fix: 登録メール送信時に重複確認を行う (#10231)

* fix: 登録メール送信時に重複確認を行う

* try-catchを使う必要はない

* Remove spaces
This commit is contained in:
RyotaK 2023-03-09 12:57:34 +09:00 committed by GitHub
parent 4835f0fb43
commit a4ca127ebd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 19 additions and 6 deletions

View File

@ -2,7 +2,7 @@ import { Inject, Injectable } from '@nestjs/common';
import rndstr from 'rndstr';
import bcrypt from 'bcryptjs';
import { DI } from '@/di-symbols.js';
import type { RegistrationTicketsRepository, UserPendingsRepository, UserProfilesRepository, UsersRepository } from '@/models/index.js';
import type { RegistrationTicketsRepository, UsedUsernamesRepository, UserPendingsRepository, UserProfilesRepository, UsersRepository } from '@/models/index.js';
import type { Config } from '@/config.js';
import { MetaService } from '@/core/MetaService.js';
import { CaptchaService } from '@/core/CaptchaService.js';
@ -15,6 +15,7 @@ import { FastifyReplyError } from '@/misc/fastify-reply-error.js';
import { bindThis } from '@/decorators.js';
import { SigninService } from './SigninService.js';
import type { FastifyRequest, FastifyReply } from 'fastify';
import { IsNull } from 'typeorm';
@Injectable()
export class SignupApiService {
@ -31,6 +32,9 @@ export class SignupApiService {
@Inject(DI.userPendingsRepository)
private userPendingsRepository: UserPendingsRepository,
@Inject(DI.usedUsernamesRepository)
private usedUsernamesRepository: UsedUsernamesRepository,
@Inject(DI.registrationTicketsRepository)
private registrationTicketsRepository: RegistrationTicketsRepository,
@ -124,12 +128,21 @@ export class SignupApiService {
}
if (instance.emailRequiredForSignup) {
if (await this.usersRepository.findOneBy({ usernameLower: username.toLowerCase(), host: IsNull() })) {
throw new FastifyReplyError(400, 'DUPLICATED_USERNAME');
}
// Check deleted username duplication
if (await this.usedUsernamesRepository.findOneBy({ username: username.toLowerCase() })) {
throw new FastifyReplyError(400, 'USED_USERNAME');
}
const code = rndstr('a-z0-9', 16);
// Generate hash of password
const salt = await bcrypt.genSalt(8);
const hash = await bcrypt.hash(password, salt);
await this.userPendingsRepository.insert({
id: this.idService.genId(),
createdAt: new Date(),
@ -138,13 +151,13 @@ export class SignupApiService {
username: username,
password: hash,
});
const link = `${this.config.url}/signup-complete/${code}`;
this.emailService.sendEmail(emailAddress!, 'Signup',
`To complete signup, please click this link:<br><a href="${link}">${link}</a>`,
`To complete signup, please click this link: ${link}`);
reply.code(204);
return;
} else {