diff options
| author | Kagami Sascha Rosylight <saschanaz@outlook.com> | 2023-06-25 04:04:33 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-06-25 11:04:33 +0900 |
| commit | ef354e94f20ace67b94faa2859c458a436cdd3f7 (patch) | |
| tree | aa446426e7a7a74e77eb939850da134ae2bcdf3f /packages/backend/src/server/api/SignupApiService.ts | |
| parent | chore(backend, misskey-js): add type for signup (#11043) (diff) | |
| download | sharkey-ef354e94f20ace67b94faa2859c458a436cdd3f7.tar.gz sharkey-ef354e94f20ace67b94faa2859c458a436cdd3f7.tar.bz2 sharkey-ef354e94f20ace67b94faa2859c458a436cdd3f7.zip | |
refactor(backend): replace rndstr with secureRndstr (#11044)
* refactor(backend): replace rndstr with secureRndstr
* Update pnpm-lock.yaml
* .js
Diffstat (limited to 'packages/backend/src/server/api/SignupApiService.ts')
| -rw-r--r-- | packages/backend/src/server/api/SignupApiService.ts | 28 |
1 files changed, 14 insertions, 14 deletions
diff --git a/packages/backend/src/server/api/SignupApiService.ts b/packages/backend/src/server/api/SignupApiService.ts index b2bd7d82e7..fc5f3811eb 100644 --- a/packages/backend/src/server/api/SignupApiService.ts +++ b/packages/backend/src/server/api/SignupApiService.ts @@ -1,5 +1,4 @@ import { Inject, Injectable } from '@nestjs/common'; -import rndstr from 'rndstr'; import bcrypt from 'bcryptjs'; import { IsNull } from 'typeorm'; import { DI } from '@/di-symbols.js'; @@ -16,6 +15,7 @@ import { FastifyReplyError } from '@/misc/fastify-reply-error.js'; import { bindThis } from '@/decorators.js'; import { SigninService } from './SigninService.js'; import type { FastifyRequest, FastifyReply } from 'fastify'; +import { L_CHARS, secureRndstr } from '@/misc/secure-rndstr.js'; @Injectable() export class SignupApiService { @@ -67,7 +67,7 @@ export class SignupApiService { const body = request.body; const instance = await this.metaService.fetch(true); - + // Verify *Captcha // ただしテスト時はこの機構は障害となるため無効にする if (process.env.NODE_ENV !== 'test') { @@ -76,7 +76,7 @@ export class SignupApiService { throw new FastifyReplyError(400, err); }); } - + if (instance.enableRecaptcha && instance.recaptchaSecretKey) { await this.captchaService.verifyRecaptcha(instance.recaptchaSecretKey, body['g-recaptcha-response']).catch(err => { throw new FastifyReplyError(400, err); @@ -89,44 +89,44 @@ export class SignupApiService { }); } } - + const username = body['username']; const password = body['password']; const host: string | null = process.env.NODE_ENV === 'test' ? (body['host'] ?? null) : null; const invitationCode = body['invitationCode']; const emailAddress = body['emailAddress']; - + if (instance.emailRequiredForSignup) { if (emailAddress == null || typeof emailAddress !== 'string') { reply.code(400); return; } - + const res = await this.emailService.validateEmailForAccount(emailAddress); if (!res.available) { reply.code(400); return; } } - + if (instance.disableRegistration) { if (invitationCode == null || typeof invitationCode !== 'string') { reply.code(400); return; } - + const ticket = await this.registrationTicketsRepository.findOneBy({ code: invitationCode, }); - + if (ticket == null) { reply.code(400); return; } - + this.registrationTicketsRepository.delete(ticket.id); } - + if (instance.emailRequiredForSignup) { if (await this.usersRepository.findOneBy({ usernameLower: username.toLowerCase(), host: IsNull() })) { throw new FastifyReplyError(400, 'DUPLICATED_USERNAME'); @@ -142,7 +142,7 @@ export class SignupApiService { throw new FastifyReplyError(400, 'DENIED_USERNAME'); } - const code = rndstr('a-z0-9', 16); + const code = secureRndstr(16, { chars: L_CHARS }); // Generate hash of password const salt = await bcrypt.genSalt(8); @@ -170,12 +170,12 @@ export class SignupApiService { const { account, secret } = await this.signupService.signup({ username, password, host, }); - + const res = await this.userEntityService.pack(account, account, { detail: true, includeSecrets: true, }); - + return { ...res, token: secret, |