--- a/pkg/controllers/types.go	Thu Aug 16 10:42:30 2018 +0200
+++ b/pkg/controllers/types.go	Thu Aug 16 13:14:46 2018 +0200
@@ -9,9 +9,10 @@
 )
 
 type (
-	Email   string
-	Country string
-	Role    string
+	Email    string
+	Country  string
+	Role     string
+	UserName string
 
 	BoundingBox struct {
 		X1 float64 `json:"x1"`
@@ -21,7 +22,7 @@
 	}
 
 	User struct {
-		User     string       `json:"user"`
+		User     UserName     `json:"user"`
 		Role     Role         `json:"role"`
 		Password string       `json:"password,omitempty"`
 		Email    Email        `json:"email"`
@@ -76,6 +77,37 @@
 	return
 }
 
+var errNoValidUser = errors.New("Not a valid user")
+
+func (u UserName) isValid() bool {
+	return !strings.ContainsAny(string(u), `\"':;`)
+}
+
+func (u *UserName) UnmarshalJSON(data []byte) error {
+	var s string
+	if err := json.Unmarshal(data, &s); err != nil {
+		return err
+	}
+	if !emailRe.MatchString(s) {
+		return errNoEmailAddress
+	}
+	user := UserName(s)
+	if !user.isValid() {
+		return errNoValidUser
+	}
+	*u = user
+	return nil
+}
+
+func (u *UserName) Scan(src interface{}) (err error) {
+	if s, ok := src.(string); ok {
+		*u = UserName(s)
+	} else {
+		err = errNoString
+	}
+	return
+}
+
 var (
 	validCountries = []string{
 		"AT", "BG", "DE", "HU", "HR",