closed registrations
This commit is contained in:
parent
75de194f88
commit
306f77aafe
GPG Key ID:
1688DA83D222D0B5
|
|
@ -233,7 +233,7 @@ router.use((err, req, res, next) => {
|
|||
res.status(404).jsonp({error: 404})
|
||||
})
|
||||
|
||||
app.use('/user', user(dbPromise, values.oauth))
|
||||
app.use('/user', user(dbPromise, values.oauth, values.registrations === true))
|
||||
|
||||
app.use('/api', router)
|
||||
app.use('/file/track', express.static(path.resolve(values.directory)))
|
||||
|
|
|
|||
15
src/user.js
15
src/user.js
|
|
@ -24,7 +24,7 @@ export function userMiddleware (req, res, next) {
|
|||
next()
|
||||
}
|
||||
|
||||
export function user (dbPromise, oauth) {
|
||||
export function user (dbPromise, oauth, registrations) {
|
||||
router.get('/info', userMiddleware, async (req, res) => {
|
||||
res.jsonp(await userInfoPublic(await dbPromise, req.session.user))
|
||||
})
|
||||
|
|
@ -42,7 +42,7 @@ export function user (dbPromise, oauth) {
|
|||
let code = req.query.code
|
||||
let state = req.query.state
|
||||
if (!code || !state) throw new Error('Something went wrong!')
|
||||
if (!req.session.oauthState || req.session.oauthState !== state) throw new Error('Possible request forgery detected! Try again.')
|
||||
if (!req.session || !req.session.oauthState || req.session.oauthState !== state) throw new Error('Possible request forgery detected! Try again.')
|
||||
|
||||
delete req.session.oauthState
|
||||
|
||||
|
|
@ -84,6 +84,8 @@ export function user (dbPromise, oauth) {
|
|||
return res.redirect('/')
|
||||
}
|
||||
|
||||
if (!registrations) throw new Error('Registrations are currently closed!')
|
||||
|
||||
// Create a new user and log in
|
||||
let newU = await db.get('INSERT INTO User (username,email,image,created) VALUES (?,?,?,?)', userInfo.username, userInfo.email, userInfo.image, new Date())
|
||||
await db.run('INSERT INTO OAuth (userId,remoteId,created) VALUES (?,?,?)', newU.id, userInfo.id, new Date())
|
||||
|
|
@ -92,8 +94,13 @@ export function user (dbPromise, oauth) {
|
|||
})
|
||||
|
||||
router.get('/login/oauth', async (req, res) => {
|
||||
let state = req.session.oauthState || crypto.randomBytes(10).toString('hex')
|
||||
req.session.oauthState = state
|
||||
let state
|
||||
if (req.session && req.session.oauthState) {
|
||||
state = req.session.oauthState
|
||||
} else {
|
||||
req.session.oauthState = crypto.randomBytes(16).toString('hex')
|
||||
}
|
||||
|
||||
return res.redirect(oauth2.getAuthorizeUrl({
|
||||
'redirect_uri': oauth.redirectUri,
|
||||
'scope': oauth.scope,
|
||||
|
|
|
|||
Loading…
Reference in New Issue