Merge pull request #133 from lowercasename/rk/restricted-event-creation

Optionally restrict event creation to specific email addresses
author: Raphael <mail@raphaelkabo.com> 2024-02-25 21:27:13 +0000
committer: GitHub <noreply@github.com> 2024-02-25 21:27:13 +0000
commit: 7ff0bebd9fbdf1c982d7cc42a7057d36a3e2486a (patch)
tree: 05b1d8b1d63baed174883cc96807051e530969a2 /src/lib
parent: b17238eb2840553c69fc2dae168be557afbcee9c (diff)
parent: cd0f291eb1a608589fcc2c1875fa7099ed8e2c51 (diff)
3 files changed, 53 insertions, 0 deletions
diff --git a/src/lib/config.ts b/src/lib/config.ts
index 6f142e5..93c04df 100644
--- a/src/lib/config.ts
+++ b/src/lib/config.ts
@@ -18,6 +18,7 @@ interface GathioConfig {
         email_logo_url: string;
         show_kofi: boolean;
         mail_service: "nodemailer" | "sendgrid";
+        creator_email_addresses: string[];
     };
     database: {
         mongodb_url: string;
diff --git a/src/lib/email.ts b/src/lib/email.ts
index f1dc1ae..8a215a9 100644
--- a/src/lib/email.ts
+++ b/src/lib/email.ts
@@ -12,6 +12,7 @@ type EmailTemplate =
     | "addEventComment"
     | "createEvent"
     | "createEventGroup"
+    | "createEventMagicLink"
     | "deleteEvent"
     | "editEvent"
     | "eventGroupUpdated"
diff --git a/src/lib/middleware.ts b/src/lib/middleware.ts
new file mode 100644
index 0000000..0594e90
--- /dev/null
+++ b/src/lib/middleware.ts
@@ -0,0 +1,51 @@
+import { Request, Response } from "express";
+import MagicLink from "../models/MagicLink.js";
+import getConfig from "../lib/config.js";
+
+const config = getConfig();
+
+export const checkMagicLink = async (
+    req: Request,
+    res: Response,
+    next: any,
+) => {
+    if (!config.general.creator_email_addresses?.length) {
+        // No creator email addresses are configured, so skip the magic link check
+        return next();
+    }
+    if (!req.body.magicLinkToken) {
+        return res.status(400).json({
+            errors: [
+                {
+                    message: "No magic link token was provided.",
+                },
+            ],
+        });
+    }
+    if (!req.body.creatorEmail) {
+        return res.status(400).json({
+            errors: [
+                {
+                    message: "No creator email was provided.",
+                },
+            ],
+        });
+    }
+    const magicLink = await MagicLink.findOne({
+        token: req.body.magicLinkToken,
+        email: req.body.creatorEmail,
+        expiryTime: { $gt: new Date() },
+        permittedActions: "createEvent",
+    });
+    if (!magicLink || magicLink.email !== req.body.creatorEmail) {
+        return res.status(400).json({
+            errors: [
+                {
+                    message:
+                        "Magic link is invalid or has expired. Get a new one <a href='/new'>here</a>.",
+                },
+            ],
+        });
+    }
+    next();
+};
author	Raphael <mail@raphaelkabo.com>	2024-02-25 21:27:13 +0000
committer	GitHub <noreply@github.com>	2024-02-25 21:27:13 +0000
commit	7ff0bebd9fbdf1c982d7cc42a7057d36a3e2486a (patch)
tree	05b1d8b1d63baed174883cc96807051e530969a2 /src/lib
parent	b17238eb2840553c69fc2dae168be557afbcee9c (diff)
parent	cd0f291eb1a608589fcc2c1875fa7099ed8e2c51 (diff)