mirror of
https://github.com/toeverything/AFFiNE.git
synced 2024-11-26 02:51:57 +03:00
fix(server): do not allow registration through gql (#6775)
This commit is contained in:
forehalo
parent
4ea31cbb35
commit
d657f4091a
@ -1,7 +1,6 @@
|
||||
import { BadRequestException, ForbiddenException } from '@nestjs/common';
|
||||
import {
|
||||
Args,
|
||||
Context,
|
||||
Field,
|
||||
Mutation,
|
||||
ObjectType,
|
||||
@ -10,7 +9,6 @@ import {
|
||||
ResolveField,
|
||||
Resolver,
|
||||
} from '@nestjs/graphql';
|
||||
import type { Request, Response } from 'express';
|
||||
|
||||
import { Config, SkipThrottle, Throttle } from '../../fundamentals';
|
||||
import { UserService } from '../user';
|
||||
@ -79,39 +77,6 @@ export class AuthResolver {
|
||||
};
|
||||
}
|
||||
|
||||
@Public()
|
||||
@Mutation(() => UserType)
|
||||
async signUp(
|
||||
@Context() ctx: { req: Request; res: Response },
|
||||
@Args('name') name: string,
|
||||
@Args('email') email: string,
|
||||
@Args('password') password: string
|
||||
) {
|
||||
if (!this.config.auth.allowSignup) {
|
||||
throw new ForbiddenException('You are not allowed to sign up.');
|
||||
}
|
||||
|
||||
validators.assertValidCredential({ email, password });
|
||||
const user = await this.auth.signUp(name, email, password);
|
||||
await this.auth.setCookie(ctx.req, ctx.res, user);
|
||||
ctx.req.user = user;
|
||||
return user;
|
||||
}
|
||||
|
||||
@Public()
|
||||
@Mutation(() => UserType)
|
||||
async signIn(
|
||||
@Context() ctx: { req: Request; res: Response },
|
||||
@Args('email') email: string,
|
||||
@Args('password') password: string
|
||||
) {
|
||||
validators.assertValidEmail(email);
|
||||
const user = await this.auth.signIn(email, password);
|
||||
await this.auth.setCookie(ctx.req, ctx.res, user);
|
||||
ctx.req.user = user;
|
||||
return user;
|
||||
}
|
||||
|
||||
@Mutation(() => UserType)
|
||||
async changePassword(
|
||||
@CurrentUser() user: CurrentUser,
|
||||
|
||||
@ -35,6 +35,7 @@ export class UserService {
|
||||
|
||||
async createUser(data: Prisma.UserCreateInput) {
|
||||
return this.prisma.user.create({
|
||||
select: this.defaultUserSelect,
|
||||
data: {
|
||||
...this.userCreatingData,
|
||||
...data,
|
||||
@ -113,18 +114,32 @@ export class UserService {
|
||||
Pick<Prisma.UserCreateInput, 'emailVerifiedAt' | 'registered'>
|
||||
>
|
||||
) {
|
||||
return this.prisma.user.upsert({
|
||||
select: this.defaultUserSelect,
|
||||
where: {
|
||||
email,
|
||||
},
|
||||
update: data,
|
||||
create: {
|
||||
email,
|
||||
const user = await this.findUserByEmail(email);
|
||||
if (!user) {
|
||||
return this.createUser({
|
||||
...this.userCreatingData,
|
||||
email,
|
||||
name: email.split('@')[0],
|
||||
...data,
|
||||
},
|
||||
});
|
||||
});
|
||||
} else {
|
||||
if (user.registered) {
|
||||
delete data.registered;
|
||||
}
|
||||
if (user.emailVerifiedAt) {
|
||||
delete data.emailVerifiedAt;
|
||||
}
|
||||
|
||||
if (Object.keys(data).length) {
|
||||
return await this.prisma.user.update({
|
||||
select: this.defaultUserSelect,
|
||||
where: { id: user.id },
|
||||
data,
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
return user;
|
||||
}
|
||||
|
||||
async deleteUser(id: string) {
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
import type { INestApplication } from '@nestjs/common';
|
||||
import { PrismaClient } from '@prisma/client';
|
||||
import { hashSync } from '@node-rs/argon2';
|
||||
import request, { type Response } from 'supertest';
|
||||
|
||||
import {
|
||||
@ -7,7 +7,8 @@ import {
|
||||
type ClientTokenType,
|
||||
type CurrentUser,
|
||||
} from '../../src/core/auth';
|
||||
import type { UserType } from '../../src/core/user';
|
||||
import { sessionUser } from '../../src/core/auth/service';
|
||||
import { UserService, type UserType } from '../../src/core/user';
|
||||
import { gql } from './common';
|
||||
|
||||
export async function internalSignIn(app: INestApplication, userId: string) {
|
||||
@ -50,34 +51,18 @@ export async function signUp(
|
||||
password: string,
|
||||
autoVerifyEmail = true
|
||||
): Promise<UserType & { token: ClientTokenType }> {
|
||||
const res = await request(app.getHttpServer())
|
||||
.post(gql)
|
||||
.set({ 'x-request-id': 'test', 'x-operation-name': 'test' })
|
||||
.send({
|
||||
query: `
|
||||
mutation {
|
||||
signUp(name: "${name}", email: "${email}", password: "${password}") {
|
||||
id, name, email, token { token }
|
||||
}
|
||||
}
|
||||
`,
|
||||
})
|
||||
.expect(200);
|
||||
|
||||
if (autoVerifyEmail) {
|
||||
await setEmailVerified(app, email);
|
||||
}
|
||||
|
||||
return res.body.data.signUp;
|
||||
}
|
||||
|
||||
async function setEmailVerified(app: INestApplication, email: string) {
|
||||
await app.get(PrismaClient).user.update({
|
||||
where: { email },
|
||||
data: {
|
||||
emailVerifiedAt: new Date(),
|
||||
},
|
||||
const user = await app.get(UserService).createUser({
|
||||
name,
|
||||
email,
|
||||
password: hashSync(password),
|
||||
emailVerifiedAt: autoVerifyEmail ? new Date() : null,
|
||||
});
|
||||
const { sessionId } = await app.get(AuthService).createUserSession(user);
|
||||
|
||||
return {
|
||||
...sessionUser(user),
|
||||
token: { token: sessionId, refresh: '' },
|
||||
};
|
||||
}
|
||||
|
||||
export async function currentUser(app: INestApplication, token: string) {
|
||||
|
||||
Loading…
Reference in New Issue
Block a user