Merge pull request #891 from fosscord/dev/improve-security

Improved security: one-time registration token support, register and message ratelimit

2 files changed, 64 insertions, 0 deletions

diff --git a/src/util/migrations/postgres/1663440587650-registration_tokens.ts b/src/util/migrations/postgres/1663440587650-registration_tokens.ts
new file mode 100644

index 00000000..d5f602b8
--- /dev/null
+++ b/src/util/migrations/postgres/1663440587650-registration_tokens.ts
@@ -0,0 +1,32 @@
+import { MigrationInterface, QueryRunner } from "typeorm";
+
+export class registrationTokens1663440587650 implements MigrationInterface {
+	name = "registrationTokens1663440587650";
+
+	public async up(queryRunner: QueryRunner): Promise<void> {
+		await queryRunner.query(`
+            CREATE TABLE "valid_registration_tokens" (
+                "id" character varying NOT NULL,
+                "token" character varying NOT NULL,
+                "created_at" TIMESTAMP NOT NULL,
+                "expires_at" TIMESTAMP NOT NULL,
+                CONSTRAINT "PK_aac42a46cd46369450217de1c8a" PRIMARY KEY ("id")
+            )
+        `);
+		await queryRunner.query(`
+            ALTER TABLE "members"
+            ALTER COLUMN "bio" DROP DEFAULT
+        `);
+	}
+
+	public async down(queryRunner: QueryRunner): Promise<void> {
+		await queryRunner.query(`
+            ALTER TABLE "members"
+            ALTER COLUMN "bio"
+            SET DEFAULT ''
+        `);
+		await queryRunner.query(`
+            DROP TABLE "valid_registration_tokens"
+        `);
+	}
+}
diff --git a/src/util/migrations/postgres/1663448561249-drop_id_for_registration_tokens.ts b/src/util/migrations/postgres/1663448561249-drop_id_for_registration_tokens.ts
new file mode 100644

index 00000000..4dc8c6ba
--- /dev/null
+++ b/src/util/migrations/postgres/1663448561249-drop_id_for_registration_tokens.ts
@@ -0,0 +1,32 @@
+import { MigrationInterface, QueryRunner } from "typeorm";
+
+export class dropIdForRegistrationTokens1663448561249 implements MigrationInterface {
+	name = "dropIdForRegistrationTokens1663448561249";
+
+	public async up(queryRunner: QueryRunner): Promise<void> {
+		await queryRunner.query(`
+            ALTER TABLE "valid_registration_tokens" DROP CONSTRAINT "PK_aac42a46cd46369450217de1c8a"
+        `);
+		await queryRunner.query(`
+            ALTER TABLE "valid_registration_tokens" DROP COLUMN "id"
+        `);
+		await queryRunner.query(`
+            ALTER TABLE "valid_registration_tokens"
+            ADD CONSTRAINT "PK_e0f5c8e3fcefe3134a092c50485" PRIMARY KEY ("token")
+        `);
+	}
+
+	public async down(queryRunner: QueryRunner): Promise<void> {
+		await queryRunner.query(`
+            ALTER TABLE "valid_registration_tokens" DROP CONSTRAINT "PK_e0f5c8e3fcefe3134a092c50485"
+        `);
+		await queryRunner.query(`
+            ALTER TABLE "valid_registration_tokens"
+            ADD "id" character varying NOT NULL
+        `);
+		await queryRunner.query(`
+            ALTER TABLE "valid_registration_tokens"
+            ADD CONSTRAINT "PK_aac42a46cd46369450217de1c8a" PRIMARY KEY ("id")
+        `);
+	}
+}