aiden
/
pixelfed
mirror of https://github.com/pixelfed/pixelfed
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
l10n_staging
staging
dev
shleeable-patch-1
groups
vue3
v0.1.9
v0.10.0
v0.10.1
v0.10.10
v0.10.2
v0.10.3
v0.10.4
v0.10.5
v0.10.6
v0.10.7
v0.10.8
v0.10.9
v0.11.0
v0.11.1
v0.11.10
v0.11.11
v0.11.12
v0.11.13
v0.11.2
v0.11.3
v0.11.4
v0.11.5
v0.11.6
v0.11.7
v0.11.8
v0.11.9
v0.12.0
v0.12.1
v0.12.2
v0.12.3
v0.12.4
v0.12.5
v0.5.9
v0.6.0
v0.6.1
v0.7.6
v0.8.0
v0.8.5
v0.8.6
v0.9.0
v0.9.4
v0.9.5
v0.9.6
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'ee01e073ef'
${ noResults }
pixelfed/app/Http/Controllers/AppRegisterController.php

202 lines
6.5 KiB
PHP
Raw Blame History

<?php
namespace App\Http\Controllers;
use App\Mail\InAppRegisterEmailVerify;
use App\Models\AppRegister;
use App\User;
use App\Util\Lexer\RestrictedNames;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\DB;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Facades\Mail;
use Purify;
class AppRegisterController extends Controller
{
public function index(Request $request)
{
abort_unless(config('auth.iar') == true, 404);
// $open = (bool) config_cache('pixelfed.open_registration');
// if(!$open || $request->user()) {
if ($request->user()) {
return redirect('/');
}
return view('auth.iar');
}
public function store(Request $request)
{
abort_unless(config('auth.iar') == true, 404);
$rules = [
'email' => 'required|email:rfc,dns,spoof,strict|unique:users,email|unique:app_registers,email',
];
if ((bool) config_cache('captcha.enabled') && (bool) config_cache('captcha.active.register')) {
$rules['h-captcha-response'] = 'required|captcha';
}
$this->validate($request, $rules);
$email = $request->input('email');
$code = str_pad(random_int(0, 999999), 6, '0', STR_PAD_LEFT);
$exists = AppRegister::whereEmail($email)->where('created_at', '>', now()->subHours(24))->count();
if ($exists && $exists > 3) {
$errorParams = http_build_query([
'status' => 'error',
'message' => 'Too many attempts, please try again later.',
]);
return redirect()->away("pixelfed://verifyEmail?{$errorParams}");
}
DB::beginTransaction();
$registration = AppRegister::create([
'email' => $email,
'verify_code' => $code,
'email_delivered_at' => now(),
]);
try {
Mail::to($email)->send(new InAppRegisterEmailVerify($code));
} catch (\Exception $e) {
DB::rollBack();
$errorParams = http_build_query([
'status' => 'error',
'message' => 'Failed to send verification code',
]);
return redirect()->away("pixelfed://verifyEmail?{$errorParams}");
}
DB::commit();
$queryParams = http_build_query([
'email' => $request->email,
'expires_in' => 3600,
'status' => 'success',
]);
return redirect()->away("pixelfed://verifyEmail?{$queryParams}");
}
public function verifyCode(Request $request)
{
abort_unless(config('auth.iar') == true, 404);
$this->validate($request, [
'email' => 'required|email:rfc,dns,spoof,strict|unique:users,email',
'verify_code' => ['required', 'digits:6', 'numeric'],
]);
$email = $request->input('email');
$code = $request->input('verify_code');
$exists = AppRegister::whereEmail($email)
->whereVerifyCode($code)
->where('created_at', '>', now()->subMinutes(60))
->exists();
return response()->json([
'status' => $exists ? 'success' : 'error',
]);
}
public function onboarding(Request $request)
{
abort_unless(config('auth.iar') == true, 404);
$this->validate($request, [
'email' => 'required|email:rfc,dns,spoof,strict|unique:users,email',
'verify_code' => ['required', 'digits:6', 'numeric'],
'username' => $this->validateUsernameRule(),
'name' => 'nullable|string|max:'.config('pixelfed.max_name_length'),
'password' => 'required|string|min:'.config('pixelfed.min_password_length'),
]);
$email = $request->input('email');
$code = $request->input('verify_code');
$username = $request->input('username');
$name = $request->input('name');
$password = $request->input('password');
$exists = AppRegister::whereEmail($email)
->whereVerifyCode($code)
->where('created_at', '>', now()->subMinutes(60))
->exists();
if (! $exists) {
return response()->json([
'status' => 'error',
'message' => 'Invalid verification code, please try again later.',
]);
}
$user = User::create([
'name' => Purify::clean($name),
'username' => $username,
'email' => $email,
'password' => Hash::make($password),
'app_register_ip' => request()->ip(),
'register_source' => 'app',
]);
sleep(10);
return response()->json([
'status' => 'success',
'auth_token' => $user->createToken('Pixelfed App')->plainTextToken,
]);
}
protected function validateUsernameRule()
{
return [
'required',
'min:2',
'max:30',
'unique:users',
function ($attribute, $value, $fail) {
$dash = substr_count($value, '-');
$underscore = substr_count($value, '_');
$period = substr_count($value, '.');
if (ends_with($value, ['.php', '.js', '.css'])) {
return $fail('Username is invalid.');
}
if (($dash + $underscore + $period) > 1) {
return $fail('Username is invalid. Can only contain one dash (-), period (.) or underscore (_).');
}
if (! ctype_alnum($value[0])) {
return $fail('Username is invalid. Must start with a letter or number.');
}
if (! ctype_alnum($value[strlen($value) - 1])) {
return $fail('Username is invalid. Must end with a letter or number.');
}
$val = str_replace(['_', '.', '-'], '', $value);
if (! ctype_alnum($val)) {
return $fail('Username is invalid. Username must be alpha-numeric and may contain dashes (-), periods (.) and underscores (_).');
}
if (! preg_match('/[a-zA-Z]/', $value)) {
return $fail('Username is invalid. Must contain at least one alphabetical character.');
}
$restricted = RestrictedNames::get();
if (in_array(strtolower($value), array_map('strtolower', $restricted))) {
return $fail('Username cannot be used.');
}
},
];
}
}
Reference in New Issue View Git Blame Copy Permalink