closed registrations

This commit is contained in:
Evert Prants 2019-06-16 12:55:36 +03:00
parent 75de194f88
commit 306f77aafe
Signed by: evert
GPG Key ID: 1688DA83D222D0B5
2 changed files with 12 additions and 5 deletions

View File

@ -233,7 +233,7 @@ router.use((err, req, res, next) => {
res.status(404).jsonp({error: 404}) res.status(404).jsonp({error: 404})
}) })
app.use('/user', user(dbPromise, values.oauth)) app.use('/user', user(dbPromise, values.oauth, values.registrations === true))
app.use('/api', router) app.use('/api', router)
app.use('/file/track', express.static(path.resolve(values.directory))) app.use('/file/track', express.static(path.resolve(values.directory)))

View File

@ -24,7 +24,7 @@ export function userMiddleware (req, res, next) {
next() next()
} }
export function user (dbPromise, oauth) { export function user (dbPromise, oauth, registrations) {
router.get('/info', userMiddleware, async (req, res) => { router.get('/info', userMiddleware, async (req, res) => {
res.jsonp(await userInfoPublic(await dbPromise, req.session.user)) res.jsonp(await userInfoPublic(await dbPromise, req.session.user))
}) })
@ -42,7 +42,7 @@ export function user (dbPromise, oauth) {
let code = req.query.code let code = req.query.code
let state = req.query.state let state = req.query.state
if (!code || !state) throw new Error('Something went wrong!') if (!code || !state) throw new Error('Something went wrong!')
if (!req.session.oauthState || req.session.oauthState !== state) throw new Error('Possible request forgery detected! Try again.') if (!req.session || !req.session.oauthState || req.session.oauthState !== state) throw new Error('Possible request forgery detected! Try again.')
delete req.session.oauthState delete req.session.oauthState
@ -84,6 +84,8 @@ export function user (dbPromise, oauth) {
return res.redirect('/') return res.redirect('/')
} }
if (!registrations) throw new Error('Registrations are currently closed!')
// Create a new user and log in // Create a new user and log in
let newU = await db.get('INSERT INTO User (username,email,image,created) VALUES (?,?,?,?)', userInfo.username, userInfo.email, userInfo.image, new Date()) let newU = await db.get('INSERT INTO User (username,email,image,created) VALUES (?,?,?,?)', userInfo.username, userInfo.email, userInfo.image, new Date())
await db.run('INSERT INTO OAuth (userId,remoteId,created) VALUES (?,?,?)', newU.id, userInfo.id, new Date()) await db.run('INSERT INTO OAuth (userId,remoteId,created) VALUES (?,?,?)', newU.id, userInfo.id, new Date())
@ -92,8 +94,13 @@ export function user (dbPromise, oauth) {
}) })
router.get('/login/oauth', async (req, res) => { router.get('/login/oauth', async (req, res) => {
let state = req.session.oauthState || crypto.randomBytes(10).toString('hex') let state
req.session.oauthState = state if (req.session && req.session.oauthState) {
state = req.session.oauthState
} else {
req.session.oauthState = crypto.randomBytes(16).toString('hex')
}
return res.redirect(oauth2.getAuthorizeUrl({ return res.redirect(oauth2.getAuthorizeUrl({
'redirect_uri': oauth.redirectUri, 'redirect_uri': oauth.redirectUri,
'scope': oauth.scope, 'scope': oauth.scope,