Validate verify code at register endpoint
This commit is contained in:
@@ -386,7 +386,8 @@ app.post(
|
|||||||
body: t.Object({
|
body: t.Object({
|
||||||
username: t.String(),
|
username: t.String(),
|
||||||
password: t.String(),
|
password: t.String(),
|
||||||
email: t.String()
|
email: t.String(),
|
||||||
|
verifyCode: t.String()
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
|
|||||||
@@ -5,8 +5,8 @@ import {
|
|||||||
jsonResponse
|
jsonResponse
|
||||||
} from '../../../../lib/util'
|
} from '../../../../lib/util'
|
||||||
import isEmail from 'validator/lib/isEmail'
|
import isEmail from 'validator/lib/isEmail'
|
||||||
import { berryDashUserData, users } from '../../../../lib/tables'
|
import { berryDashUserData, users, verifyCodes } from '../../../../lib/tables'
|
||||||
import { eq, or } from 'drizzle-orm'
|
import { and, desc, eq, or, sql } from 'drizzle-orm'
|
||||||
import bcrypt from 'bcryptjs'
|
import bcrypt from 'bcryptjs'
|
||||||
import { randomBytes } from 'crypto'
|
import { randomBytes } from 'crypto'
|
||||||
|
|
||||||
@@ -14,6 +14,7 @@ type Body = {
|
|||||||
username: string
|
username: string
|
||||||
password: string
|
password: string
|
||||||
email: string
|
email: string
|
||||||
|
verifyCode: string
|
||||||
}
|
}
|
||||||
|
|
||||||
export async function handler (context: Context) {
|
export async function handler (context: Context) {
|
||||||
@@ -29,13 +30,26 @@ export async function handler (context: Context) {
|
|||||||
const { connection: connection1, db: db1 } = dbInfo1
|
const { connection: connection1, db: db1 } = dbInfo1
|
||||||
|
|
||||||
const body = context.body as Body
|
const body = context.body as Body
|
||||||
if (!body.username || !body.password || !body.email) {
|
if (!body.username || !body.password || !body.email || !body.verifyCode) {
|
||||||
connection0.end()
|
connection0.end()
|
||||||
connection1.end()
|
connection1.end()
|
||||||
return jsonResponse(
|
return jsonResponse(
|
||||||
{
|
{
|
||||||
success: false,
|
success: false,
|
||||||
message: 'Username, password and email must be in POST data',
|
message:
|
||||||
|
'Username, password, email and verifyCode must be in POST data',
|
||||||
|
data: null
|
||||||
|
},
|
||||||
|
400
|
||||||
|
)
|
||||||
|
}
|
||||||
|
if (body.verifyCode.length != 16) {
|
||||||
|
connection0.end()
|
||||||
|
connection1.end()
|
||||||
|
return jsonResponse(
|
||||||
|
{
|
||||||
|
success: false,
|
||||||
|
message: 'Invalid verify code (codes can only be used once)',
|
||||||
data: null
|
data: null
|
||||||
},
|
},
|
||||||
400
|
400
|
||||||
@@ -120,6 +134,30 @@ export async function handler (context: Context) {
|
|||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
const codeExists = await db0
|
||||||
|
.select({ code: verifyCodes.code })
|
||||||
|
.from(verifyCodes)
|
||||||
|
.where(
|
||||||
|
and(
|
||||||
|
eq(verifyCodes.ip, ip),
|
||||||
|
eq(verifyCodes.used, false),
|
||||||
|
eq(verifyCodes.code, body.verifyCode),
|
||||||
|
sql`${verifyCodes.timestamp} >= UNIX_TIMESTAMP() - 600`
|
||||||
|
)
|
||||||
|
)
|
||||||
|
.orderBy(desc(verifyCodes.id))
|
||||||
|
.limit(1)
|
||||||
|
.execute()
|
||||||
|
if (!codeExists[0])
|
||||||
|
return jsonResponse(
|
||||||
|
{
|
||||||
|
success: false,
|
||||||
|
message: 'Invalid verify code (codes can only be used once)',
|
||||||
|
data: null
|
||||||
|
},
|
||||||
|
400
|
||||||
|
)
|
||||||
|
|
||||||
const result = await db0
|
const result = await db0
|
||||||
.insert(users)
|
.insert(users)
|
||||||
.values({
|
.values({
|
||||||
|
|||||||
Reference in New Issue
Block a user