mirror/fosrl.pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2025-07-18 17:55:58 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

ability to disable email verification requirement

Browse source
This commit is contained in:
Milo Schwartz 2024-10-25 21:39:18 -04:00
parent 50e1a7abe1
commit 29b848fd5d
No known key found for this signature in database
7 changed files with 107 additions and 53 deletions
Download patch file Download diff file Expand all files Collapse all files

4
server/config.ts
View file

@ -118,5 +118,9 @@ process.env.NEXT_PUBLIC_INTERNAL_API_BASE_URL = new URL(
`http://${parsedConfig.data.server.internal_hostname}:${parsedConfig.data.server.external_port}` `http://${parsedConfig.data.server.internal_hostname}:${parsedConfig.data.server.external_port}`
).href; ).href;
process.env.NEXT_PUBLIC_APP_NAME = parsedConfig.data.app.name; process.env.NEXT_PUBLIC_APP_NAME = parsedConfig.data.app.name;
process.env.NEXT_PUBLIC_FLAGS_EMAIL_VERIFICATION_REQUIRED = parsedConfig.data
.flags?.require_email_verification
? "true"
: "false";
export default parsedConfig.data; export default parsedConfig.data;

12
server/middlewares/verifyUser.ts
View file

@ -6,11 +6,12 @@ import { users } from "@server/db/schema";
import { eq } from "drizzle-orm"; import { eq } from "drizzle-orm";
import createHttpError from "http-errors"; import createHttpError from "http-errors";
import HttpCode from "@server/types/HttpCode"; import HttpCode from "@server/types/HttpCode";
import config from "@server/config";
export const verifySessionUserMiddleware = async ( export const verifySessionUserMiddleware = async (
req: any, req: any,
res: Response<ErrorResponse>, res: Response<ErrorResponse>,
next: NextFunction, next: NextFunction
) => { ) => {
const { session, user } = await verifySession(req); const { session, user } = await verifySession(req);
if (!session || !user) { if (!session || !user) {
@ -24,16 +25,19 @@ export const verifySessionUserMiddleware = async (
if (!existingUser || !existingUser[0]) { if (!existingUser || !existingUser[0]) {
return next( return next(
createHttpError(HttpCode.BAD_REQUEST, "User does not exist"), createHttpError(HttpCode.BAD_REQUEST, "User does not exist")
); );
} }
req.user = existingUser[0]; req.user = existingUser[0];
req.session = session; req.session = session;
if (!existingUser[0].emailVerified) { if (
!existingUser[0].emailVerified &&
config.flags?.require_email_verification
) {
return next( return next(
createHttpError(HttpCode.BAD_REQUEST, "Email is not verified"), // Might need to change the response type? createHttpError(HttpCode.BAD_REQUEST, "Email is not verified") // Might need to change the response type?
); );
} }

32
server/routers/auth/login.ts
View file

@ -15,6 +15,7 @@ import createHttpError from "http-errors";
import { z } from "zod"; import { z } from "zod";
import { fromError } from "zod-validation-error"; import { fromError } from "zod-validation-error";
import { verifyTotpCode } from "@server/auth/2fa"; import { verifyTotpCode } from "@server/auth/2fa";
import config from "@server/config";
export const loginBodySchema = z.object({ export const loginBodySchema = z.object({
email: z.string().email(), email: z.string().email(),
@ -32,7 +33,7 @@ export type LoginResponse = {
export async function login( export async function login(
req: Request, req: Request,
res: Response, res: Response,
next: NextFunction, next: NextFunction
): Promise<any> { ): Promise<any> {
const parsedBody = loginBodySchema.safeParse(req.body); const parsedBody = loginBodySchema.safeParse(req.body);
@ -40,8 +41,8 @@ export async function login(
return next( return next(
createHttpError( createHttpError(
HttpCode.BAD_REQUEST, HttpCode.BAD_REQUEST,
fromError(parsedBody.error).toString(), fromError(parsedBody.error).toString()
), )
); );
} }
@ -67,8 +68,8 @@ export async function login(
return next( return next(
createHttpError( createHttpError(
HttpCode.BAD_REQUEST, HttpCode.BAD_REQUEST,
"Username or password is incorrect", "Username or password is incorrect"
), )
); );
} }
@ -82,14 +83,14 @@ export async function login(
timeCost: 2, timeCost: 2,
outputLen: 32, outputLen: 32,
parallelism: 1, parallelism: 1,
}, }
); );
if (!validPassword) { if (!validPassword) {
return next( return next(
createHttpError( createHttpError(
HttpCode.BAD_REQUEST, HttpCode.BAD_REQUEST,
"Username or password is incorrect", "Username or password is incorrect"
), )
); );
} }
@ -107,15 +108,15 @@ export async function login(
const validOTP = await verifyTotpCode( const validOTP = await verifyTotpCode(
code, code,
existingUser.twoFactorSecret!, existingUser.twoFactorSecret!,
existingUser.userId, existingUser.userId
); );
if (!validOTP) { if (!validOTP) {
return next( return next(
createHttpError( createHttpError(
HttpCode.BAD_REQUEST, HttpCode.BAD_REQUEST,
"The two-factor code you entered is incorrect", "The two-factor code you entered is incorrect"
), )
); );
} }
} }
@ -126,7 +127,10 @@ export async function login(
res.appendHeader("Set-Cookie", cookie); res.appendHeader("Set-Cookie", cookie);
if (!existingUser.emailVerified) { if (
!existingUser.emailVerified &&
config.flags?.require_email_verification
) {
return response<LoginResponse>(res, { return response<LoginResponse>(res, {
data: { emailVerificationRequired: true }, data: { emailVerificationRequired: true },
success: true, success: true,
@ -147,8 +151,8 @@ export async function login(
return next( return next(
createHttpError( createHttpError(
HttpCode.INTERNAL_SERVER_ERROR, HttpCode.INTERNAL_SERVER_ERROR,
"Failed to authenticate user", "Failed to authenticate user"
), )
); );
} }
} }

