closed registrations

This commit is contained in:
Evert Prants 2019-06-16 12:55:36 +03:00
parent 75de194f88
commit 306f77aafe
Signed by: evert
GPG Key ID: 1688DA83D222D0B5
2 changed files with 12 additions and 5 deletions

View File

@ -233,7 +233,7 @@ router.use((err, req, res, next) => {
res.status(404).jsonp({error: 404})
})
app.use('/user', user(dbPromise, values.oauth))
app.use('/user', user(dbPromise, values.oauth, values.registrations === true))
app.use('/api', router)
app.use('/file/track', express.static(path.resolve(values.directory)))

View File

@ -24,7 +24,7 @@ export function userMiddleware (req, res, next) {
next()
}
export function user (dbPromise, oauth) {
export function user (dbPromise, oauth, registrations) {
router.get('/info', userMiddleware, async (req, res) => {
res.jsonp(await userInfoPublic(await dbPromise, req.session.user))
})
@ -42,7 +42,7 @@ export function user (dbPromise, oauth) {
let code = req.query.code
let state = req.query.state
if (!code || !state) throw new Error('Something went wrong!')
if (!req.session.oauthState || req.session.oauthState !== state) throw new Error('Possible request forgery detected! Try again.')
if (!req.session || !req.session.oauthState || req.session.oauthState !== state) throw new Error('Possible request forgery detected! Try again.')
delete req.session.oauthState
@ -84,6 +84,8 @@ export function user (dbPromise, oauth) {
return res.redirect('/')
}
if (!registrations) throw new Error('Registrations are currently closed!')
// Create a new user and log in
let newU = await db.get('INSERT INTO User (username,email,image,created) VALUES (?,?,?,?)', userInfo.username, userInfo.email, userInfo.image, new Date())
await db.run('INSERT INTO OAuth (userId,remoteId,created) VALUES (?,?,?)', newU.id, userInfo.id, new Date())
@ -92,8 +94,13 @@ export function user (dbPromise, oauth) {
})
router.get('/login/oauth', async (req, res) => {
let state = req.session.oauthState || crypto.randomBytes(10).toString('hex')
req.session.oauthState = state
let state
if (req.session && req.session.oauthState) {
state = req.session.oauthState
} else {
req.session.oauthState = crypto.randomBytes(16).toString('hex')
}
return res.redirect(oauth2.getAuthorizeUrl({
'redirect_uri': oauth.redirectUri,
'scope': oauth.scope,