Disable third-party registrations

This commit is contained in:
Evert Prants 2019-08-08 15:33:58 +03:00
parent 47cfde3475
commit a7289af257
Signed by: evert
GPG Key ID: 1688DA83D222D0B5
5 changed files with 58 additions and 42 deletions

View File

@ -43,21 +43,25 @@
[redis] [redis]
port=6379 port=6379
[external]
# Set to true if you allow registrations from the following services
registrations=false
# Uncomment if you want to be using Twitter authentication # Uncomment if you want to be using Twitter authentication
[twitter] [external.twitter]
# api="" # api=""
# api_secret="" # api_secret=""
# Uncomment if you want to be using Facebook authentication # Uncomment if you want to be using Facebook authentication
[facebook] [external.facebook]
# client="" # client=""
# Uncomment if you want to be using Discord authentication # Uncomment if you want to be using Discord authentication
[discord] [external.discord]
# api="" # api=""
# api_secret="" # api_secret=""
[google] [external.google]
# api="" # api=""
# api_secret="" # api_secret=""

View File

@ -56,6 +56,7 @@ const API = {
}, },
// Create a new user // Create a new user
newUser: async (service, identifier, data) => { newUser: async (service, identifier, data) => {
if (config.external.registrations !== true) throw new Error('Registrations from third-party websites are not allowed.')
let udataLimited = Object.assign({ let udataLimited = Object.assign({
activated: 1, activated: 1,
created_at: new Date(), created_at: new Date(),
@ -239,8 +240,8 @@ const API = {
twitterApp = new oauth.PromiseOAuth( twitterApp = new oauth.PromiseOAuth(
'https://api.twitter.com/oauth/request_token', 'https://api.twitter.com/oauth/request_token',
'https://api.twitter.com/oauth/access_token', 'https://api.twitter.com/oauth/access_token',
config.twitter.api, config.external.twitter.api,
config.twitter.api_secret, config.external.twitter.api_secret,
'1.0A', '1.0A',
redirectUri, redirectUri,
'HMAC-SHA1' 'HMAC-SHA1'
@ -360,8 +361,8 @@ const API = {
oauth2App: function () { oauth2App: function () {
if (discordApp) return if (discordApp) return
discordApp = new oauth.PromiseOAuth2( discordApp = new oauth.PromiseOAuth2(
config.discord.api, config.external.discord.api,
config.discord.api_secret, config.external.discord.api_secret,
'https://discordapp.com/api/', 'https://discordapp.com/api/',
'oauth2/authorize', 'oauth2/authorize',
'oauth2/token' 'oauth2/token'
@ -375,7 +376,7 @@ const API = {
let redirectUri = config.server.domain + '/api/external/discord/callback' let redirectUri = config.server.domain + '/api/external/discord/callback'
const params = { const params = {
'client_id': config.discord.api, 'client_id': config.external.discord.api,
'redirect_uri': redirectUri, 'redirect_uri': redirectUri,
'scope': 'identify email', 'scope': 'identify email',
'response_type': 'code', 'response_type': 'code',

