diff options
author | Madeline <46743919+MaddyUnderStars@users.noreply.github.com> | 2022-08-25 00:44:13 +1000 |
---|---|---|
committer | Madeline <46743919+MaddyUnderStars@users.noreply.github.com> | 2022-08-25 00:44:13 +1000 |
commit | 314a4787ce55a091cb89ef4281d7ba09e8323fa4 (patch) | |
tree | d77142c009e9c6d45390a8fe01c9aee966d7a4cc /src/api/routes/auth | |
parent | Merge remote-tracking branch 'upstream/staging' into feat/captchaVerify (diff) | |
parent | case insensitive header for rate limits, fix rate limit default settings (diff) | |
download | server-314a4787ce55a091cb89ef4281d7ba09e8323fa4.tar.xz |
Merge remote-tracking branch 'upstream/staging' into feat/captchaVerify
Diffstat (limited to 'src/api/routes/auth')
-rw-r--r-- | src/api/routes/auth/location-metadata.ts | 15 | ||||
-rw-r--r-- | src/api/routes/auth/login.ts | 16 | ||||
-rw-r--r-- | src/api/routes/auth/mfa/totp.ts | 22 | ||||
-rw-r--r-- | src/api/routes/auth/register.ts | 9 |
4 files changed, 35 insertions, 27 deletions
diff --git a/src/api/routes/auth/location-metadata.ts b/src/api/routes/auth/location-metadata.ts index f4c2bd16..b8caf579 100644 --- a/src/api/routes/auth/location-metadata.ts +++ b/src/api/routes/auth/location-metadata.ts @@ -1,13 +1,12 @@ -import { Router, Request, Response } from "express"; -import { route } from "@fosscord/api"; -import { getIpAdress, IPAnalysis } from "@fosscord/api"; +import { getIpAdress, IPAnalysis, route } from "@fosscord/api"; +import { Request, Response, Router } from "express"; const router = Router(); -router.get("/",route({}), async (req: Request, res: Response) => { - //TODO - //Note: It's most likely related to legal. At the moment Discord hasn't finished this too - const country_code = (await IPAnalysis(getIpAdress(req))).country_code; - res.json({ consent_required: false, country_code: country_code, promotional_email_opt_in: { required: true, pre_checked: false}}); +router.get("/", route({}), async (req: Request, res: Response) => { + //TODO + //Note: It's most likely related to legal. At the moment Discord hasn't finished this too + const country_code = (await IPAnalysis(getIpAdress(req))).country_code; + res.json({ consent_required: false, country_code: country_code, promotional_email_opt_in: { required: true, pre_checked: false } }); }); export default router; diff --git a/src/api/routes/auth/login.ts b/src/api/routes/auth/login.ts index 45f5eeb9..68b2656a 100644 --- a/src/api/routes/auth/login.ts +++ b/src/api/routes/auth/login.ts @@ -1,15 +1,23 @@ import { Request, Response, Router } from "express"; import { route, getIpAdress, verifyCaptcha } from "@fosscord/api"; -import bcrypt from "bcrypt"; import { Config, User, generateToken, adjustEmail, FieldErrors, LoginSchema } from "@fosscord/util"; import crypto from "crypto"; +let bcrypt: any; +try { + bcrypt = require("bcrypt"); +} catch { + bcrypt = require("bcryptjs"); + console.log("Warning: using bcryptjs because bcrypt is not installed! Performance will be affected."); +} + const router: Router = Router(); export default router; router.post("/", route({ body: "LoginSchema" }), async (req: Request, res: Response) => { const { login, password, captcha_key, undelete } = req.body as LoginSchema; const email = adjustEmail(login); + const ip = getIpAdress(req); const config = Config.get(); @@ -65,9 +73,9 @@ router.post("/", route({ body: "LoginSchema" }), async (req: Request, res: Respo return res.json({ ticket: ticket, mfa: true, - sms: false, // TODO - token: null, - }) + sms: false, // TODO + token: null + }); } const token = await generateToken(user.id); diff --git a/src/api/routes/auth/mfa/totp.ts b/src/api/routes/auth/mfa/totp.ts index 421dbafa..9938569e 100644 --- a/src/api/routes/auth/mfa/totp.ts +++ b/src/api/routes/auth/mfa/totp.ts @@ -1,8 +1,8 @@ -import { Router, Request, Response } from "express"; import { route } from "@fosscord/api"; -import { BackupCode, FieldErrors, generateToken, TotpSchema, User } from "@fosscord/util"; -import { verifyToken } from "node-2fa"; +import { BackupCode, generateToken, TotpSchema, User } from "@fosscord/util"; +import { Request, Response, Router } from "express"; import { HTTPError } from "lambert-server"; +import { verifyToken } from "node-2fa"; const router = Router(); router.post("/", route({ body: "TotpSchema" }), async (req: Request, res: Response) => { @@ -10,23 +10,17 @@ router.post("/", route({ body: "TotpSchema" }), async (req: Request, res: Respon const user = await User.findOneOrFail({ where: { - totp_last_ticket: ticket, + totp_last_ticket: ticket }, - select: [ - "id", - "totp_secret", - "settings", - ], + select: ["id", "totp_secret", "settings"] }); const backup = await BackupCode.findOne({ where: { code: code, expired: false, consumed: false, user: { id: user.id } } }); if (!backup) { const ret = verifyToken(user.totp_secret!, code); - if (!ret || ret.delta != 0) - throw new HTTPError(req.t("auth:login.INVALID_TOTP_CODE"), 60008); - } - else { + if (!ret || ret.delta != 0) throw new HTTPError(req.t("auth:login.INVALID_TOTP_CODE"), 60008); + } else { backup.consumed = true; await backup.save(); } @@ -35,7 +29,7 @@ router.post("/", route({ body: "TotpSchema" }), async (req: Request, res: Respon return res.json({ token: await generateToken(user.id), - user_settings: user.settings, + user_settings: user.settings }); }); diff --git a/src/api/routes/auth/register.ts b/src/api/routes/auth/register.ts index 8059e3f1..d3b5a59c 100644 --- a/src/api/routes/auth/register.ts +++ b/src/api/routes/auth/register.ts @@ -1,7 +1,14 @@ import { Request, Response, Router } from "express"; import { Config, generateToken, Invite, FieldErrors, User, adjustEmail, RegisterSchema } from "@fosscord/util"; import { route, getIpAdress, IPAnalysis, isProxy, verifyCaptcha } from "@fosscord/api"; -import bcrypt from "bcrypt"; + +let bcrypt: any; +try { + bcrypt = require("bcrypt"); +} catch { + bcrypt = require("bcryptjs"); + console.log("Warning: using bcryptjs because bcrypt is not installed! Performance will be affected."); +} import { HTTPError } from "@fosscord/util"; const router: Router = Router(); |