diff options
| author | Madeline <46743919+MaddyUnderStars@users.noreply.github.com> | 2022-12-19 22:03:08 +1100 |
|---|---|---|
| committer | Madeline <46743919+MaddyUnderStars@users.noreply.github.com> | 2022-12-19 22:04:52 +1100 |
| commit | ddd3c860431275e5900766b6e10ae65edcd66eae (patch) | |
| tree | 67cefbb85d0bc759b6e2b2c2bc5cc48f98dc3360 /src/api/routes | |
| parent | Add register ratelimit (diff) | |
| download | server-ddd3c860431275e5900766b6e10ae65edcd66eae.tar.xz | |
Registration tokens
Diffstat (limited to 'src/api/routes')
| -rw-r--r-- | src/api/routes/auth/generate-registration-tokens.ts | 28 | ||||
| -rw-r--r-- | src/api/routes/auth/register.ts | 20 |
2 files changed, 47 insertions, 1 deletions
diff --git a/src/api/routes/auth/generate-registration-tokens.ts b/src/api/routes/auth/generate-registration-tokens.ts new file mode 100644 index 00000000..e328fe5e --- /dev/null +++ b/src/api/routes/auth/generate-registration-tokens.ts @@ -0,0 +1,28 @@ +import { route, random } from "@fosscord/api"; +import { Config, ValidRegistrationToken } from "@fosscord/util"; +import { Request, Response, Router } from "express"; + +const router: Router = Router(); +export default router; + +router.get("/", route({ right: "OPERATOR" }), async (req: Request, res: Response) => { + const count = req.query.count ? parseInt(req.query.count as string) : 1; + const length = req.query.length ? parseInt(req.query.length as string) : 255; + + let tokens: ValidRegistrationToken[] = []; + + for (let i = 0; i < count; i++) { + const token = ValidRegistrationToken.create({ + token: random(length), + expires_at: Date.now() + Config.get().security.defaultRegistrationTokenExpiration + }); + tokens.push(token); + } + + // Why are these options used, exactly? + await ValidRegistrationToken.save(tokens, { chunk: 1000, reload: false, transaction: false }); + + if (req.query.plain) return res.send(tokens.map(x => x.token).join("\n")); + + return res.json({ tokens: tokens.map(x => x.token) }); +}); \ No newline at end of file diff --git a/src/api/routes/auth/register.ts b/src/api/routes/auth/register.ts index eba86f77..6ca23158 100644 --- a/src/api/routes/auth/register.ts +++ b/src/api/routes/auth/register.ts @@ -7,6 +7,7 @@ import { User, adjustEmail, RegisterSchema, + ValidRegistrationToken, } from "@fosscord/util"; import { route, @@ -17,7 +18,7 @@ import { } from "@fosscord/api"; import bcrypt from "bcrypt"; import { HTTPError } from "lambert-server"; -import { MoreThan } from "typeorm"; +import { LessThan, MoreThan } from "typeorm"; const router: Router = Router(); @@ -199,7 +200,24 @@ router.post( }); } + // Reg tokens + // They're a one time use token that bypasses registration rate limiter + let regTokenUsed = false; + if (req.get("Referrer")?.includes("token=")) { // eg theyre on https://staging.fosscord.com/register?token=whatever + const token = req.get("Referrer")!.split("token=")[1].split("&")[0]; + if (token) { + const regToken = await ValidRegistrationToken.findOne({ where: { token, expires_at: MoreThan(new Date()), } }); + await ValidRegistrationToken.delete({ token }); + regTokenUsed = true; + console.log(`[REGISTER] Registration token ${token} used for registration!`); + } + else { + console.log(`[REGISTER] Invalid registration token ${token} used for registration by ${ip}!`); + } + } + if ( + !regTokenUsed && limits.absoluteRate.register.enabled && (await User.count({ where: { created_at: MoreThan(new Date(Date.now() - limits.absoluteRate.register.window)) } })) >= limits.absoluteRate.register.limit |