From 68192126e6a902d4f9267970d8cb3a98d0910161 Mon Sep 17 00:00:00 2001 From: syuilo Date: Sun, 7 Nov 2021 20:16:01 +0900 Subject: feat: improve email validation --- src/client/components/signup.vue | 15 ++++++++-- .../api/endpoints/email-address/available.ts | 17 +++++------ src/server/api/endpoints/i/update-email.ts | 14 +++++++++ src/server/api/private/signup.ts | 7 +++++ src/services/validate-email-for-account.ts | 34 ++++++++++++++++++++++ 5 files changed, 75 insertions(+), 12 deletions(-) create mode 100644 src/services/validate-email-for-account.ts (limited to 'src') diff --git a/src/client/components/signup.vue b/src/client/components/signup.vue index cb25eadf06..8d4340fd36 100644 --- a/src/client/components/signup.vue +++ b/src/client/components/signup.vue @@ -19,12 +19,17 @@ {{ $ts.tooLong }} - + @@ -171,7 +176,13 @@ export default defineComponent({ os.api('email-address/available', { emailAddress: this.email }).then(result => { - this.emailState = result.available ? 'ok' : 'unavailable'; + this.emailState = result.available ? 'ok' : + result.reason === 'used' ? 'unavailable:used' : + result.reason === 'format' ? 'unavailable:format' : + result.reason === 'disposable' ? 'unavailable:disposable' : + result.reason === 'mx' ? 'unavailable:mx' : + result.reason === 'smtp' ? 'unavailable:smtp' : + 'unavailable'; }).catch(err => { this.emailState = 'error'; }); diff --git a/src/server/api/endpoints/email-address/available.ts b/src/server/api/endpoints/email-address/available.ts index 65fe6f9178..f6fccd59b0 100644 --- a/src/server/api/endpoints/email-address/available.ts +++ b/src/server/api/endpoints/email-address/available.ts @@ -1,6 +1,6 @@ import $ from 'cafy'; import define from '../../define'; -import { UserProfiles } from '@/models/index'; +import { validateEmailForAccount } from '@/services/validate-email-for-account'; export const meta = { tags: ['users'], @@ -20,18 +20,15 @@ export const meta = { available: { type: 'boolean' as const, optional: false as const, nullable: false as const, - } + }, + reason: { + type: 'string' as const, + optional: false as const, nullable: true as const, + }, } } }; export default define(meta, async (ps) => { - const exist = await UserProfiles.count({ - emailVerified: true, - email: ps.emailAddress, - }); - - return { - available: exist === 0 - }; + return await validateEmailForAccount(ps.emailAddress); }); diff --git a/src/server/api/endpoints/i/update-email.ts b/src/server/api/endpoints/i/update-email.ts index 14aedad88b..9b6fb9c410 100644 --- a/src/server/api/endpoints/i/update-email.ts +++ b/src/server/api/endpoints/i/update-email.ts @@ -8,6 +8,7 @@ import * as bcrypt from 'bcryptjs'; import { Users, UserProfiles } from '@/models/index'; import { sendEmail } from '@/services/send-email'; import { ApiError } from '../../error'; +import { validateEmailForAccount } from '@/services/validate-email-for-account'; export const meta = { requireCredential: true as const, @@ -35,6 +36,12 @@ export const meta = { code: 'INCORRECT_PASSWORD', id: 'e54c1d7e-e7d6-4103-86b6-0a95069b4ad3' }, + + unavailable: { + message: 'Unavailable email address.', + code: 'UNAVAILABLE', + id: 'a2defefb-f220-8849-0af6-17f816099323' + }, } }; @@ -48,6 +55,13 @@ export default define(meta, async (ps, user) => { throw new ApiError(meta.errors.incorrectPassword); } + if (ps.email != null) { + const available = await validateEmailForAccount(ps.email); + if (!available) { + throw new ApiError(meta.errors.unavailable); + } + } + await UserProfiles.update(user.id, { email: ps.email, emailVerified: false, diff --git a/src/server/api/private/signup.ts b/src/server/api/private/signup.ts index 93caaea935..2b6a3eb00c 100644 --- a/src/server/api/private/signup.ts +++ b/src/server/api/private/signup.ts @@ -8,6 +8,7 @@ import { signup } from '../common/signup'; import config from '@/config'; import { sendEmail } from '@/services/send-email'; import { genId } from '@/misc/gen-id'; +import { validateEmailForAccount } from '@/services/validate-email-for-account'; export default async (ctx: Koa.Context) => { const body = ctx.request.body; @@ -41,6 +42,12 @@ export default async (ctx: Koa.Context) => { ctx.status = 400; return; } + + const available = await validateEmailForAccount(emailAddress); + if (!available) { + ctx.status = 400; + return; + } } if (instance.disableRegistration) { diff --git a/src/services/validate-email-for-account.ts b/src/services/validate-email-for-account.ts new file mode 100644 index 0000000000..1d039fb263 --- /dev/null +++ b/src/services/validate-email-for-account.ts @@ -0,0 +1,34 @@ +import validateEmail from 'deep-email-validator'; +import { UserProfiles } from '@/models'; + +export async function validateEmailForAccount(emailAddress: string): Promise<{ + available: boolean; + reason: null | 'used' | 'format' | 'disposable' | 'mx' | 'smtp'; +}> { + const exist = await UserProfiles.count({ + emailVerified: true, + email: emailAddress, + }); + + const validated = await validateEmail({ + email: emailAddress, + validateRegex: true, + validateMx: true, + validateTypo: false, // TLDを見ているみたいだけどclubとか弾かれるので + validateDisposable: true, // 捨てアドかどうかチェック + validateSMTP: false, // 日本だと25ポートが殆どのプロバイダーで塞がれていてタイムアウトになるので + }); + + const available = exist === 0 && validated.valid; + + return { + available, + reason: available ? null : + exist !== 0 ? 'used' : + validated.reason === 'regex' ? 'format' : + validated.reason === 'disposable' ? 'disposable' : + validated.reason === 'mx' ? 'mx' : + validated.reason === 'smtp' ? 'smtp' : + null, + }; +} -- cgit v1.2.3-freya