slate/pages/api/users/create.js

import * as Environment from "~/node_common/environment";
import * as Data from "~/node_common/data";
import * as Utilities from "~/node_common/utilities";
import * as SlateManager from "~/node_common/managers/slate";
import * as LibraryManager from "~/node_common/managers/library";
import * as Monitor from "~/node_common/monitor";
import * as Validations from "~/common/validations";
import * as Strings from "~/common/strings";

import BCrypt from "bcrypt";

import { PrivateKey } from "@textile/hub";

export default async (req, res) => {
  if (!Strings.isEmpty(Environment.ALLOWED_HOST) && req.headers.host !== Environment.ALLOWED_HOST) {
    return res.status(403).send({ decorator: "YOU_ARE_NOT_ALLOWED", error: true });
  }

  if (Strings.isEmpty(req.body.data.accepted)) {
    return res.status(403).send({ decorator: "YOU_MUST_ACCEPT_TERMS", error: true });
  }

  const existing = await Data.getUserByUsername({
    username: req.body.data.username,
  });

  if (existing) {
    return res.status(403).send({ decorator: "SERVER_EXISTING_USER_ALREADY", error: true });
  }

  if (!Validations.username(req.body.data.username)) {
    return res.status(500).send({ decorator: "SERVER_INVALID_USERNAME", error: true });
  }

  if (!Validations.password(req.body.data.password)) {
    return res.status(500).send({ decorator: "SERVER_INVALID_PASSWORD", error: true });
  }

  const rounds = Number(Environment.LOCAL_PASSWORD_ROUNDS);
  const salt = await BCrypt.genSalt(rounds);
  const hash = await Utilities.encryptPassword(req.body.data.password, salt);

  // TODO(jim):
  // Single Key Textile Auth.
  const identity = await PrivateKey.fromRandom();
  const api = identity.toString();

  // TODO(jim):
  // Don't do this once you refactor.
  const newUsername = req.body.data.username.toLowerCase();

  const { buckets, bucketKey, bucketName } = await Utilities.getBucketAPIFromUserToken({
    user: {
      username: newUsername,
      data: { tokens: { api } },
    },
  });

  if (!buckets) {
    return res.status(500).send({ decorator: "SERVER_BUCKET_INIT_FAILURE", error: true });
  }

  const photo = await SlateManager.getRandomSlateElementURL({
    id: Environment.AVATAR_SLATE_ID,
    fallback:
      "https://slate.textile.io/ipfs/bafkreick3nscgixwfpq736forz7kzxvvhuej6kszevpsgmcubyhsx2pf7i",
  });

  const user = await Data.createUser({
    password: hash,
    salt,
    username: newUsername,
    data: {
      photo,
      body: "",
      settings_deals_auto_approve: false,
      allow_filecoin_directory_listing: false,
      allow_automatic_data_storage: true,
      allow_encrypted_data_storage: true,
      tokens: { api },
      library: LibraryManager.init({ bucketName, readableName: "Data" }),
    },
  });

  if (!user) {
    return res.status(404).send({ decorator: "SERVER_USER_CREATE_USER_NOT_FOUND", error: true });
  }

  if (user.error) {
    return res.status(500).send({ decorator: "SERVER_USER_CREATE_USER_NOT_FOUND", error: true });
  }

  Monitor.createUser({
    userId: user.id,
    data: {
      actorUserId: user.id,
      context: {
        username: user.username,
      },
    },
  });

  return res.status(200).send({
    decorator: "SERVER_USER_CREATE",
    user: { username: user.username, id: user.id },
  });
};
reset password: loading states for edit account and sign in, adds reset password, adds validations to protect against light malice 2020-07-23 11:57:44 +03:00			`import * as Environment from "~/node_common/environment";`
postgres: user accounts, migration scripts, api route rewrite, stopping point 2020-07-17 13:24:20 +03:00			`import * as Data from "~/node_common/data";`
authentication: adds user auth concept, sign out, and adds 3 images to a bucket upon user creation 2020-07-21 14:36:50 +03:00			`import * as Utilities from "~/node_common/utilities";`
added randomized avatar function 2020-10-06 01:33:37 +03:00			`import * as SlateManager from "~/node_common/managers/slate";`
library: refactor to support adding slates soon 2020-07-24 06:09:58 +03:00			`import * as LibraryManager from "~/node_common/managers/library";`
Lands early version of activity/analytics categories 2020-11-16 11:07:11 +03:00			`import * as Monitor from "~/node_common/monitor";`
library: refactor to support adding slates soon 2020-07-24 06:09:58 +03:00			`import * as Validations from "~/common/validations";`
wrong import 2020-10-29 21:44:03 +03:00			`import * as Strings from "~/common/strings";`
postgres: user accounts, migration scripts, api route rewrite, stopping point 2020-07-17 13:24:20 +03:00
			`import BCrypt from "bcrypt";`

