fix: 登録メール送信時に重複確認を行う (#10231)

* fix: 登録メール送信時に重複確認を行う

* try-catchを使う必要はない

* Remove spaces
This commit is contained in:
RyotaK 2023-03-09 12:57:34 +09:00 committed by GitHub
parent 4835f0fb43
commit a4ca127ebd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 19 additions and 6 deletions

View File

@ -2,7 +2,7 @@ import { Inject, Injectable } from '@nestjs/common';
import rndstr from 'rndstr';
import bcrypt from 'bcryptjs';
import { DI } from '@/di-symbols.js';
import type { RegistrationTicketsRepository, UserPendingsRepository, UserProfilesRepository, UsersRepository } from '@/models/index.js';
import type { RegistrationTicketsRepository, UsedUsernamesRepository, UserPendingsRepository, UserProfilesRepository, UsersRepository } from '@/models/index.js';
import type { Config } from '@/config.js';
import { MetaService } from '@/core/MetaService.js';
import { CaptchaService } from '@/core/CaptchaService.js';
@ -15,6 +15,7 @@ import { FastifyReplyError } from '@/misc/fastify-reply-error.js';
import { bindThis } from '@/decorators.js';
import { SigninService } from './SigninService.js';
import type { FastifyRequest, FastifyReply } from 'fastify';
import { IsNull } from 'typeorm';
@Injectable()
export class SignupApiService {
@ -31,6 +32,9 @@ export class SignupApiService {
@Inject(DI.userPendingsRepository)
private userPendingsRepository: UserPendingsRepository,
@Inject(DI.usedUsernamesRepository)
private usedUsernamesRepository: UsedUsernamesRepository,
@Inject(DI.registrationTicketsRepository)
private registrationTicketsRepository: RegistrationTicketsRepository,
@ -124,6 +128,15 @@ export class SignupApiService {
}
if (instance.emailRequiredForSignup) {
if (await this.usersRepository.findOneBy({ usernameLower: username.toLowerCase(), host: IsNull() })) {
throw new FastifyReplyError(400, 'DUPLICATED_USERNAME');
}
// Check deleted username duplication
if (await this.usedUsernamesRepository.findOneBy({ username: username.toLowerCase() })) {
throw new FastifyReplyError(400, 'USED_USERNAME');
}
const code = rndstr('a-z0-9', 16);
// Generate hash of password