validate mxid format in web login

src/web/pug/log-in-with-matrix.pug

@@ -11,6 +11,6 @@ block body
           input(type="hidden" name="next" value=next)
         .d-flex.gy4.fd-column
           label.s-label(for="mxid") Your Matrix ID
-          input.fl-grow1.s-input.wmx3#mxid(name="mxid" required placeholder="@user:example.org")
+          input.fl-grow1.s-input.wmx3#mxid(name="mxid" required placeholder="@user:example.org" pattern="@([^:]+):([a-z0-9:\-]+\.[a-z0-9.:\-]+)")
         div
           button.s-btn.s-btn__github#log-in-button Continue with Matrix

src/web/routes/log-in-with-matrix.js

@@ -17,7 +17,7 @@ const auth = sync.require("../auth")
 
 const schema = {
 	form: z.object({
-		mxid: z.string(),
+		mxid: z.string().regex(/^@([^:]+):([a-z0-9:-]+\.[a-z0-9.:-]+)$/),
 		next: z.string().optional()
 	}),
 	token: z.object({

src/web/routes/log-in-with-matrix.test.js

@@ -16,6 +16,24 @@ test("log in with matrix: shows web page with form on first request", async t =>
 
 let token
 
+test("log in with matrix: checks if mxid format looks valid", async t => {
+	const [error] = await tryToCatch(() => router.test("post", "/api/log-in-with-matrix", {
+		body: {
+			mxid: "x@cadence:cadence.moe"
+		}
+	}))
+	t.equal(error.data.issues[0].validation, "regex")
+})
+
+test("log in with matrix: checks if mxid domain format looks valid", async t => {
+	const [error] = await tryToCatch(() => router.test("post", "/api/log-in-with-matrix", {
+		body: {
+			mxid: "@cadence:cadence."
+		}
+	}))
+	t.equal(error.data.issues[0].validation, "regex")
+})
+
 test("log in with matrix: sends message when there is no m.direct data", async t => {
 	const event = {}
 	let called = 0