diff options
author | Madeline <46743919+MaddyUnderStars@users.noreply.github.com> | 2022-12-19 22:03:08 +1100 |
---|---|---|
committer | Madeline <46743919+MaddyUnderStars@users.noreply.github.com> | 2022-12-19 22:04:52 +1100 |
commit | 9e36eff11d308a06667ed725746fbf0d11f9212d (patch) | |
tree | cc9bfcaf293bb76e67df07470e17a8a4a46c43ff | |
parent | Add register ratelimit (diff) | |
download | server-9e36eff11d308a06667ed725746fbf0d11f9212d.tar.xz |
Registration tokens
-rw-r--r-- | src/api/routes/auth/generate-registration-tokens.ts | 28 | ||||
-rw-r--r-- | src/api/routes/auth/register.ts | 20 | ||||
-rw-r--r-- | src/api/util/utility/RandomInviteID.ts | 6 | ||||
-rw-r--r-- | src/util/config/types/SecurityConfiguration.ts | 21 | ||||
-rw-r--r-- | src/util/entities/ValidRegistrationTokens.ts | 13 | ||||
-rw-r--r-- | src/util/entities/index.ts | 1 |
6 files changed, 77 insertions, 12 deletions
diff --git a/src/api/routes/auth/generate-registration-tokens.ts b/src/api/routes/auth/generate-registration-tokens.ts new file mode 100644 index 00000000..e328fe5e --- /dev/null +++ b/src/api/routes/auth/generate-registration-tokens.ts @@ -0,0 +1,28 @@ +import { route, random } from "@fosscord/api"; +import { Config, ValidRegistrationToken } from "@fosscord/util"; +import { Request, Response, Router } from "express"; + +const router: Router = Router(); +export default router; + +router.get("/", route({ right: "OPERATOR" }), async (req: Request, res: Response) => { + const count = req.query.count ? parseInt(req.query.count as string) : 1; + const length = req.query.length ? parseInt(req.query.length as string) : 255; + + let tokens: ValidRegistrationToken[] = []; + + for (let i = 0; i < count; i++) { + const token = ValidRegistrationToken.create({ + token: random(length), + expires_at: Date.now() + Config.get().security.defaultRegistrationTokenExpiration + }); + tokens.push(token); + } + + // Why are these options used, exactly? + await ValidRegistrationToken.save(tokens, { chunk: 1000, reload: false, transaction: false }); + + if (req.query.plain) return res.send(tokens.map(x => x.token).join("\n")); + + return res.json({ tokens: tokens.map(x => x.token) }); +}); \ No newline at end of file diff --git a/src/api/routes/auth/register.ts b/src/api/routes/auth/register.ts index eba86f77..6ca23158 100644 --- a/src/api/routes/auth/register.ts +++ b/src/api/routes/auth/register.ts @@ -7,6 +7,7 @@ import { User, adjustEmail, RegisterSchema, + ValidRegistrationToken, } from "@fosscord/util"; import { route, @@ -17,7 +18,7 @@ import { } from "@fosscord/api"; import bcrypt from "bcrypt"; import { HTTPError } from "lambert-server"; -import { MoreThan } from "typeorm"; +import { LessThan, MoreThan } from "typeorm"; const router: Router = Router(); @@ -199,7 +200,24 @@ router.post( }); } + // Reg tokens + // They're a one time use token that bypasses registration rate limiter + let regTokenUsed = false; + if (req.get("Referrer")?.includes("token=")) { // eg theyre on https://staging.fosscord.com/register?token=whatever + const token = req.get("Referrer")!.split("token=")[1].split("&")[0]; + if (token) { + const regToken = await ValidRegistrationToken.findOne({ where: { token, expires_at: MoreThan(new Date()), } }); + await ValidRegistrationToken.delete({ token }); + regTokenUsed = true; + console.log(`[REGISTER] Registration token ${token} used for registration!`); + } + else { + console.log(`[REGISTER] Invalid registration token ${token} used for registration by ${ip}!