diff options
| author | Lobo Metalúrgico <43734867+LoboMetalurgico@users.noreply.github.com> | 2021-10-09 10:39:26 -0300 |
|---|---|---|
| committer | Lobo Metalúrgico <43734867+LoboMetalurgico@users.noreply.github.com> | 2021-10-09 10:39:26 -0300 |
| commit | 3a5c511f1b59b8f607e7b99cd1d3edb7d13a3100 (patch) | |
| tree | a1d007e766c2c48cbc5e45032c667a63821914ae /api | |
| parent | (api): fix route name (diff) | |
| parent | Merge branch 'master' of http://github.com/fosscord/fosscord-server (diff) | |
| download | server-3a5c511f1b59b8f607e7b99cd1d3edb7d13a3100.tar.xz | |
Merge remote-tracking branch 'upstream/master' into milestoneV1/routes/implement/emojis
Diffstat (limited to 'api')
| -rw-r--r-- | api/client_test/index.html | 2 | ||||
| -rw-r--r-- | api/src/routes/auth/register.ts | 15 | ||||
| -rw-r--r-- | api/src/routes/channels/#channel_id/typing.ts | 2 | ||||
| -rw-r--r-- | api/src/routes/users/@me/index.ts | 34 |
4 files changed, 41 insertions, 12 deletions
diff --git a/api/client_test/index.html b/api/client_test/index.html index fb2e0a2d..41d41598 100644 --- a/api/client_test/index.html +++ b/api/client_test/index.html @@ -47,7 +47,7 @@ // Auto register guest account: const token = JSON.parse(localStorage.getItem("token")); - if (!token) { + if (!token && location.pathname !== "/login" && location.pathname !== "/register") { fetch(`${window.GLOBAL_ENV.API_ENDPOINT}/auth/register`, { method: "POST", headers: { "content-type": "application/json" }, diff --git a/api/src/routes/auth/register.ts b/api/src/routes/auth/register.ts index 9f3b46f1..cd1bcb72 100644 --- a/api/src/routes/auth/register.ts +++ b/api/src/routes/auth/register.ts @@ -98,7 +98,6 @@ router.post("/", route({ body: "RegisterSchema" }), async (req: Request, res: Re } } - console.log("register", body.email, body.username, ip); // TODO: gift_code_sku_id? // TODO: check password strength @@ -154,18 +153,22 @@ router.post("/", route({ body: "RegisterSchema" }), async (req: Request, res: Re }); } + if (!body.invite && (register.requireInvite || (register.guestsRequireInvite && !register.email))) { + // require invite to register -> e.g. for organizations to send invites to their employees + throw FieldErrors({ + email: { code: "INVITE_ONLY", message: req.t("auth:register.INVITE_ONLY") } + }); + } + const user = await User.register({ ...body, req }); if (body.invite) { // await to fail if the invite doesn't exist (necessary for requireInvite to work properly) (username only signups are possible) await Invite.joinGuild(user.id, body.invite); - } else if (register.requireInvite) { - // require invite to register -> e.g. for organizations to send invites to their employees - throw FieldErrors({ - email: { code: "INVITE_ONLY", message: req.t("auth:register.INVITE_ONLY") } - }); } + console.log("register", body.email, body.username, ip); + return res.json({ token: await generateToken(user.id) }); }); diff --git a/api/src/routes/channels/#channel_id/typing.ts b/api/src/routes/channels/#channel_id/typing.ts index a9dcb315..45ed76db 100644 --- a/api/src/routes/channels/#channel_id/typing.ts +++ b/api/src/routes/channels/#channel_id/typing.ts @@ -9,7 +9,7 @@ router.post("/", route({ permission: "SEND_MESSAGES" }), async (req: Request, re const user_id = req.user_id; const timestamp = Date.now(); const channel = await Channel.findOneOrFail({ id: channel_id }); - const member = await Member.findOneOrFail({ where: { id: user_id }, relations: ["roles"] }); + const member = await Member.findOneOrFail({ where: { id: user_id }, relations: ["roles", "user"] }); await emitEvent({ event: "TYPING_START", diff --git a/api/src/routes/users/@me/index.ts b/api/src/routes/users/@me/index.ts index f6bb04d7..1959704a 100644 --- a/api/src/routes/users/@me/index.ts +++ b/api/src/routes/users/@me/index.ts @@ -1,6 +1,7 @@ import { Router, Request, Response } from "express"; -import { User, PrivateUserProjection, emitEvent, UserUpdateEvent, handleFile } from "@fosscord/util"; +import { User, PrivateUserProjection, emitEvent, UserUpdateEvent, handleFile, FieldErrors } from "@fosscord/util"; import { route } from "@fosscord/api"; +import bcrypt from "bcrypt"; const router: Router = Router(); @@ -32,10 +33,35 @@ router.patch("/", route({ body: "UserModifySchema" }), async (req: Request, res: if (body.avatar) body.avatar = await handleFile(`/avatars/${req.user_id}`, body.avatar as string); if (body.banner) body.banner = await handleFile(`/banners/${req.user_id}`, body.banner as string); - await new User({ ...body, id: req.user_id }).save(); + const user = await User.findOneOrFail({ where: { id: req.user_id }, select: [...PrivateUserProjection, "data"] }); + + if (body.password) { + if (user.data?.hash) { + const same_password = await bcrypt.compare(body.password, user.data.hash || ""); + if (!same_password) { + throw FieldErrors({ password: { message: req.t("auth:login.INVALID_PASSWORD"), code: "INVALID_PASSWORD" } }); + } + } else { + user.data.hash = await bcrypt.hash(body.password, 12); + } + } + + user.assign(body); + + if (body.new_password) { + if (!body.password && !user.email) { + throw FieldErrors({ + password: { code: "BASE_TYPE_REQUIRED", message: req.t("common:field.BASE_TYPE_REQUIRED") } + }); + } + user.data.hash = await bcrypt.hash(body.new_password, 12); + } + + await user.save(); + + // @ts-ignore + delete user.data; - //Need to reload user from db due to https://github.com/typeorm/typeorm/issues/3490 - const user = await User.findOneOrFail({ where: { id: req.user_id }, select: PrivateUserProjection }); // TODO: send update member list event in gateway await emitEvent({ event: "USER_UPDATE", |