20
server/routers/auth/requestEmailVerificationCode.ts
View file

@ -4,6 +4,7 @@ import HttpCode from "@server/types/HttpCode";
import { response } from "@server/utils"; import { response } from "@server/utils";
import { User } from "@server/db/schema"; import { User } from "@server/db/schema";
import { sendEmailVerificationCode } from "./sendEmailVerificationCode"; import { sendEmailVerificationCode } from "./sendEmailVerificationCode";
import config from "@server/config";
export type RequestEmailVerificationCodeResponse = { export type RequestEmailVerificationCodeResponse = {
codeSent: boolean; codeSent: boolean;
@ -12,8 +13,17 @@ export type RequestEmailVerificationCodeResponse = {
export async function requestEmailVerificationCode( export async function requestEmailVerificationCode(
req: Request, req: Request,
res: Response, res: Response,
next: NextFunction, next: NextFunction
): Promise<any> { ): Promise<any> {
if (!config.flags?.require_email_verification) {
return next(
createHttpError(
HttpCode.BAD_REQUEST,
"Email verification is not enabled"
)
);
}
try { try {
const user = req.user as User; const user = req.user as User;
@ -21,8 +31,8 @@ export async function requestEmailVerificationCode(
return next( return next(
createHttpError( createHttpError(
HttpCode.BAD_REQUEST, HttpCode.BAD_REQUEST,
"Email is already verified", "Email is already verified"
), )
); );
} }
@ -41,8 +51,8 @@ export async function requestEmailVerificationCode(
return next( return next(
createHttpError( createHttpError(
HttpCode.INTERNAL_SERVER_ERROR, HttpCode.INTERNAL_SERVER_ERROR,
"Failed to send email verification code", "Failed to send email verification code"
), )
); );
} }
} }

54
server/routers/auth/signup.ts
View file

@ -19,6 +19,7 @@ import {
serializeSessionCookie, serializeSessionCookie,
} from "@server/auth"; } from "@server/auth";
import { ActionsEnum } from "@server/auth/actions"; import { ActionsEnum } from "@server/auth/actions";
import config from "@server/config";
export const signupBodySchema = z.object({ export const signupBodySchema = z.object({
email: z.string().email(), email: z.string().email(),
@ -28,13 +29,13 @@ export const signupBodySchema = z.object({
export type SignUpBody = z.infer<typeof signupBodySchema>; export type SignUpBody = z.infer<typeof signupBodySchema>;
export type SignUpResponse = { export type SignUpResponse = {
emailVerificationRequired: boolean; emailVerificationRequired?: boolean;
}; };
export async function signup( export async function signup(
req: Request, req: Request,
res: Response, res: Response,
next: NextFunction, next: NextFunction
): Promise<any> { ): Promise<any> {
const parsedBody = signupBodySchema.safeParse(req.body); const parsedBody = signupBodySchema.safeParse(req.body);
@ -42,8 +43,8 @@ export async function signup(
return next( return next(
createHttpError( createHttpError(
HttpCode.BAD_REQUEST, HttpCode.BAD_REQUEST,
fromError(parsedBody.error).toString(), fromError(parsedBody.error).toString()
), )
); );
} }
@ -64,6 +65,15 @@ export async function signup(
.where(eq(users.email, email)); .where(eq(users.email, email));
if (existing && existing.length > 0) { if (existing && existing.length > 0) {
if (!config.flags?.require_email_verification) {
return next(
createHttpError(
HttpCode.BAD_REQUEST,
"A user with that email address already exists"
)
);
}
const user = existing[0]; const user = existing[0];
// If the user is already verified, we don't want to create a new user // If the user is already verified, we don't want to create a new user
@ -71,8 +81,8 @@ export async function signup(
return next( return next(
createHttpError( createHttpError(
HttpCode.BAD_REQUEST, HttpCode.BAD_REQUEST,
"A user with that email address already exists", "A user with that email address already exists"
), )
); );
} }
@ -85,8 +95,8 @@ export async function signup(
return next( return next(
createHttpError( createHttpError(
HttpCode.BAD_REQUEST, HttpCode.BAD_REQUEST,
"A verification email was already sent to this email address. Please check your email for the verification code.", "A verification email was already sent to this email address. Please check your email for the verification code."
), )
); );
} else { } else {
// If the user was created more than 2 hours ago, we want to delete the old user and create a new one // If the user was created more than 2 hours ago, we want to delete the old user and create a new one
@ -113,15 +123,25 @@ export async function signup(
const cookie = serializeSessionCookie(token); const cookie = serializeSessionCookie(token);
res.appendHeader("Set-Cookie", cookie); res.appendHeader("Set-Cookie", cookie);
sendEmailVerificationCode(email, userId); if (config.flags?.require_email_verification) {
sendEmailVerificationCode(email, userId);
return response<SignUpResponse>(res, {
data: {
emailVerificationRequired: true,
},
success: true,
error: false,
message: `User created successfully. We sent an email to ${email} with a verification code.`,
status: HttpCode.OK,
});
}
return response<SignUpResponse>(res, { return response<SignUpResponse>(res, {
data: { data: {},
emailVerificationRequired: true,
},
success: true, success: true,
error: false, error: false,
message: `User created successfully. We sent an email to ${email} with a verification code.`, message: "User created successfully",
status: HttpCode.OK, status: HttpCode.OK,
}); });
} catch (e) { } catch (e) {
@ -129,15 +149,15 @@ export async function signup(
return next( return next(
createHttpError( createHttpError(
HttpCode.BAD_REQUEST, HttpCode.BAD_REQUEST,
"A user with that email address already exists", "A user with that email address already exists"
), )
); );
} else { } else {
return next( return next(
createHttpError( createHttpError(
HttpCode.INTERNAL_SERVER_ERROR, HttpCode.INTERNAL_SERVER_ERROR,
"Failed to create user", "Failed to create user"
), )
); );
} }
} }