fix(hub): update hub cli lib and use new crypto ident class Signed-off-by: Andrew Hill <andrew@textile.io> 2020-08-19 23:44:53 +03:00			`import { PrivateKey } from "@textile/hub";`
postgres: user accounts, migration scripts, api route rewrite, stopping point 2020-07-17 13:24:20 +03:00
			`export default async (req, res) => {`
enforces an allowed host 2020-10-29 21:39:40 +03:00			`if (!Strings.isEmpty(Environment.ALLOWED_HOST) && req.headers.host !== Environment.ALLOWED_HOST) {`
			`return res.status(403).send({ decorator: "YOU_ARE_NOT_ALLOWED", error: true });`
			`}`

a flow that will expose how you are spamming account creation 2020-10-29 22:48:45 +03:00			`if (Strings.isEmpty(req.body.data.accepted)) {`
			`return res.status(403).send({ decorator: "YOU_MUST_ACCEPT_TERMS", error: true });`
			`}`

sign-in: end to end allowing creation of any account 2020-07-22 08:53:29 +03:00			`const existing = await Data.getUserByUsername({`
			`username: req.body.data.username,`
			`});`

			`if (existing) {`
slate layout resize and move functions 2020-10-05 00:30:28 +03:00			`return res.status(403).send({ decorator: "SERVER_EXISTING_USER_ALREADY", error: true });`
sign-in: end to end allowing creation of any account 2020-07-22 08:53:29 +03:00			`}`

reset password: loading states for edit account and sign in, adds reset password, adds validations to protect against light malice 2020-07-23 11:57:44 +03:00			`if (!Validations.username(req.body.data.username)) {`
slate layout resize and move functions 2020-10-05 00:30:28 +03:00			`return res.status(500).send({ decorator: "SERVER_INVALID_USERNAME", error: true });`
postgres: user accounts, migration scripts, api route rewrite, stopping point 2020-07-17 13:24:20 +03:00			`}`

reset password: loading states for edit account and sign in, adds reset password, adds validations to protect against light malice 2020-07-23 11:57:44 +03:00			`if (!Validations.password(req.body.data.password)) {`
slate layout resize and move functions 2020-10-05 00:30:28 +03:00			`return res.status(500).send({ decorator: "SERVER_INVALID_PASSWORD", error: true });`
postgres: user accounts, migration scripts, api route rewrite, stopping point 2020-07-17 13:24:20 +03:00			`}`

authentication: adds new secrets 2020-08-11 08:15:39 +03:00			`const rounds = Number(Environment.LOCAL_PASSWORD_ROUNDS);`
			`const salt = await BCrypt.genSalt(rounds);`
			`const hash = await Utilities.encryptPassword(req.body.data.password, salt);`
postgres: user accounts, migration scripts, api route rewrite, stopping point 2020-07-17 13:24:20 +03:00
authentication: adds new secrets 2020-08-11 08:15:39 +03:00			`// TODO(jim):`
			`// Single Key Textile Auth.`
fix(hub): update hub cli lib and use new crypto ident class Signed-off-by: Andrew Hill <andrew@textile.io> 2020-08-19 23:44:53 +03:00			`const identity = await PrivateKey.fromRandom();`
postgres: user accounts, migration scripts, api route rewrite, stopping point 2020-07-17 13:24:20 +03:00			`const api = identity.toString();`

authentication: adds user auth concept, sign out, and adds 3 images to a bucket upon user creation 2020-07-21 14:36:50 +03:00			`// TODO(jim):`
			`// Don't do this once you refactor.`
guards every single textile call and provides concise reporting at each callsite 2020-09-22 03:36:45 +03:00			`const newUsername = req.body.data.username.toLowerCase();`

