mirror of
https://github.com/toeverything/AFFiNE.git
synced 2026-07-19 02:56:23 +08:00
fix(server): do not allow registration through gql (#6775)
This commit is contained in:
@@ -1,7 +1,6 @@
|
||||
import { BadRequestException, ForbiddenException } from '@nestjs/common';
|
||||
import {
|
||||
Args,
|
||||
Context,
|
||||
Field,
|
||||
Mutation,
|
||||
ObjectType,
|
||||
@@ -10,7 +9,6 @@ import {
|
||||
ResolveField,
|
||||
Resolver,
|
||||
} from '@nestjs/graphql';
|
||||
import type { Request, Response } from 'express';
|
||||
|
||||
import { Config, SkipThrottle, Throttle } from '../../fundamentals';
|
||||
import { UserService } from '../user';
|
||||
@@ -79,39 +77,6 @@ export class AuthResolver {
|
||||
};
|
||||
}
|
||||
|
||||
@Public()
|
||||
@Mutation(() => UserType)
|
||||
async signUp(
|
||||
@Context() ctx: { req: Request; res: Response },
|
||||
@Args('name') name: string,
|
||||
@Args('email') email: string,
|
||||
@Args('password') password: string
|
||||
) {
|
||||
if (!this.config.auth.allowSignup) {
|
||||
throw new ForbiddenException('You are not allowed to sign up.');
|
||||
}
|
||||
|
||||
validators.assertValidCredential({ email, password });
|
||||
const user = await this.auth.signUp(name, email, password);
|
||||
await this.auth.setCookie(ctx.req, ctx.res, user);
|
||||
ctx.req.user = user;
|
||||
return user;
|
||||
}
|
||||
|
||||
@Public()
|
||||
@Mutation(() => UserType)
|
||||
async signIn(
|
||||
@Context() ctx: { req: Request; res: Response },
|
||||
@Args('email') email: string,
|
||||
@Args('password') password: string
|
||||
) {
|
||||
validators.assertValidEmail(email);
|
||||
const user = await this.auth.signIn(email, password);
|
||||
await this.auth.setCookie(ctx.req, ctx.res, user);
|
||||
ctx.req.user = user;
|
||||
return user;
|
||||
}
|
||||
|
||||
@Mutation(() => UserType)
|
||||
async changePassword(
|
||||
@CurrentUser() user: CurrentUser,
|
||||
|
||||
@@ -35,6 +35,7 @@ export class UserService {
|
||||
|
||||
async createUser(data: Prisma.UserCreateInput) {
|
||||
return this.prisma.user.create({
|
||||
select: this.defaultUserSelect,
|
||||
data: {
|
||||
...this.userCreatingData,
|
||||
...data,
|
||||
@@ -113,18 +114,32 @@ export class UserService {
|
||||
Pick<Prisma.UserCreateInput, 'emailVerifiedAt' | 'registered'>
|
||||
>
|
||||
) {
|
||||
return this.prisma.user.upsert({
|
||||
select: this.defaultUserSelect,
|
||||
where: {
|
||||
email,
|
||||
},
|
||||
update: data,
|
||||
create: {
|
||||
email,
|
||||
const user = await this.findUserByEmail(email);
|
||||
if (!user) {
|
||||
return this.createUser({
|
||||
...this.userCreatingData,
|
||||
email,
|
||||
name: email.split('@')[0],
|
||||
...data,
|
||||
},
|
||||
});
|
||||
});
|
||||
} else {
|
||||
if (user.registered) {
|
||||
delete data.registered;
|
||||
}
|
||||
if (user.emailVerifiedAt) {
|
||||
delete data.emailVerifiedAt;
|
||||
}
|
||||
|
||||
if (Object.keys(data).length) {
|
||||
return await this.prisma.user.update({
|
||||
select: this.defaultUserSelect,
|
||||
where: { id: user.id },
|
||||
data,
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
return user;
|
||||
}
|
||||
|
||||
async deleteUser(id: string) {
|
||||
|
||||
Reference in New Issue
Block a user