diff options
| author | Raphael Kabo <raphaelkabo@hey.com> | 2024-02-25 17:56:25 +0000 |
|---|---|---|
| committer | Raphael Kabo <raphaelkabo@hey.com> | 2024-02-25 17:56:25 +0000 |
| commit | cd0f291eb1a608589fcc2c1875fa7099ed8e2c51 (patch) | |
| tree | 05b1d8b1d63baed174883cc96807051e530969a2 /src/lib | |
| parent | b17238eb2840553c69fc2dae168be557afbcee9c (diff) | |
feat: optionally restrict event creation to specific emails
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/config.ts | 1 | ||||
| -rw-r--r-- | src/lib/email.ts | 1 | ||||
| -rw-r--r-- | src/lib/middleware.ts | 51 |
3 files changed, 53 insertions, 0 deletions
diff --git a/src/lib/config.ts b/src/lib/config.ts index 6f142e5..93c04df 100644 --- a/src/lib/config.ts +++ b/src/lib/config.ts @@ -18,6 +18,7 @@ interface GathioConfig { email_logo_url: string; show_kofi: boolean; mail_service: "nodemailer" | "sendgrid"; + creator_email_addresses: string[]; }; database: { mongodb_url: string; diff --git a/src/lib/email.ts b/src/lib/email.ts index f1dc1ae..8a215a9 100644 --- a/src/lib/email.ts +++ b/src/lib/email.ts @@ -12,6 +12,7 @@ type EmailTemplate = | "addEventComment" | "createEvent" | "createEventGroup" + | "createEventMagicLink" | "deleteEvent" | "editEvent" | "eventGroupUpdated" diff --git a/src/lib/middleware.ts b/src/lib/middleware.ts new file mode 100644 index 0000000..0594e90 --- /dev/null +++ b/src/lib/middleware.ts @@ -0,0 +1,51 @@ +import { Request, Response } from "express"; +import MagicLink from "../models/MagicLink.js"; +import getConfig from "../lib/config.js"; + +const config = getConfig(); + +export const checkMagicLink = async ( + req: Request, + res: Response, + next: any, +) => { + if (!config.general.creator_email_addresses?.length) { + // No creator email addresses are configured, so skip the magic link check + return next(); + } + if (!req.body.magicLinkToken) { + return res.status(400).json({ + errors: [ + { + message: "No magic link token was provided.", + }, + ], + }); + } + if (!req.body.creatorEmail) { + return res.status(400).json({ + errors: [ + { + message: "No creator email was provided.", + }, + ], + }); + } + const magicLink = await MagicLink.findOne({ + token: req.body.magicLinkToken, + email: req.body.creatorEmail, + expiryTime: { $gt: new Date() }, + permittedActions: "createEvent", + }); + if (!magicLink || magicLink.email !== req.body.creatorEmail) { + return res.status(400).json({ + errors: [ + { + message: + "Magic link is invalid or has expired. Get a new one <a href='/new'>here</a>.", + }, + ], + }); + } + next(); +}; |