View File

@ -102,25 +102,35 @@ router.get('/', (req, res) => {
}) })
// Add social media login buttons // Add social media login buttons
function extraButtons (req, res, next) { function extraButtons (recheck) {
if (config.twitter && config.twitter.api) { let et = config.external
res.locals.twitter_auth = true return function (req, res, next) {
if (!et) return next()
res.locals.auth = {
registrations: et.registrations
} }
if (config.discord && config.discord.api) { if (recheck && et.registrations !== true) return next()
res.locals.discord_auth = true
if (et.twitter && et.twitter.api) {
res.locals.auth.twitter = true
} }
if (config.facebook && config.facebook.client) { if (et.discord && et.discord.api) {
res.locals.facebook_auth = config.facebook.client res.locals.auth.discord = true
} }
if (config.google && config.google.api) { if (et.facebook && et.facebook.client) {
res.locals.google_auth = config.google.api res.locals.auth.facebook = et.facebook.client
}
if (et.google && et.google.api) {
res.locals.auth.google = et.google.api
} }
next() next()
} }
}
// Retrieve form data if formError was called // Retrieve form data if formError was called
function formKeep (req, res, next) { function formKeep (req, res, next) {
@ -136,7 +146,7 @@ function formKeep (req, res, next) {
} }
// Password reset request endpoint // Password reset request endpoint
router.get('/login/reset', extraButtons, (req, res) => { router.get('/login/reset', extraButtons(false), (req, res) => {
if (req.session.user) return redirectLogin(req, res) if (req.session.user) return redirectLogin(req, res)
res.render('user/reset_password', {sent: req.query.success != null}) res.render('user/reset_password', {sent: req.query.success != null})
@ -157,7 +167,7 @@ router.get('/reset/:token', wrap(async (req, res) => {
res.render('user/password_new', {token: true}) res.render('user/password_new', {token: true})
})) }))
router.get('/login', extraButtons, (req, res) => { router.get('/login', extraButtons(false), (req, res) => {
if (req.session.user) return redirectLogin(req, res) if (req.session.user) return redirectLogin(req, res)
if (req.query.returnTo) { if (req.query.returnTo) {
@ -167,7 +177,7 @@ router.get('/login', extraButtons, (req, res) => {
res.render('user/login') res.render('user/login')
}) })
router.get('/register', extraButtons, formKeep, (req, res) => { router.get('/register', extraButtons(true), formKeep, (req, res) => {
if (req.session.user) return redirectLogin(req, res) if (req.session.user) return redirectLogin(req, res)
if (config.security.recaptcha && config.security.recaptcha.site_key) { if (config.security.recaptcha && config.security.recaptcha.site_key) {

View File

@ -1,5 +1,5 @@
.external-login .external-login
if facebook_auth if auth.facebook
div#fb-root div#fb-root
script. script.
window.fbAsyncInit = function() { window.fbAsyncInit = function() {
@ -20,7 +20,7 @@
fjs.parentNode.insertBefore(js, fjs); fjs.parentNode.insertBefore(js, fjs);
}(document, 'script', 'facebook-jssdk')); }(document, 'script', 'facebook-jssdk'));
fb:login-button(scope="public_profile,email", onlogin="checkLoginState();" data-max-rows="1", data-size="large", data-button-type="login_with", data-show-faces="false", data-auto-logout-link="false", data-use-continue-as="false") fb:login-button(scope="public_profile,email", onlogin="checkLoginState();" data-max-rows="1", data-size="large", data-button-type="login_with", data-show-faces="false", data-auto-logout-link="false", data-use-continue-as="false")
if google_auth if auth.google
script(src="https://apis.google.com/js/api:client.js") script(src="https://apis.google.com/js/api:client.js")
a.login-btn.google-login.float-lg-right a.login-btn.google-login.float-lg-right
i.fa.fa-fw.fa-google i.fa.fa-fw.fa-google
@ -59,11 +59,11 @@
} }
startApp() startApp()
if twitter_auth if auth.twitter
a.login-btn.twitter-login.login-dialog-pop.float-lg-right(href="/api/external/twitter/login") a.login-btn.twitter-login.login-dialog-pop.float-lg-right(href="/api/external/twitter/login")
i.fa.fa-fw.fa-twitter i.fa.fa-fw.fa-twitter
span Log in With Twitter span Log in With Twitter
if discord_auth if auth.discord
a.login-btn.discord-login.login-dialog-pop.float-lg-right(href="/api/external/discord/login") a.login-btn.discord-login.login-dialog-pop.float-lg-right(href="/api/external/discord/login")
img(src="/static/image/discord.svg") img(src="/static/image/discord.svg")
span Log in With Discord span Log in With Discord

View File

@ -26,5 +26,6 @@ block body
a(href="/register") Create an account a(href="/register") Create an account
| · | ·
a(href="/login/reset") Forgot password? a(href="/login/reset") Forgot password?
if auth
aside.col-sm-4 aside.col-sm-4
include ../includes/external.pug include ../includes/external.pug