slate layout resize and move functions 2020-10-05 00:30:28 +03:00			`const { buckets, bucketKey, bucketName } = await Utilities.getBucketAPIFromUserToken({`
new bucket for deal making 2020-09-23 12:46:59 +03:00			`user: {`
			`username: newUsername,`
			`data: { tokens: { api } },`
			`},`
guards every single textile call and provides concise reporting at each callsite 2020-09-22 03:36:45 +03:00			`});`
authentication: adds user auth concept, sign out, and adds 3 images to a bucket upon user creation 2020-07-21 14:36:50 +03:00
buckets: elegant failure modes for bucket getOrCreate failures 2020-09-22 10:01:48 +03:00			`if (!buckets) {`
slate layout resize and move functions 2020-10-05 00:30:28 +03:00			`return res.status(500).send({ decorator: "SERVER_BUCKET_INIT_FAILURE", error: true });`
buckets: elegant failure modes for bucket getOrCreate failures 2020-09-22 10:01:48 +03:00			`}`

patches: fixes some issues with getRandomSlateElementURL 2020-10-06 02:39:43 +03:00			`const photo = await SlateManager.getRandomSlateElementURL({`
			`id: Environment.AVATAR_SLATE_ID,`
			`fallback:`
			`"https://slate.textile.io/ipfs/bafkreick3nscgixwfpq736forz7kzxvvhuej6kszevpsgmcubyhsx2pf7i",`
			`});`

postgres: user accounts, migration scripts, api route rewrite, stopping point 2020-07-17 13:24:20 +03:00			`const user = await Data.createUser({`
authentication: adds new secrets 2020-08-11 08:15:39 +03:00			`password: hash,`
postgres: user accounts, migration scripts, api route rewrite, stopping point 2020-07-17 13:24:20 +03:00			`salt,`
guards every single textile call and provides concise reporting at each callsite 2020-09-22 03:36:45 +03:00			`username: newUsername,`
authentication: adds user auth concept, sign out, and adds 3 images to a bucket upon user creation 2020-07-21 14:36:50 +03:00			`data: {`
patches: fixes some issues with getRandomSlateElementURL 2020-10-06 02:39:43 +03:00			`photo,`
slate layout resize and move functions 2020-10-05 00:30:28 +03:00			`body: "",`
user profiels: lands user profile function and fixes settings, user modeling 2020-07-22 10:41:29 +03:00			`settings_deals_auto_approve: false,`
settings: directory option 2020-09-29 00:30:12 +03:00			`allow_filecoin_directory_listing: false,`
all bucket deals are off cloned buckets, either open or encrypted based on user settings, user defaults are not to participate in automatic storage 2020-09-28 20:48:44 +03:00			`allow_automatic_data_storage: true,`
			`allow_encrypted_data_storage: true,`
sign-up: fixes account creation 2020-08-24 09:50:52 +03:00			`tokens: { api },`
filecoin: cold storage supported, and many small bugfixes 2020-07-24 10:45:21 +03:00			`library: LibraryManager.init({ bucketName, readableName: "Data" }),`
authentication: adds user auth concept, sign out, and adds 3 images to a bucket upon user creation 2020-07-21 14:36:50 +03:00			`},`
postgres: user accounts, migration scripts, api route rewrite, stopping point 2020-07-17 13:24:20 +03:00			`});`

			`if (!user) {`
slate layout resize and move functions 2020-10-05 00:30:28 +03:00			`return res.status(404).send({ decorator: "SERVER_USER_CREATE_USER_NOT_FOUND", error: true });`
postgres: user accounts, migration scripts, api route rewrite, stopping point 2020-07-17 13:24:20 +03:00			`}`

			`if (user.error) {`
slate layout resize and move functions 2020-10-05 00:30:28 +03:00			`return res.status(500).send({ decorator: "SERVER_USER_CREATE_USER_NOT_FOUND", error: true });`
postgres: user accounts, migration scripts, api route rewrite, stopping point 2020-07-17 13:24:20 +03:00			`}`

Lands early version of activity/analytics categories 2020-11-16 11:07:11 +03:00			`Monitor.createUser({`
			`userId: user.id,`
			`data: {`
			`actorUserId: user.id,`
			`context: {`
			`username: user.username,`
			`},`
			`},`
			`});`
social: slack messages to fil-slate-social whenever an account is created or a user creates a slate 2020-09-11 06:28:23 +03:00
endpints: strips header conflicts and removes all middleware 2020-09-03 03:21:29 +03:00			`return res.status(200).send({`
postgres: user accounts, migration scripts, api route rewrite, stopping point 2020-07-17 13:24:20 +03:00			`decorator: "SERVER_USER_CREATE",`
models: moves from username checks to id checks because users change usernames 2020-07-22 13:51:40 +03:00			`user: { username: user.username, id: user.id },`
postgres: user accounts, migration scripts, api route rewrite, stopping point 2020-07-17 13:24:20 +03:00			`});`
			`};`