fix(server): do not allow registration through gql (#6775)

This commit is contained in:
forehalo
2024-05-06 11:11:56 +00:00
parent 4ea31cbb35
commit d657f4091a
3 changed files with 39 additions and 74 deletions
@@ -1,7 +1,6 @@
import { BadRequestException, ForbiddenException } from '@nestjs/common';
import {
Args,
Context,
Field,
Mutation,
ObjectType,
@@ -10,7 +9,6 @@ import {
ResolveField,
Resolver,
} from '@nestjs/graphql';
import type { Request, Response } from 'express';
import { Config, SkipThrottle, Throttle } from '../../fundamentals';
import { UserService } from '../user';
@@ -79,39 +77,6 @@ export class AuthResolver {
};
}
@Public()
@Mutation(() => UserType)
async signUp(
@Context() ctx: { req: Request; res: Response },
@Args('name') name: string,
@Args('email') email: string,
@Args('password') password: string
) {
if (!this.config.auth.allowSignup) {
throw new ForbiddenException('You are not allowed to sign up.');
}
validators.assertValidCredential({ email, password });
const user = await this.auth.signUp(name, email, password);
await this.auth.setCookie(ctx.req, ctx.res, user);
ctx.req.user = user;
return user;
}
@Public()
@Mutation(() => UserType)
async signIn(
@Context() ctx: { req: Request; res: Response },
@Args('email') email: string,
@Args('password') password: string
) {
validators.assertValidEmail(email);
const user = await this.auth.signIn(email, password);
await this.auth.setCookie(ctx.req, ctx.res, user);
ctx.req.user = user;
return user;
}
@Mutation(() => UserType)
async changePassword(
@CurrentUser() user: CurrentUser,
@@ -35,6 +35,7 @@ export class UserService {
async createUser(data: Prisma.UserCreateInput) {
return this.prisma.user.create({
select: this.defaultUserSelect,
data: {
...this.userCreatingData,
...data,
@@ -113,18 +114,32 @@ export class UserService {
Pick<Prisma.UserCreateInput, 'emailVerifiedAt' | 'registered'>
>
) {
return this.prisma.user.upsert({
select: this.defaultUserSelect,
where: {
email,
},
update: data,
create: {
email,
const user = await this.findUserByEmail(email);
if (!user) {
return this.createUser({
...this.userCreatingData,
email,
name: email.split('@')[0],
...data,
},
});
});
} else {
if (user.registered) {
delete data.registered;
}
if (user.emailVerifiedAt) {
delete data.emailVerifiedAt;
}
if (Object.keys(data).length) {
return await this.prisma.user.update({
select: this.defaultUserSelect,
where: { id: user.id },
data,
});
}
}
return user;
}
async deleteUser(id: string) {