diff --git a/api/assets/background.png b/api/assets/background.png
new file mode 100644
index 00000000..58369ab8
--- /dev/null
+++ b/api/assets/background.png
Binary files differdiff --git a/api/assets/fosscord-login.css b/api/assets/fosscord-login.css
index d507c545..ca0af064 100644
--- a/api/assets/fosscord-login.css
+++ b/api/assets/fosscord-login.css
@@ -14,7 +14,7 @@
}
h3.title-jXR8lp.marginBottom8-AtZOdT.base-1x0h_U.size24-RIRrxO::after {
margin-top: -32px;
- content: "Welcome to Fosscord!";
+ content: "Welcome to Slowcord!";
visibility: visible;
display: block;
}
@@ -62,7 +62,22 @@ h3.title-jXR8lp.marginBottom8-AtZOdT.base-1x0h_U.size24-RIRrxO::after {
margin-top: -16px;
}
-/* shrink login box to same size as register */
-.authBoxExpanded-2jqaBe {
- width: 480px !important;
+/* funny styling */
+.wrapper-6URcxg {
+ justify-content: flex-start !important;
+
+ background: url("/assets/background.png");
+ background-size: 100% 100%;
+ background-repeat: no-repeat;
+}
+
+.authBoxExpanded-2jqaBe,
+.authBox-hW6HRx {
+ width: max(40vw, 500px) !important;
+ height: 100vh !important;
+ padding: 100px !important;
+ display: flex;
+ justify-content: center;
+ align-items: center;
+ border-radius: 0 !important;
}
diff --git a/api/assets/schemas.json b/api/assets/schemas.json
index cb3485fe..eac24adb 100644
--- a/api/assets/schemas.json
+++ b/api/assets/schemas.json
@@ -12527,6 +12527,9 @@
},
"code": {
"type": "string"
+ },
+ "email": {
+ "type": "string"
}
},
"additionalProperties": false,
diff --git a/api/scripts/generate_schema.js b/api/scripts/generate_schema.js
index 7e742ec1..b56c3fbc 100644
--- a/api/scripts/generate_schema.js
+++ b/api/scripts/generate_schema.js
@@ -27,7 +27,16 @@ const Excluded = [
"Response",
"e.Response",
"request.Response",
- "supertest.Response"
+ "supertest.Response",
+
+ // TODO: Figure out how to exclude schemas from node_modules?
+ "SomeJSONSchema",
+ "UncheckedPartialSchema",
+ "PartialSchema",
+ "UncheckedPropertiesSchema",
+ "PropertiesSchema",
+ "AsyncSchema",
+ "AnySchema",
];
function modify(obj) {
@@ -39,11 +48,18 @@ function modify(obj) {
}
function main() {
- const program = TJS.getProgramFromFiles(walk(path.join(__dirname, "..", "src", "routes")), compilerOptions);
+ const files = [
+ ...walk(path.join(__dirname, "..", "src", "routes")),
+ ...walk(path.join(__dirname, "..", "..", "util", "src")),
+ ];
+ const program = TJS.getProgramFromFiles(
+ files,
+ compilerOptions
+ );
const generator = TJS.buildGenerator(program, settings);
if (!generator || !program) return;
- const schemas = generator.getUserSymbols().filter((x) => (x.endsWith("Schema") || x.endsWith("Response")) && !Excluded.includes(x));
+ let schemas = generator.getUserSymbols().filter((x) => (x.endsWith("Schema") || x.endsWith("Response")) && !Excluded.includes(x));
console.log(schemas);
var definitions = {};
diff --git a/api/src/middlewares/RateLimit.ts b/api/src/middlewares/RateLimit.ts
index ca6de98f..1a38cfcf 100644
--- a/api/src/middlewares/RateLimit.ts
+++ b/api/src/middlewares/RateLimit.ts
@@ -1,4 +1,4 @@
-import { Config, getRights, listenEvent, Rights } from "@fosscord/util";
+import { Config, listenEvent } from "@fosscord/util";
import { NextFunction, Request, Response, Router } from "express";
import { getIpAdress } from "@fosscord/api";
import { API_PREFIX_TRAILING_SLASH } from "./Authentication";
@@ -9,7 +9,6 @@ import { API_PREFIX_TRAILING_SLASH } from "./Authentication";
/*
? bucket limit? Max actions/sec per bucket?
