diff options
Diffstat (limited to 'api/src')
-rw-r--r-- | api/src/routes/auth/register.ts | 15 | ||||
-rw-r--r-- | api/src/routes/channels/#channel_id/typing.ts | 2 | ||||
-rw-r--r-- | api/src/routes/users/@me/index.ts | 34 |
3 files changed, 40 insertions, 11 deletions
diff --git a/api/src/routes/auth/register.ts b/api/src/routes/auth/register.ts index 9f3b46f1..cd1bcb72 100644 --- a/api/src/routes/auth/register.ts +++ b/api/src/routes/auth/register.ts @@ -98,7 +98,6 @@ router.post("/", route({ body: "RegisterSchema" }), async (req: Request, res: Re } } - console.log("register", body.email, body.username, ip); // TODO: gift_code_sku_id? // TODO: check password strength @@ -154,18 +153,22 @@ router.post("/", route({ body: "RegisterSchema" }), async (req: Request, res: Re }); } + if (!body.invite && (register.requireInvite || (register.guestsRequireInvite && !register.email))) { + // require invite to register -> e.g. for organizations to send invites to their employees + throw FieldErrors({ + email: { code: "INVITE_ONLY", message: req.t("auth:register.INVITE_ONLY") } + }); + } + const user = await User.register({ ...body, req }); if (body.invite) { // await to fail if the invite doesn't exist (necessary for requireInvite to work properly) (username only signups are possible) await Invite.joinGuild(user.id, body.invite); - } else if (register.requireInvite) { - // require invite to register -> e.g. for organizations to send invites to their employees - throw FieldErrors({ - email: { code: "INVITE_ONLY", message: req.t("auth:register.INVITE_ONLY") } - }); } + console.log("register", body.email, body.username, ip); + return res.json({ token: await generateToken(user.id) }); }); diff --git a/api/src/routes/channels/#channel_id/typing.ts b/api/src/routes/channels/#channel_id/typing.ts index a9dcb315..45ed76db 100644 --- a/api/src/routes/channels/#channel_id/typing.ts +++ b/api/src/routes/channels/#channel_id/typing.ts @@ -9,7 +9,7 @@ router.post("/", route({ permission: "SEND_MESSAGES" }), async (req: Request, re const user_id = req.user_id; const timestamp = Date.now(); const channel = await Channel.findOneOrFail({ id: channel_id }); - const member = await Member.findOneOrFail({ where: { id: user_id }, relations: ["roles"] }); + const member = await Member.findOneOrFail({ where: { id: user_id }, relations: ["roles", "user"] }); await emitEvent({ event: "TYPING_START", diff --git a/api/src/routes/users/@me/index.ts b/api/src/routes/users/@me/index.ts index f6bb04d7..1959704a 100644 --- a/api/src/routes/users/@me/index.ts +++ b/api/src/routes/users/@me/index.ts @@ -1,6 +1,7 @@ import { Router, Request, Response } from "express"; -import { User, PrivateUserProjection, emitEvent, UserUpdateEvent, handleFile } from "@fosscord/util"; +import { User, PrivateUserProjection, emitEvent, UserUpdateEvent, handleFile, FieldErrors } from "@fosscord/util"; import { route } from "@fosscord/api"; +import bcrypt from "bcrypt"; const router: Router = Router(); @@ -32,10 +33,35 @@ router.patch("/", route({ body: "UserModifySchema" }), async (req: Request, res: if (body.avatar) body.avatar = await handleFile(`/avatars/${req.user_id}`, body.avatar as string); if (body.banner) body.banner = await handleFile(`/banners/${req.user_id}`, body.banner as string); - await new User({ ...body, id: req.user_id }).save(); + const user = await User.findOneOrFail({ where: { id: req.user_id }, select: [...PrivateUserProjection, "data"] }); + + if (body.password) { + if (user.data?.hash) { + const same_password = await bcrypt.compare(body.password, user.data.hash || ""); + if (!same_password) { + throw FieldErrors({ password: { message: req.t("auth:login.INVALID_PASSWORD"), code: "INVALID_PASSWORD" } }); + } + } else { + user.data.hash = await bcrypt.hash(body.password, 12); + } + } + + user.assign(body); + + if (body.new_password) { + if (!body.password && !user.email) { + throw FieldErrors({ + password: { code: "BASE_TYPE_REQUIRED", message: req.t("common:field.BASE_TYPE_REQUIRED") } + }); + } + user.data.hash = await bcrypt.hash(body.new_password, 12); + } + + await user.save(); + + // @ts-ignore + delete user.data; - //Need to reload user from db due to https://github.com/typeorm/typeorm/issues/3490 - const user = await User.findOneOrFail({ where: { id: req.user_id }, select: PrivateUserProjection }); // TODO: send update member list event in gateway await emitEvent({ event: "USER_UPDATE", |