From 4cd6207e5f54921b51d05af932f05afa6aec7226 Mon Sep 17 00:00:00 2001 From: Flam3rboy <34555296+Flam3rboy@users.noreply.github.com> Date: Sat, 9 Oct 2021 11:21:06 +0200 Subject: [PATCH 1/5] :bug: fix cdn --- bundle/scripts/build.js | 1 - cdn/src/routes/attachments.ts | 4 ++-- cdn/src/routes/avatars.ts | 2 +- cdn/src/routes/external.ts | 2 +- gateway/src/events/Message.ts | 2 +- 5 files changed, 5 insertions(+), 6 deletions(-) diff --git a/bundle/scripts/build.js b/bundle/scripts/build.js index c6a98b80..05cf37ce 100644 --- a/bundle/scripts/build.js +++ b/bundle/scripts/build.js @@ -37,7 +37,6 @@ function transpileFiles() { const files = walk(path.join(__dirname, "..", "..", part, "dist")); for (const file of files) { let content = fs.readFileSync(file, { encoding: "utf8" }); - console.log(file); content = content .replace( new RegExp(`@fosscord/${part}`), diff --git a/cdn/src/routes/attachments.ts b/cdn/src/routes/attachments.ts index 354bdde9..ae50bc48 100644 --- a/cdn/src/routes/attachments.ts +++ b/cdn/src/routes/attachments.ts @@ -1,9 +1,9 @@ import { Router, Response, Request } from "express"; import { Config, Snowflake } from "@fosscord/util"; -import { storage } from "@fosscord/cdn"; +import { storage } from "../util/Storage"; import FileType from "file-type"; import { HTTPError } from "lambert-server"; -import { multer } from "@fosscord/cdn"; +import { multer } from "../util/multer"; import imageSize from "image-size"; const router = Router(); diff --git a/cdn/src/routes/avatars.ts b/cdn/src/routes/avatars.ts index 981cc417..3d5e7d77 100644 --- a/cdn/src/routes/avatars.ts +++ b/cdn/src/routes/avatars.ts @@ -1,6 +1,6 @@ import { Router, Response, Request } from "express"; import { Config, Snowflake } from "@fosscord/util"; -import { storage } from "@fosscord/cdn"; +import { storage } from "../util/Storage"; import FileType from "file-type"; import { HTTPError } from "lambert-server"; import crypto from "crypto"; diff --git a/cdn/src/routes/external.ts b/cdn/src/routes/external.ts index 50014600..dc90e3c8 100644 --- a/cdn/src/routes/external.ts +++ b/cdn/src/routes/external.ts @@ -2,7 +2,7 @@ import { Router, Response, Request } from "express"; import fetch from "node-fetch"; import { HTTPError } from "lambert-server"; import { Snowflake } from "@fosscord/util"; -import { storage } from "@fosscord/cdn"; +import { storage } from "../util/Storage"; import FileType from "file-type"; import { Config } from "@fosscord/util"; diff --git a/gateway/src/events/Message.ts b/gateway/src/events/Message.ts index 3648931d..af318bfd 100644 --- a/gateway/src/events/Message.ts +++ b/gateway/src/events/Message.ts @@ -5,7 +5,7 @@ try { erlpack = require("@yukikaze-bot/erlpack"); } catch (error) {} import OPCodeHandlers from "../opcodes"; -import { instanceOf, Tuple } from "lambert-server"; +import { Tuple } from "lambert-server"; import { check } from "../opcodes/instanceOf"; import WS from "ws"; From 6944c76b43098e65abfc63f8b59c13ae8f679447 Mon Sep 17 00:00:00 2001 From: Flam3rboy <34555296+Flam3rboy@users.noreply.github.com> Date: Sat, 9 Oct 2021 12:53:52 +0200 Subject: [PATCH 2/5] :bug: fix password changing --- api/src/routes/users/@me/index.ts | 26 ++++++++++++++++++++++---- 1 file changed, 22 insertions(+), 4 deletions(-) diff --git a/api/src/routes/users/@me/index.ts b/api/src/routes/users/@me/index.ts index f6bb04d7..c5f490d3 100644 --- a/api/src/routes/users/@me/index.ts +++ b/api/src/routes/users/@me/index.ts @@ -1,6 +1,7 @@ import { Router, Request, Response } from "express"; -import { User, PrivateUserProjection, emitEvent, UserUpdateEvent, handleFile } from "@fosscord/util"; +import { User, PrivateUserProjection, emitEvent, UserUpdateEvent, handleFile, FieldErrors } from "@fosscord/util"; import { route } from "@fosscord/api"; +import bcrypt from "bcrypt"; const router: Router = Router(); @@ -32,10 +33,27 @@ router.patch("/", route({ body: "UserModifySchema" }), async (req: Request, res: if (body.avatar) body.avatar = await handleFile(`/avatars/${req.user_id}`, body.avatar as string); if (body.banner) body.banner = await handleFile(`/banners/${req.user_id}`, body.banner as string); - await new User({ ...body, id: req.user_id }).save(); - - //Need to reload user from db due to https://github.com/typeorm/typeorm/issues/3490 const user = await User.findOneOrFail({ where: { id: req.user_id }, select: PrivateUserProjection }); + + if (body.password) { + const same_password = await bcrypt.compare(body.password, user.data.hash || ""); + if (!same_password) { + throw FieldErrors({ password: { message: req.t("auth:login.INVALID_PASSWORD"), code: "INVALID_PASSWORD" } }); + } + } + + user.assign(body); + + if (body.new_password) { + if (!body.password && !user.email) { + throw FieldErrors({ + password: { code: "BASE_TYPE_REQUIRED", message: req.t("common:field.BASE_TYPE_REQUIRED") } + }); + } + user.data.hash = await bcrypt.hash(body.new_password, 