2023-05-24 14:19:46 +00:00
|
|
|
use crate::constants::StaticConstraints;
|
2023-05-26 15:55:19 +00:00
|
|
|
use crate::controllers::HttpResult;
|
|
|
|
use crate::services::rate_limiter_service::RatedAction;
|
|
|
|
use crate::services::{rate_limiter_service, users_service};
|
2023-05-24 14:19:46 +00:00
|
|
|
use actix_remote_ip::RemoteIP;
|
|
|
|
use actix_web::{web, HttpResponse};
|
|
|
|
|
|
|
|
#[derive(serde::Deserialize)]
|
|
|
|
pub struct CreateAccountBody {
|
|
|
|
name: String,
|
|
|
|
email: String,
|
|
|
|
}
|
|
|
|
|
|
|
|
/// Create a new account
|
2023-05-26 15:55:19 +00:00
|
|
|
pub async fn create_account(remote_ip: RemoteIP, req: web::Json<CreateAccountBody>) -> HttpResult {
|
|
|
|
// Rate limiting
|
|
|
|
if rate_limiter_service::should_block_action(remote_ip.0, RatedAction::CreateAccount).await? {
|
|
|
|
return Ok(HttpResponse::TooManyRequests().finish());
|
|
|
|
}
|
|
|
|
rate_limiter_service::record_action(remote_ip.0, RatedAction::CreateAccount).await?;
|
2023-05-24 14:19:46 +00:00
|
|
|
|
2023-05-25 07:22:49 +00:00
|
|
|
// Check if email is valid
|
|
|
|
if !mailchecker::is_valid(&req.email) {
|
|
|
|
return Ok(HttpResponse::BadRequest().json("Email address is invalid!"));
|
|
|
|
}
|
2023-05-24 14:19:46 +00:00
|
|
|
|
|
|
|
// Check parameters
|
|
|
|
let constraints = StaticConstraints::default();
|
|
|
|
if !constraints.user_name_len.validate(&req.name) || !constraints.mail_len.validate(&req.email)
|
|
|
|
{
|
|
|
|
return Ok(HttpResponse::BadRequest().json("Size constraints were not respected!"));
|
|
|
|
}
|
|
|
|
|
2023-05-31 09:06:58 +00:00
|
|
|
// Perform cleanup
|
|
|
|
users_service::delete_not_validated_accounts().await?;
|
|
|
|
|
2023-05-25 07:42:43 +00:00
|
|
|
// Check if email is already attached to an account
|
2023-05-26 15:55:19 +00:00
|
|
|
if users_service::exists_email(&req.email).await? {
|
|
|
|
return Ok(
|
|
|
|
HttpResponse::Conflict().json("An account with the same email address already exists!")
|
|
|
|
);
|
2023-05-25 07:42:43 +00:00
|
|
|
}
|
2023-05-24 14:19:46 +00:00
|
|
|
|
2023-05-25 07:42:43 +00:00
|
|
|
// Create the account
|
2023-05-30 13:12:58 +00:00
|
|
|
let mut user = users_service::create_account(&req.name, &req.email).await?;
|
2023-05-24 14:19:46 +00:00
|
|
|
|
2023-05-30 13:12:58 +00:00
|
|
|
// Trigger reset password (send mail)
|
|
|
|
users_service::request_reset_password(&mut user).await?;
|
|
|
|
|
2023-05-24 14:19:46 +00:00
|
|
|
// Account successfully created
|
|
|
|
Ok(HttpResponse::Created().finish())
|
|
|
|
}
|
2023-05-31 09:36:14 +00:00
|
|
|
|
|
|
|
#[derive(serde::Deserialize)]
|
|
|
|
pub struct CheckResetPasswordTokenBody {
|
|
|
|
token: String,
|
|
|
|
}
|
|
|
|
|
|
|
|
#[derive(serde::Serialize)]
|
|
|
|
pub struct CheckResetPasswordTokenResponse {
|
|
|
|
name: String,
|
|
|
|
}
|
|
|
|
|
|
|
|
/// Check reset password token
|
|
|
|
pub async fn check_reset_password_token(
|
|
|
|
remote_ip: RemoteIP,
|
|
|
|
req: web::Json<CheckResetPasswordTokenBody>,
|
|
|
|
) -> HttpResult {
|
|
|
|
// Rate limiting
|
|
|
|
if rate_limiter_service::should_block_action(
|
|
|
|
remote_ip.0,
|
|
|
|
RatedAction::CheckResetPasswordTokenFailed,
|
|
|
|
)
|
|
|
|
.await?
|
|
|
|
{
|
|
|
|
return Ok(HttpResponse::TooManyRequests().finish());
|
|
|
|
}
|
|
|
|
|
|
|
|
let user = match users_service::get_by_pwd_reset_token(&req.token).await {
|
|
|
|
Ok(t) => t,
|
|
|
|
Err(e) => {
|
|
|
|
rate_limiter_service::record_action(
|
|
|
|
remote_ip.0,
|
|
|
|
RatedAction::CheckResetPasswordTokenFailed,
|
|
|
|
)
|
|
|
|
.await?;
|
|
|
|
log::error!("Password reset token could not be used: {}", e);
|
|
|
|
return Ok(HttpResponse::NotFound().finish());
|
|
|
|
}
|
|
|
|
};
|
|
|
|
|
|
|
|
Ok(HttpResponse::Ok().json(CheckResetPasswordTokenResponse { name: user.name }))
|
|
|
|
}
|