-(ANSWER: a small fosscord instance might not need a complex rate limiting system)
TODO: delay database requests to include multiple queries
TODO: different for methods (GET/POST)
@@ -45,25 +44,21 @@ export default function rateLimit(opts: {
onlyIp?: boolean;
}): any {
return async (req: Request, res: Response, next: NextFunction): Promise<any> => {
- // exempt user? if so, immediately short circuit
- const rights = await getRights(req.user_id);
- if (rights.has("BYPASS_RATE_LIMITS")) return;
-
const bucket_id = opts.bucket || req.originalUrl.replace(API_PREFIX_TRAILING_SLASH, "");
var executor_id = getIpAdress(req);
- if (!opts.onlyIp && req.user_id) executor_id = req.user_id;
+ if (!opts.onlyIp && req.user_id) executor_id = req.user_id;
var max_hits = opts.count;
if (opts.bot && req.user_bot) max_hits = opts.bot;
if (opts.GET && ["GET", "OPTIONS", "HEAD"].includes(req.method)) max_hits = opts.GET;
else if (opts.MODIFY && ["POST", "DELETE", "PATCH", "PUT"].includes(req.method)) max_hits = opts.MODIFY;
- let offender = Cache.get(executor_id + bucket_id);
+ const offender = Cache.get(executor_id + bucket_id);
if (offender) {
- let reset = offender.expires_at.getTime();
- let resetAfterMs = reset - Date.now();
- let resetAfterSec = Math.ceil(resetAfterMs / 1000);
+ const reset = offender.expires_at.getTime();
+ const resetAfterMs = reset - Date.now();
+ const resetAfterSec = resetAfterMs / 1000;
if (resetAfterMs <= 0) {
offender.hits = 0;
@@ -75,11 +70,6 @@ export default function rateLimit(opts: {
if (offender.blocked) {
const global = bucket_id === "global";
- // each block violation pushes the expiry one full window further
- reset += opts.window * 1000;
- offender.expires_at = new Date(offender.expires_at.getTime() + opts.window * 1000);
- resetAfterMs = reset - Date.now();
- resetAfterSec = Math.ceil(resetAfterMs / 1000);
console.log("blocked bucket: " + bucket_id, { resetAfterMs });
return (
diff --git a/api/src/routes/users/@me/index.ts b/api/src/routes/users/@me/index.ts
index 1af413c4..7ab30f03 100644
--- a/api/src/routes/users/@me/index.ts
+++ b/api/src/routes/users/@me/index.ts
@@ -1,7 +1,8 @@
import { Router, Request, Response } from "express";
-import { User, PrivateUserProjection, emitEvent, UserUpdateEvent, handleFile, FieldErrors } from "@fosscord/util";
+import { User, PrivateUserProjection, emitEvent, UserUpdateEvent, handleFile, FieldErrors, adjustEmail } from "@fosscord/util";
import { route } from "@fosscord/api";
import bcrypt from "bcrypt";
+import { HTTPError } from "lambert-server";
const router: Router = Router();
@@ -21,6 +22,7 @@ export interface UserModifySchema {
password?: string;
new_password?: string;
code?: string;
+ email?: string;
}
router.get("/", route({}), async (req: Request, res: Response) => {
@@ -28,6 +30,8 @@ router.get("/", route({}), async (req: Request, res: Response) => {
});
router.patch("/", route({ body: "UserModifySchema" }), async (req: Request, res: Response) => {
+ if (req.user_id === "992772978150273216") throw new HTTPError("Demo user, sorry", 400);
+
const body = req.body as UserModifySchema;
if (body.avatar) body.avatar = await handleFile(`/avatars/${req.user_id}`, body.avatar as string);
@@ -46,6 +50,12 @@ router.patch("/", route({ body: "UserModifySchema" }), async (req: Request, res:
}
}
+ if (body.email) {
+ body.email = adjustEmail(body.email);
+ if (!body.email)
+ throw FieldErrors({ email: { message: req.t("auth:register.EMAIL_INVALID"), code: "EMAIL_INVALID" } });
+ }
+
if (body.new_password) {
if (!body.password && !user.email) {
throw FieldErrors({
@@ -55,14 +65,14 @@ router.patch("/", route({ body: "UserModifySchema" }), async (req: Request, res:
user.data.hash = await bcrypt.hash(body.new_password, 12);
}
- if(body.username){
- var check_username = body?.username?.replace(/\s/g, '');
- if(!check_username) {
- throw FieldErrors({
- username: { code: "BASE_TYPE_REQUIRED", message: req.t("common:field.BASE_TYPE_REQUIRED") }
- });
- }
- }
+ if (body.username) {
+ var check_username = body?.username?.replace(/\s/g, '');
+ if (!check_username) {
+ throw FieldErrors({
+ username: { code: "BASE_TYPE_REQUIRED", message: req.t("common:field.BASE_TYPE_REQUIRED") }
+ });
+ }
+ }
user.assign(body);
await user.save();
|
