rondomoon/rondo-framework
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add captcha requirement for registering

Browse Source
This commit is contained in:
Jerko Steiner 2019-11-03 19:20:44 -04:00
parent 0ef21394e3
commit 262ba2c2af
3 changed files with 41 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
packages/common/src/APIDef.ts
View File

@ -2,6 +2,12 @@ import { UserProfile, NewUser } from './user'
import { Credentials } from './auth' import { Credentials } from './auth'
export interface APIDef { export interface APIDef {
'/auth/captcha.svg': {
'get': {}
}
'/auth/captcha.wav': {
'get': {}
}
'/auth/register': { '/auth/register': {
'post': { 'post': {
body: NewUser body: NewUser

13
packages/server/src/routes/configureAuthRoutes.ts
View File

@ -1,13 +1,24 @@
import { APIDef, AuthService } from '@rondo.dev/common' import { APIDef, AuthService } from '@rondo.dev/common'
import { Authenticator, ensureLoggedInApi } from '../middleware' import { Authenticator, ensureLoggedInApi } from '../middleware'
import { AsyncRouter } from '../router' import { AsyncRouter } from '../router'
import { espeak, image, audio, validateCaptcha } from '@rondo.dev/captcha'
export function configureAuthRoutes( export function configureAuthRoutes(
authService: AuthService, authService: AuthService,
authenticator: Authenticator, authenticator: Authenticator,
t: AsyncRouter<APIDef>, t: AsyncRouter<APIDef>,
) { ) {
t.post('/auth/register', async (req, res) => {
t.get('/auth/captcha.svg', image({
size: 6,
}) as any)
t.get('/auth/captcha.wav', audio({
commands: [espeak({})],
size: 6,
}))
t.post('/auth/register', [validateCaptcha()], async (req, res) => {
const user = await authService.createUser({ const user = await authService.createUser({
username: req.body.username, username: req.body.username,
email: req.body.email, email: req.body.email,

27
packages/server/src/test-utils/TestUtils.ts
View File

@ -114,24 +114,37 @@ export class TestUtils<T extends Routes> {
async registerAccount(username?: string) { async registerAccount(username?: string) {
const {context} = this const {context} = this
const {cookie, token} = await this.getCsrf() const {cookie: csrfCookie, token} = await this.getCsrf()
process.env.CAPTCHA = '1234'
const captcha = await supertest(this.app)
.get(`${context}/api/auth/captcha.svg`)
.expect(200)
const sessionCookie = [
csrfCookie,
this.getCookies(captcha.header['set-cookie']),
].join('; ')
const response = await supertest(this.app) const response = await supertest(this.app)
.post(`${context}/api/auth/register`) .post(`${context}/api/auth/register`)
.set('cookie', cookie) .set('cookie', sessionCookie)
.send({ .send({
firstName: 'test', firstName: 'test',
lastName: 'test', lastName: 'test',
captcha: process.env.CAPTCHA,
email: username || this.username, email: username || this.username,
...this.getLoginBody(token, username), ...this.getLoginBody(token, username),
}) })
.expect(200) .expect(200)
console.log('registered?')
const cookies = this.getCookies(response.header['set-cookie']) const cookies = this.getCookies(response.header['set-cookie'])
return { return {
headers: { headers: {
'cookie': [cookies, cookie].join('; '), 'cookie': [cookies, sessionCookie].filter(c => !!c).join('; '),
'x-csrf-token': token, 'x-csrf-token': token,
}, },
userId: response.body.id, userId: response.body.id,
@ -197,7 +210,13 @@ export class TestUtils<T extends Routes> {
return service as RPCClient<S> return service as RPCClient<S>
} }
private getCookies(setCookiesString: string[]): string { private getCookies(setCookiesString: string | string[]): string {
if (!setCookiesString) {
return ''
}
if (typeof setCookiesString === 'string') {
setCookiesString = [setCookiesString]
}
return setCookiesString.map(c => c.split('; ')[0]).join('; ') return setCookiesString.map(c => c.split('; ')[0]).join('; ')
} }