12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394 |
- import express from 'express'
- import { body, param } from 'express-validator'
- import { toBooleanOrNull } from '@server/helpers/custom-validators/misc'
- import { HttpStatusCode } from '@shared/models'
- import { logger } from '../../helpers/logger'
- import { Redis } from '../../lib/redis'
- import { areValidationErrors, checkUserEmailExist, checkUserIdExist } from './shared'
- import { checkRegistrationEmailExist, checkRegistrationIdExist } from './shared/user-registrations'
- const usersAskSendVerifyEmailValidator = [
- body('email').isEmail().not().isEmpty().withMessage('Should have a valid email'),
- async (req: express.Request, res: express.Response, next: express.NextFunction) => {
- if (areValidationErrors(req, res)) return
- const [ userExists, registrationExists ] = await Promise.all([
- checkUserEmailExist(req.body.email, res, false),
- checkRegistrationEmailExist(req.body.email, res, false)
- ])
- if (!userExists && !registrationExists) {
- logger.debug('User or registration with email %s does not exist (asking verify email).', req.body.email)
- // Do not leak our emails
- return res.status(HttpStatusCode.NO_CONTENT_204).end()
- }
- if (res.locals.user?.pluginAuth) {
- return res.fail({
- status: HttpStatusCode.CONFLICT_409,
- message: 'Cannot ask verification email of a user that uses a plugin authentication.'
- })
- }
- return next()
- }
- ]
- const usersVerifyEmailValidator = [
- param('id')
- .isInt().not().isEmpty().withMessage('Should have a valid id'),
- body('verificationString')
- .not().isEmpty().withMessage('Should have a valid verification string'),
- body('isPendingEmail')
- .optional()
- .customSanitizer(toBooleanOrNull),
- async (req: express.Request, res: express.Response, next: express.NextFunction) => {
- if (areValidationErrors(req, res)) return
- if (!await checkUserIdExist(req.params.id, res)) return
- const user = res.locals.user
- const redisVerificationString = await Redis.Instance.getUserVerifyEmailLink(user.id)
- if (redisVerificationString !== req.body.verificationString) {
- return res.fail({ status: HttpStatusCode.FORBIDDEN_403, message: 'Invalid verification string.' })
- }
- return next()
- }
- ]
- // ---------------------------------------------------------------------------
- const registrationVerifyEmailValidator = [
- param('registrationId')
- .isInt().not().isEmpty().withMessage('Should have a valid registrationId'),
- body('verificationString')
- .not().isEmpty().withMessage('Should have a valid verification string'),
- async (req: express.Request, res: express.Response, next: express.NextFunction) => {
- if (areValidationErrors(req, res)) return
- if (!await checkRegistrationIdExist(req.params.registrationId, res)) return
- const registration = res.locals.userRegistration
- const redisVerificationString = await Redis.Instance.getRegistrationVerifyEmailLink(registration.id)
- if (redisVerificationString !== req.body.verificationString) {
- return res.fail({ status: HttpStatusCode.FORBIDDEN_403, message: 'Invalid verification string.' })
- }
- return next()
- }
- ]
- // ---------------------------------------------------------------------------
- export {
- usersAskSendVerifyEmailValidator,
- usersVerifyEmailValidator,
- registrationVerifyEmailValidator
- }
|