Merge branch 'main' of https://github.com/HeyPuter/puter into main

2024-11-14 22:06:00 +00:00 · 2024-04-26 19:13:34 -07:00 · 2024-04-26 19:13:34 -07:00 · 219cc94fbf
commit 219cc94fbf
parent bfa6419070 d7d6ff0cca
4 changed files with 22 additions and 1 deletions
--- a/packages/backend/src/routers/change_email.js
+++ b/packages/backend/src/routers/change_email.js
@ -79,6 +79,11 @@ const CHANGE_EMAIL_START = eggspress('/change_email/start', {
        confirm_url: `${config.origin}/change_email/confirm?token=${jwt_token}`,
        username: user.username,
    });
+    const old_email = user.email;
+    // TODO: NotificationService
+    await svc_email.send_email({ email: old_email }, 'email_change_notification', {
+        new_email: new_email,
+    });

    // update user
    await db.write(
--- a/packages/backend/src/routers/change_username.js
+++ b/packages/backend/src/routers/change_username.js
@ -54,6 +54,11 @@ module.exports = eggspress('/change_username', {
    if(await username_exists(req.body.new_username))
        throw APIError.create('username_already_in_use', null, { username: req.body.new_username });

+    const svc_edgeRateLimit = req.services.get('edge-rate-limit');
+    if ( ! svc_edgeRateLimit.check('change-email-start') ) {
+        return res.status(429).send('Too many requests.');
+    }
+
    const db = Context.get('services').get('database').get(DB_WRITE, 'auth');

    // Has the user already changed their username twice this month?
--- a/packages/backend/src/services/EmailService.js
+++ b/packages/backend/src/services/EmailService.js
@ -63,6 +63,17 @@ We received a request to link this email to the user "{{username}}" on Puter. If

 <p>
 <a href="{{confirm_url}}">Confirm email change</a>
+</p>
+                `,
+            },
+            'email_change_notification': {
+                subject: '\u{1f4dd} Notification of email change',
+                html: `
+<p>Hi there,</p>
+<p>
+We're sending an email to let you know about a change to your account.
+We have sent a confirmation to "{{new_email}}" to confirm an email change request.
+If this was not you, please contact support@puter.com immediately.
 </p>
                `,
            },
--- a/packages/backend/src/services/abuse-prevention/EdgeRateLimitService.js
+++ b/packages/backend/src/services/abuse-prevention/EdgeRateLimitService.js
@ -8,7 +8,7 @@ class EdgeRateLimitService extends BaseService {
    _construct () {
        this.scopes = {
            ['login']: {
-                limit: 3,
+                limit: 10,
                window: 15 * MINUTE,
            },
            ['signup']: {