feat: improve email validation

2021-11-07 20:16:01 +09:00 · 2021-11-07 20:16:01 +09:00 · 68192126e6
commit 68192126e6
parent a28c515ef6
9 changed files with 188 additions and 26 deletions
--- a/src/server/api/endpoints/email-address/available.ts
+++ b/src/server/api/endpoints/email-address/available.ts
@ -1,6 +1,6 @@
 import $ from 'cafy';
 import define from '../../define';
-import { UserProfiles } from '@/models/index';
+import { validateEmailForAccount } from '@/services/validate-email-for-account';

 export const meta = {
 	tags: ['users'],
@ -20,18 +20,15 @@ export const meta = {
 			available: {
 				type: 'boolean' as const,
 				optional: false as const, nullable: false as const,
-			}
+			},
+			reason: {
+				type: 'string' as const,
+				optional: false as const, nullable: true as const,
+			},
 		}
 	}
 };

 export default define(meta, async (ps) => {
-	const exist = await UserProfiles.count({
-		emailVerified: true,
-		email: ps.emailAddress,
-	});
-
-	return {
-		available: exist === 0
-	};
+	return await validateEmailForAccount(ps.emailAddress);
 });
--- a/src/server/api/endpoints/i/update-email.ts
+++ b/src/server/api/endpoints/i/update-email.ts
@ -8,6 +8,7 @@ import * as bcrypt from 'bcryptjs';
 import { Users, UserProfiles } from '@/models/index';
 import { sendEmail } from '@/services/send-email';
 import { ApiError } from '../../error';
+import { validateEmailForAccount } from '@/services/validate-email-for-account';

 export const meta = {
 	requireCredential: true as const,
@ -35,6 +36,12 @@ export const meta = {
 			code: 'INCORRECT_PASSWORD',
 			id: 'e54c1d7e-e7d6-4103-86b6-0a95069b4ad3'
 		},
+
+		unavailable: {
+			message: 'Unavailable email address.',
+			code: 'UNAVAILABLE',
+			id: 'a2defefb-f220-8849-0af6-17f816099323'
+		},
 	}
 };

@ -48,6 +55,13 @@ export default define(meta, async (ps, user) => {
 		throw new ApiError(meta.errors.incorrectPassword);
 	}

+	if (ps.email != null) {
+		const available = await validateEmailForAccount(ps.email);
+		if (!available) {
+			throw new ApiError(meta.errors.unavailable);
+		}
+	}
+
 	await UserProfiles.update(user.id, {
 		email: ps.email,
 		emailVerified: false,
--- a/src/server/api/private/signup.ts
+++ b/src/server/api/private/signup.ts
@ -8,6 +8,7 @@ import { signup } from '../common/signup';
 import config from '@/config';
 import { sendEmail } from '@/services/send-email';
 import { genId } from '@/misc/gen-id';
+import { validateEmailForAccount } from '@/services/validate-email-for-account';

 export default async (ctx: Koa.Context) => {
 	const body = ctx.request.body;
@ -41,6 +42,12 @@ export default async (ctx: Koa.Context) => {
 			ctx.status = 400;
 			return;
 		}
+
+		const available = await validateEmailForAccount(emailAddress);
+		if (!available) {
+			ctx.status = 400;
+			return;
+		}
 	}

 	if (instance.disableRegistration) {