1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
|
import Koa from 'koa';
import rndstr from 'rndstr';
import bcrypt from 'bcryptjs';
import { fetchMeta } from '@/misc/fetch-meta.js';
import { verifyHcaptcha, verifyRecaptcha } from '@/misc/captcha.js';
import { Users, RegistrationTickets, UserPendings } from '@/models/index.js';
import { signup } from '../common/signup.js';
import config from '@/config/index.js';
import { sendEmail } from '@/services/send-email.js';
import { genId } from '@/misc/gen-id.js';
import { validateEmailForAccount } from '@/services/validate-email-for-account.js';
export default async (ctx: Koa.Context) => {
const body = ctx.request.body;
const instance = await fetchMeta(true);
// Verify *Captcha
// ただしテスト時はこの機構は障害となるため無効にする
if (process.env.NODE_ENV !== 'test') {
if (instance.enableHcaptcha && instance.hcaptchaSecretKey) {
await verifyHcaptcha(instance.hcaptchaSecretKey, body['hcaptcha-response']).catch(e => {
ctx.throw(400, e);
});
}
if (instance.enableRecaptcha && instance.recaptchaSecretKey) {
await verifyRecaptcha(instance.recaptchaSecretKey, body['g-recaptcha-response']).catch(e => {
ctx.throw(400, e);
});
}
}
const username = body['username'];
const password = body['password'];
const host: string | null = process.env.NODE_ENV === 'test' ? (body['host'] || null) : null;
const invitationCode = body['invitationCode'];
const emailAddress = body['emailAddress'];
if (instance.emailRequiredForSignup) {
if (emailAddress == null || typeof emailAddress !== 'string') {
ctx.status = 400;
return;
}
const available = await validateEmailForAccount(emailAddress);
if (!available) {
ctx.status = 400;
return;
}
}
if (instance.disableRegistration) {
if (invitationCode == null || typeof invitationCode !== 'string') {
ctx.status = 400;
return;
}
const ticket = await RegistrationTickets.findOneBy({
code: invitationCode,
});
if (ticket == null) {
ctx.status = 400;
return;
}
RegistrationTickets.delete(ticket.id);
}
if (instance.emailRequiredForSignup) {
const code = rndstr('a-z0-9', 16);
// Generate hash of password
const salt = await bcrypt.genSalt(8);
const hash = await bcrypt.hash(password, salt);
await UserPendings.insert({
id: genId(),
createdAt: new Date(),
code,
email: emailAddress,
username: username,
password: hash,
});
const link = `${config.url}/signup-complete/${code}`;
sendEmail(emailAddress, 'Signup',
`To complete signup, please click this link:<br><a href="${link}">${link}</a>`,
`To complete signup, please click this link: ${link}`);
ctx.status = 204;
} else {
try {
const { account, secret } = await signup({
username, password, host,
});
const res = await Users.pack(account, account, {
detail: true,
includeSecrets: true,
});
(res as any).token = secret;
ctx.body = res;
} catch (e) {
ctx.throw(400, e);
}
}
};
|
