AppRegisterController.php 6.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201
  1. <?php
  2. namespace App\Http\Controllers;
  3. use App\Mail\InAppRegisterEmailVerify;
  4. use App\Models\AppRegister;
  5. use App\User;
  6. use App\Util\Lexer\RestrictedNames;
  7. use Illuminate\Http\Request;
  8. use Illuminate\Support\Facades\DB;
  9. use Illuminate\Support\Facades\Hash;
  10. use Illuminate\Support\Facades\Mail;
  11. use Purify;
  12. class AppRegisterController extends Controller
  13. {
  14. public function index(Request $request)
  15. {
  16. abort_unless(config('auth.iar') == true, 404);
  17. // $open = (bool) config_cache('pixelfed.open_registration');
  18. // if(!$open || $request->user()) {
  19. if ($request->user()) {
  20. return redirect('/');
  21. }
  22. return view('auth.iar');
  23. }
  24. public function store(Request $request)
  25. {
  26. abort_unless(config('auth.iar') == true, 404);
  27. $rules = [
  28. 'email' => 'required|email:rfc,dns,spoof,strict|unique:users,email|unique:app_registers,email',
  29. ];
  30. if ((bool) config_cache('captcha.enabled') && (bool) config_cache('captcha.active.register')) {
  31. $rules['h-captcha-response'] = 'required|captcha';
  32. }
  33. $this->validate($request, $rules);
  34. $email = $request->input('email');
  35. $code = str_pad(random_int(0, 999999), 6, '0', STR_PAD_LEFT);
  36. $exists = AppRegister::whereEmail($email)->where('created_at', '>', now()->subHours(24))->count();
  37. if ($exists && $exists > 3) {
  38. $errorParams = http_build_query([
  39. 'status' => 'error',
  40. 'message' => 'Too many attempts, please try again later.',
  41. ]);
  42. return redirect()->away("pixelfed://verifyEmail?{$errorParams}");
  43. }
  44. DB::beginTransaction();
  45. $registration = AppRegister::create([
  46. 'email' => $email,
  47. 'verify_code' => $code,
  48. 'email_delivered_at' => now(),
  49. ]);
  50. try {
  51. Mail::to($email)->send(new InAppRegisterEmailVerify($code));
  52. } catch (\Exception $e) {
  53. DB::rollBack();
  54. $errorParams = http_build_query([
  55. 'status' => 'error',
  56. 'message' => 'Failed to send verification code',
  57. ]);
  58. return redirect()->away("pixelfed://verifyEmail?{$errorParams}");
  59. }
  60. DB::commit();
  61. $queryParams = http_build_query([
  62. 'email' => $request->email,
  63. 'expires_in' => 3600,
  64. 'status' => 'success',
  65. ]);
  66. return redirect()->away("pixelfed://verifyEmail?{$queryParams}");
  67. }
  68. public function verifyCode(Request $request)
  69. {
  70. abort_unless(config('auth.iar') == true, 404);
  71. $this->validate($request, [
  72. 'email' => 'required|email:rfc,dns,spoof,strict|unique:users,email',
  73. 'verify_code' => ['required', 'digits:6', 'numeric'],
  74. ]);
  75. $email = $request->input('email');
  76. $code = $request->input('verify_code');
  77. $exists = AppRegister::whereEmail($email)
  78. ->whereVerifyCode($code)
  79. ->where('created_at', '>', now()->subMinutes(60))
  80. ->exists();
  81. return response()->json([
  82. 'status' => $exists ? 'success' : 'error',
  83. ]);
  84. }
  85. public function onboarding(Request $request)
  86. {
  87. abort_unless(config('auth.iar') == true, 404);
  88. $this->validate($request, [
  89. 'email' => 'required|email:rfc,dns,spoof,strict|unique:users,email',
  90. 'verify_code' => ['required', 'digits:6', 'numeric'],
  91. 'username' => $this->validateUsernameRule(),
  92. 'name' => 'nullable|string|max:'.config('pixelfed.max_name_length'),
  93. 'password' => 'required|string|min:'.config('pixelfed.min_password_length'),
  94. ]);
  95. $email = $request->input('email');
  96. $code = $request->input('verify_code');
  97. $username = $request->input('username');
  98. $name = $request->input('name');
  99. $password = $request->input('password');
  100. $exists = AppRegister::whereEmail($email)
  101. ->whereVerifyCode($code)
  102. ->where('created_at', '>', now()->subMinutes(60))
  103. ->exists();
  104. if (! $exists) {
  105. return response()->json([
  106. 'status' => 'error',
  107. 'message' => 'Invalid verification code, please try again later.',
  108. ]);
  109. }
  110. $user = User::create([
  111. 'name' => Purify::clean($name),
  112. 'username' => $username,
  113. 'email' => $email,
  114. 'password' => Hash::make($password),
  115. 'app_register_ip' => request()->ip(),
  116. 'register_source' => 'app',
  117. ]);
  118. sleep(10);
  119. return response()->json([
  120. 'status' => 'success',
  121. 'auth_token' => $user->createToken('Pixelfed App')->plainTextToken,
  122. ]);
  123. }
  124. protected function validateUsernameRule()
  125. {
  126. return [
  127. 'required',
  128. 'min:2',
  129. 'max:30',
  130. 'unique:users',
  131. function ($attribute, $value, $fail) {
  132. $dash = substr_count($value, '-');
  133. $underscore = substr_count($value, '_');
  134. $period = substr_count($value, '.');
  135. if (ends_with($value, ['.php', '.js', '.css'])) {
  136. return $fail('Username is invalid.');
  137. }
  138. if (($dash + $underscore + $period) > 1) {
  139. return $fail('Username is invalid. Can only contain one dash (-), period (.) or underscore (_).');
  140. }
  141. if (! ctype_alnum($value[0])) {
  142. return $fail('Username is invalid. Must start with a letter or number.');
  143. }
  144. if (! ctype_alnum($value[strlen($value) - 1])) {
  145. return $fail('Username is invalid. Must end with a letter or number.');
  146. }
  147. $val = str_replace(['_', '.', '-'], '', $value);
  148. if (! ctype_alnum($val)) {
  149. return $fail('Username is invalid. Username must be alpha-numeric and may contain dashes (-), periods (.) and underscores (_).');
  150. }
  151. if (! preg_match('/[a-zA-Z]/', $value)) {
  152. return $fail('Username is invalid. Must contain at least one alphabetical character.');
  153. }
  154. $restricted = RestrictedNames::get();
  155. if (in_array(strtolower($value), array_map('strtolower', $restricted))) {
  156. return $fail('Username cannot be used.');
  157. }
  158. },
  159. ];
  160. }
  161. }