From d4a83cb44dc98fe78f9061408137a43049344b1d Mon Sep 17 00:00:00 2001 From: Akshay Date: Fri, 15 Nov 2024 20:14:41 +0000 Subject: add invite system --- src/invite.js | 37 +++++++++++++++++++++++++++++++++++++ src/public/styles.css | 7 +++++++ src/routes/index.js | 13 ++++++++++--- src/views/register.pug | 8 ++++++-- 4 files changed, 60 insertions(+), 5 deletions(-) create mode 100644 src/invite.js (limited to 'src') diff --git a/src/invite.js b/src/invite.js new file mode 100644 index 0000000..0f6624c --- /dev/null +++ b/src/invite.js @@ -0,0 +1,37 @@ +const { db } = require("./db"); + +const validateInviteToken = async (req, res, next) => { + const token = req.query.token; + + if (!token) { + return res.render("register", { + message: "this instance requires an invite", + isDisabled: true, + }); + } + + const invite = db + .query("SELECT * FROM invites WHERE token = $token AND usedAt IS null") + .get({ token }); + + if (!invite) { + return res.render("register", { + message: "this invite token is invalid", + isDisabled: true, + }); + } + + if (invite.usedAt) { + return res.render("register", { + message: "this invite has been claimed", + isDisabled: true, + }); + } + + req.invite = invite; + next(); +}; + +module.exports = { + validateInviteToken, +}; diff --git a/src/public/styles.css b/src/public/styles.css index 0a0a2e2..523e81b 100644 --- a/src/public/styles.css +++ b/src/public/styles.css @@ -491,6 +491,13 @@ form input[type="submit"]:hover { color: var(--bg-color); } +.submit-button button:disabled { + width: 100%; + padding: 12px; + background-color: var(--bg-color-muted); + color: var(--text-color-muted); +} + .register-error-message { flex-flow: row wrap; color: var(--error-text-color); diff --git a/src/routes/index.js b/src/routes/index.js index 1141009..8529595 100644 --- a/src/routes/index.js +++ b/src/routes/index.js @@ -6,6 +6,7 @@ const geddit = require("../geddit.js"); const { JWT_KEY } = require("../"); const { db } = require("../db"); const { authenticateToken } = require("../auth"); +const { validateInviteToken } = require("../invite"); const router = express.Router(); const G = new geddit.Geddit(); @@ -113,11 +114,11 @@ router.get("/media/*", authenticateToken, async (req, res) => { res.render("media", { kind, url }); }); -router.get("/register", async (req, res) => { - res.render("register"); +router.get("/register", validateInviteToken, async (req, res) => { + res.render("register", { isDisabled: false, token: req.query.token }); }); -router.post("/register", async (req, res) => { +router.post("/register", validateInviteToken, async (req, res) => { const { username, password, confirm_password } = req.body; if (!username || !password || !confirm_password) { @@ -141,6 +142,11 @@ router.post("/register", async (req, res) => { try { const hashedPassword = await Bun.password.hash(password); + + db.query("UPDATE invites SET usedAt = CURRENT_TIMESTAMP WHERE id = $id", { + id: req.invite.id, + }); + const insertedRecord = db .query( "INSERT INTO users (username, password_hash) VALUES ($username, $hashedPassword)", @@ -159,6 +165,7 @@ router.post("/register", async (req, res) => { }) .redirect("/"); } catch (err) { + console.log(err); return res.render("register", { message: "error registering user, try again later", }); diff --git a/src/views/register.pug b/src/views/register.pug index 22bca48..bb43a72 100644 --- a/src/views/register.pug +++ b/src/views/register.pug @@ -1,5 +1,6 @@ include ../mixins/head +- var action = "/register" + (token?`?token=${token}`:'') doctype html html +head("register") @@ -9,7 +10,7 @@ html if message div.register-error-message | #{message} - form(action="/register" method="post") + form(action=`${action}` method="post") div.input-text label(for="username") username input(type="text" name="username" required) @@ -20,7 +21,10 @@ html label(for="confirm_password") confirm password input(type="password" name="confirm_password" required) div.submit-button - button(type="submit") register + if isDisabled + button(type="submit" disabled) register'nt :( + else + button(type="submit") register div p | already have an account?  -- cgit v1.2.3