From 306f77aafec88f92ba4905a837cdf11378c50c0e Mon Sep 17 00:00:00 2001
From: Evert Prants <imsonotsleepy@gmail.com>
Date: Sun, 16 Jun 2019 12:55:36 +0300
Subject: [PATCH] closed registrations

---
 src/server.js |  2 +-
 src/user.js   | 15 +++++++++++----
 2 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/src/server.js b/src/server.js
index 7e51145..86c7a10 100644
--- a/src/server.js
+++ b/src/server.js
@@ -233,7 +233,7 @@ router.use((err, req, res, next) => {
   res.status(404).jsonp({error: 404})
 })
 
-app.use('/user', user(dbPromise, values.oauth))
+app.use('/user', user(dbPromise, values.oauth, values.registrations === true))
 
 app.use('/api', router)
 app.use('/file/track', express.static(path.resolve(values.directory)))
diff --git a/src/user.js b/src/user.js
index d8310fb..d8bf369 100644
--- a/src/user.js
+++ b/src/user.js
@@ -24,7 +24,7 @@ export function userMiddleware (req, res, next) {
   next()
 }
 
-export function user (dbPromise, oauth) {
+export function user (dbPromise, oauth, registrations) {
   router.get('/info', userMiddleware, async (req, res) => {
     res.jsonp(await userInfoPublic(await dbPromise, req.session.user))
   })
@@ -42,7 +42,7 @@ export function user (dbPromise, oauth) {
     let code = req.query.code
     let state = req.query.state
     if (!code || !state) throw new Error('Something went wrong!')
-    if (!req.session.oauthState || req.session.oauthState !== state) throw new Error('Possible request forgery detected! Try again.')
+    if (!req.session || !req.session.oauthState || req.session.oauthState !== state) throw new Error('Possible request forgery detected! Try again.')
 
     delete req.session.oauthState
 
@@ -84,6 +84,8 @@ export function user (dbPromise, oauth) {
       return res.redirect('/')
     }
 
+    if (!registrations) throw new Error('Registrations are currently closed!')
+
     // Create a new user and log in
     let newU = await db.get('INSERT INTO User (username,email,image,created) VALUES (?,?,?,?)', userInfo.username, userInfo.email, userInfo.image, new Date())
     await db.run('INSERT INTO OAuth (userId,remoteId,created) VALUES (?,?,?)', newU.id, userInfo.id, new Date())
@@ -92,8 +94,13 @@ export function user (dbPromise, oauth) {
   })
 
   router.get('/login/oauth', async (req, res) => {
-    let state = req.session.oauthState || crypto.randomBytes(10).toString('hex')
-    req.session.oauthState = state
+    let state
+    if (req.session && req.session.oauthState)  {
+      state = req.session.oauthState
+    } else {
+      req.session.oauthState = crypto.randomBytes(16).toString('hex')      
+    }
+
     return res.redirect(oauth2.getAuthorizeUrl({
       'redirect_uri': oauth.redirectUri,
       'scope': oauth.scope,