12); + } + + await user.save(); // TODO: send update member list event in gateway await emitEvent({ event: "USER_UPDATE", From 732f88cbb25f63fff50ea9a56f62a0eccb149c2d Mon Sep 17 00:00:00 2001 From: Flam3rboy <34555296+Flam3rboy@users.noreply.github.com> Date: Sat, 9 Oct 2021 12:54:03 +0200 Subject: [PATCH 3/5] :sparkles: added guestsRequireInvite to config --- api/src/routes/auth/register.ts | 12 +++++++----- util/src/entities/Config.ts | 2 ++ 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/api/src/routes/auth/register.ts b/api/src/routes/auth/register.ts index 9f3b46f1..4b08e78e 100644 --- a/api/src/routes/auth/register.ts +++ b/api/src/routes/auth/register.ts @@ -154,16 +154,18 @@ router.post("/", route({ body: "RegisterSchema" }), async (req: Request, res: Re }); } + if (!body.invite && (register.requireInvite || (register.guestsRequireInvite && !register.email))) { + // require invite to register -> e.g. for organizations to send invites to their employees + throw FieldErrors({ + email: { code: "INVITE_ONLY", message: req.t("auth:register.INVITE_ONLY") } + }); + } + const user = await User.register({ ...body, req }); if (body.invite) { // await to fail if the invite doesn't exist (necessary for requireInvite to work properly) (username only signups are possible) await Invite.joinGuild(user.id, body.invite); - } else if (register.requireInvite) { - // require invite to register -> e.g. for organizations to send invites to their employees - throw FieldErrors({ - email: { code: "INVITE_ONLY", message: req.t("auth:register.INVITE_ONLY") } - }); } return res.json({ token: await generateToken(user.id) }); diff --git a/util/src/entities/Config.ts b/util/src/entities/Config.ts index 921a12c2..813649ac 100644 --- a/util/src/entities/Config.ts +++ b/util/src/entities/Config.ts @@ -128,6 +128,7 @@ export interface ConfigValue { disabled: boolean; requireCaptcha: boolean; requireInvite: boolean; + guestsRequireInvite: boolean; allowNewRegistration: boolean; allowMultipleAccounts: boolean; blockProxies: boolean; @@ -277,6 +278,7 @@ export const DefaultConfigOptions: ConfigValue = { }, disabled: false, requireInvite: false, + guestsRequireInvite: true, requireCaptcha: true, allowNewRegistration: true, allowMultipleAccounts: true, From 37a2410526d5ed4e56edde26b16b5a351227ba60 Mon Sep 17 00:00:00 2001 From: Flam3rboy <34555296+Flam3rboy@users.noreply.github.com> Date: Sat, 9 Oct 2021 13:04:27 +0200 Subject: [PATCH 4/5] :bug: fix claim account --- api/src/routes/users/@me/index.ts | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/api/src/routes/users/@me/index.ts b/api/src/routes/users/@me/index.ts index c5f490d3..1959704a 100644 --- a/api/src/routes/users/@me/index.ts +++ b/api/src/routes/users/@me/index.ts @@ -33,12 +33,16 @@ router.patch("/", route({ body: "UserModifySchema" }), async (req: Request, res: if (body.avatar) body.avatar = await handleFile(`/avatars/${req.user_id}`, body.avatar as string); if (body.banner) body.banner = await handleFile(`/banners/${req.user_id}`, body.banner as string); - const user = await User.findOneOrFail({ where: { id: req.user_id }, select: PrivateUserProjection }); + const user = await User.findOneOrFail({ where: { id: req.user_id }, select: [...PrivateUserProjection, "data"] }); if (body.password) { - const same_password = await bcrypt.compare(body.password, user.data.hash || ""); - if (!same_password) { - throw FieldErrors({ password: { message: req.t("auth:login.INVALID_PASSWORD"), code: "INVALID_PASSWORD" } }); + if (user.data?.hash) { + const same_password = await bcrypt.compare(body.password, user.data.hash || ""); + if (!same_password) { + throw FieldErrors({ password: { message: req.t("auth:login.INVALID_PASSWORD"), code: "INVALID_PASSWORD" } }); + } + } else { + user.data.hash = await bcrypt.hash(body.password, 12); } } @@ -54,6 +58,10 @@ router.patch("/", route({ body: "UserModifySchema" }), async (req: Request, res: } await user.save(); + + // @ts-ignore + delete user.data; + // TODO: send update member list event in gateway await emitEvent({ event: "USER_UPDATE", From 77aab2bdd309ec3b0cc7663d83a56fc5459fdf42 Mon Sep 17 00:00:00 2001 From: Flam3rboy <34555296+Flam3rboy@users.noreply.github.com> Date: Sat, 9 Oct 2021 13:04:46 +0200 Subject: [PATCH 5/5] :art: do not auto guest register on login/register page --- api/client_test/index.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api/client_test/index.html b/api/client_test/index.html index fb2e0a2d..41d41598 100644 --- a/api/client_test/index.html +++ b/api/client_test/index.html @@ -47,7 +47,7 @@ // Auto register guest account: const token = JSON.parse(localStorage.getItem("token")); - if (!token) { + if (!token && location.pathname !== "/login" && location.pathname !== "/register") { fetch(`${window.GLOBAL_ENV.API_ENDPOINT}/auth/register`, { method: "POST", headers: { "content-type": "application/json" },