mirrors/puter
1
0
Fork 0
mirror of https://github.com/HeyPuter/puter synced 2024-11-14 22:06:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: continue work on blocked_email_domains

Browse Source
This commit is contained in:
KernelDeimos 2024-10-26 03:28:45 -04:00
parent c22a69ffb1
commit 515051dabf
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/backend/src/routers/save_account.js
View File

@ -24,6 +24,7 @@ const auth = require('../middleware/auth.js');
const config = require('../config');
const { Context } = require('../util/context');
const { DB_WRITE } = require('../services/database/consts');
const { can } = require('../util/langutil.js');
// -----------------------------------------------------------------------//
// POST /save_account
@ -70,6 +71,17 @@ router.post('/save_account', auth, express.json(), async (req, res, next)=>{
else if(req.body.password.length < config.min_pass_length)
return res.status(400).send(`Password must be at least ${config.min_pass_length} characters long.`)
const svc_cleanEmail = req.services.get('clean-email')
const clean_email = svc_cleanEmail.clean(req.body.email);
if ( can(config.blocked_email_domains, 'iterate') ) {
for ( const suffix of config.blocked_email_domains ) {
if ( clean_email.endsWith(suffix) ) {
return res.status(400).send('This email domain is not allowed.');
}
}
}
const svc_edgeRateLimit = req.services.get('edge-rate-limit');
if ( ! svc_edgeRateLimit.check('save-account') ) {
return res.status(429).send('Too many requests.');