26
server/routers/auth/verifyEmail.ts
View file

@ -8,6 +8,7 @@ import { db } from "@server/db";
import { User, emailVerificationCodes, users } from "@server/db/schema"; import { User, emailVerificationCodes, users } from "@server/db/schema";
import { eq } from "drizzle-orm"; import { eq } from "drizzle-orm";
import { isWithinExpirationDate } from "oslo"; import { isWithinExpirationDate } from "oslo";
import config from "@server/config";
export const verifyEmailBody = z.object({ export const verifyEmailBody = z.object({
code: z.string(), code: z.string(),
@ -22,16 +23,25 @@ export type VerifyEmailResponse = {
export async function verifyEmail( export async function verifyEmail(
req: Request, req: Request,
res: Response, res: Response,
next: NextFunction, next: NextFunction
): Promise<any> { ): Promise<any> {
if (!config.flags?.require_email_verification) {
return next(
createHttpError(
HttpCode.BAD_REQUEST,
"Email verification is not enabled"
)
);
}
const parsedBody = verifyEmailBody.safeParse(req.body); const parsedBody = verifyEmailBody.safeParse(req.body);
if (!parsedBody.success) { if (!parsedBody.success) {
return next( return next(
createHttpError( createHttpError(
HttpCode.BAD_REQUEST, HttpCode.BAD_REQUEST,
fromError(parsedBody.error).toString(), fromError(parsedBody.error).toString()
), )
); );
} }
@ -41,7 +51,7 @@ export async function verifyEmail(
if (user.emailVerified) { if (user.emailVerified) {
return next( return next(
createHttpError(HttpCode.BAD_REQUEST, "Email is already verified"), createHttpError(HttpCode.BAD_REQUEST, "Email is already verified")
); );
} }
@ -63,8 +73,8 @@ export async function verifyEmail(
return next( return next(
createHttpError( createHttpError(
HttpCode.BAD_REQUEST, HttpCode.BAD_REQUEST,
"Invalid verification code", "Invalid verification code"
), )
); );
} }
@ -81,8 +91,8 @@ export async function verifyEmail(
return next( return next(
createHttpError( createHttpError(
HttpCode.INTERNAL_SERVER_ERROR, HttpCode.INTERNAL_SERVER_ERROR,
"Failed to verify email", "Failed to verify email"
), )
); );
} }
} }

10
src/app/auth/verify-email/page.tsx
View file

@ -2,11 +2,13 @@ import VerifyEmailForm from "@app/app/auth/verify-email/VerifyEmailForm";
import { verifySession } from "@app/lib/auth/verifySession"; import { verifySession } from "@app/lib/auth/verifySession";
import { redirect } from "next/navigation"; import { redirect } from "next/navigation";
export default async function Page( export default async function Page(props: {
props: { searchParams: Promise<{ [key: string]: string | string[] | undefined }>;
searchParams: Promise<{ [key: string]: string | string[] | undefined }>; }) {
if (!process.env.NEXT_PUBLIC_FLAGS_EMAIL_VERIFICATION_REQUIRED) {
redirect("/");
} }
) {
const searchParams = await props.searchParams; const searchParams = await props.searchParams;
const user = await verifySession(); const user = await verifySession();