`); + } + } + if ( + !regTokenUsed && limits.absoluteRate.register.enabled && (await User.count({ where: { created_at: MoreThan(new Date(Date.now() - limits.absoluteRate.register.window)) } })) >= limits.absoluteRate.register.limit diff --git a/src/api/util/utility/RandomInviteID.ts b/src/api/util/utility/RandomInviteID.ts index bfed65bb..fa484bd5 100644 --- a/src/api/util/utility/RandomInviteID.ts +++ b/src/api/util/utility/RandomInviteID.ts @@ -1,4 +1,8 @@ import { Snowflake } from "@fosscord/util"; +import crypto from "crypto"; + +// TODO: 'random'? seriously? who named this? +// And why is this even here? Just use cryto.randomBytes? export function random(length = 6) { // Declare all characters @@ -8,7 +12,7 @@ export function random(length = 6) { // Pick characers randomly let str = ""; for (let i = 0; i < length; i++) { - str += chars.charAt(Math.floor(Math.random() * chars.length)); + str += chars.charAt(Math.floor(crypto.randomInt(chars.length))); } return str; diff --git a/src/util/config/types/SecurityConfiguration.ts b/src/util/config/types/SecurityConfiguration.ts index ca610216..0fa396c9 100644 --- a/src/util/config/types/SecurityConfiguration.ts +++ b/src/util/config/types/SecurityConfiguration.ts @@ -2,16 +2,17 @@ import crypto from "crypto"; import { CaptchaConfiguration, TwoFactorConfiguration } from "."; export class SecurityConfiguration { - captcha: CaptchaConfiguration = new CaptchaConfiguration(); - twoFactor: TwoFactorConfiguration = new TwoFactorConfiguration(); - autoUpdate: boolean | number = true; - requestSignature: string = crypto.randomBytes(32).toString("base64"); - jwtSecret: string = crypto.randomBytes(256).toString("base64"); - // header to get the real user ip address - // X-Forwarded-For for nginx/reverse proxies - // CF-Connecting-IP for cloudflare - forwadedFor: string | null = null; - ipdataApiKey: string | null = "eca677b284b3bac29eb72f5e496aa9047f26543605efe99ff2ce35c9"; + captcha: CaptchaConfiguration = new CaptchaConfiguration(); + twoFactor: TwoFactorConfiguration = new TwoFactorConfiguration(); + autoUpdate: boolean | number = true; + requestSignature: string = crypto.randomBytes(32).toString("base64"); + jwtSecret: string = crypto.randomBytes(256).toString("base64"); + // header to get the real user ip address + // X-Forwarded-For for nginx/reverse proxies + // CF-Connecting-IP for cloudflare + forwadedFor: string | null = null; + ipdataApiKey: string | null = "eca677b284b3bac29eb72f5e496aa9047f26543605efe99ff2ce35c9"; mfaBackupCodeCount: number = 10; statsWorldReadable: boolean = true; + defaultRegistrationTokenExpiration: number = 1000 * 60 * 60 * 24 * 7; //1 week } diff --git a/src/util/entities/ValidRegistrationTokens.ts b/src/util/entities/ValidRegistrationTokens.ts new file mode 100644 index 00000000..00839324 --- /dev/null +++ b/src/util/entities/ValidRegistrationTokens.ts @@ -0,0 +1,13 @@ +import { BaseEntity, Column, Entity, PrimaryColumn } from "typeorm"; + +@Entity("valid_registration_tokens") +export class ValidRegistrationToken extends BaseEntity { + @PrimaryColumn() + token: string; + + @Column() + created_at: Date = new Date(); + + @Column() + expires_at: Date; +} \ No newline at end of file diff --git a/src/util/entities/index.ts b/src/util/entities/index.ts index 7b24e21c..40260ba4 100644 --- a/src/util/entities/index.ts +++ b/src/util/entities/index.ts @@ -32,3 +32,4 @@ export * from "./ClientRelease"; export * from "./BackupCodes"; export * from "./Note"; export * from "./UserSettings"; +export * from "./ValidRegistrationTokens"; \ No newline at end of file |