feat(core): check email exist before sending code (#211)

2025-02-17 22:04:19 -05:00 · 2022-02-07 14:14:42 +08:00 · 2022-02-07 14:14:42 +08:00 · fd1810592b
commit fd1810592b
parent 3d550b74dd
4 changed files with 18 additions and 3 deletions
--- a/packages/core/src/lib/sign-in.ts
+++ b/packages/core/src/lib/sign-in.ts
@ -4,7 +4,7 @@ import { Provider } from 'oidc-provider';

 import RequestError from '@/errors/RequestError';
 import { WithUserLogContext } from '@/middleware/koa-user-log';
-import { findUserByEmail } from '@/queries/user';
+import { findUserByEmail, hasUserWithEmail } from '@/queries/user';
 import assertThat from '@/utils/assert-that';
 import { emailReg } from '@/utils/regex';

@ -24,8 +24,14 @@ const assignSignInResult = async (ctx: Context, provider: Provider, userId: stri
 };

 export const sendSignInWithEmailPasscode = async (ctx: Context, jti: string, email: string) => {
-  assertThat(!email || emailReg.test(email), new RequestError('user.invalid_email'));
-
+  assertThat(emailReg.test(email), new RequestError('user.invalid_email'));
+  assertThat(
+    await hasUserWithEmail(email),
+    new RequestError({
+      code: 'user.email_not_exists',
+      status: 422,
+    })
+  );
  const passcode = await createPasscode(jti, PasscodeType.SignIn, { email });
  await sendPasscode(passcode);
  ctx.state = 204;
--- a/packages/core/src/queries/user.ts
+++ b/packages/core/src/queries/user.ts
@ -44,6 +44,13 @@ export const hasUserWithId = async (id: string) =>
    where ${fields.id}=${id}
  `);

+export const hasUserWithEmail = async (email: string) =>
+  pool.exists(sql`
+    select ${fields.primaryEmail}
+    from ${table}
+    where ${fields.primaryEmail}=${email}
+  `);
+
 export const insertUser = buildInsertInto<CreateUser, User>(pool, Users, { returning: true });

 export const findAllUsers = async () =>
--- a/packages/phrases/src/locales/en.ts
+++ b/packages/phrases/src/locales/en.ts
@ -33,6 +33,7 @@ const errors = {
  user: {
    username_exists: 'The username already exists.',
    invalid_email: 'Invalid email address.',
+    email_not_exists: 'The email address has not been registered yet.',
  },
  password: {
    unsupported_encryption_method: 'The encryption method {{name}} is not supported.',
--- a/packages/phrases/src/locales/zh-cn.ts
+++ b/packages/phrases/src/locales/zh-cn.ts
@ -35,6 +35,7 @@ const errors = {
  user: {
    username_exists: '用户名已存在。',
    invalid_email: '邮箱地址不正确。',
+    email_not_exists: '邮箱地址尚未注册。',
  },
  password: {
    unsupported_encryption_method: '不支持的加密方法 {{name}}。',