From fd1810592bd0184971e6bf6599d411e7c6131d3c Mon Sep 17 00:00:00 2001
From: Wang Sijie <wangsijie@silverhand.io>
Date: Mon, 7 Feb 2022 14:14:42 +0800
Subject: [PATCH] feat(core): check email exist before sending code (#211)

---
 packages/core/src/lib/sign-in.ts      | 12 +++++++++---
 packages/core/src/queries/user.ts     |  7 +++++++
 packages/phrases/src/locales/en.ts    |  1 +
 packages/phrases/src/locales/zh-cn.ts |  1 +
 4 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/packages/core/src/lib/sign-in.ts b/packages/core/src/lib/sign-in.ts
index 63ab5e659..d88b822e7 100644
--- a/packages/core/src/lib/sign-in.ts
+++ b/packages/core/src/lib/sign-in.ts
@@ -4,7 +4,7 @@ import { Provider } from 'oidc-provider';
 
 import RequestError from '@/errors/RequestError';
 import { WithUserLogContext } from '@/middleware/koa-user-log';
-import { findUserByEmail } from '@/queries/user';
+import { findUserByEmail, hasUserWithEmail } from '@/queries/user';
 import assertThat from '@/utils/assert-that';
 import { emailReg } from '@/utils/regex';
 
@@ -24,8 +24,14 @@ const assignSignInResult = async (ctx: Context, provider: Provider, userId: stri
 };
 
 export const sendSignInWithEmailPasscode = async (ctx: Context, jti: string, email: string) => {
-  assertThat(!email || emailReg.test(email), new RequestError('user.invalid_email'));
-
+  assertThat(emailReg.test(email), new RequestError('user.invalid_email'));
+  assertThat(
+    await hasUserWithEmail(email),
+    new RequestError({
+      code: 'user.email_not_exists',
+      status: 422,
+    })
+  );
   const passcode = await createPasscode(jti, PasscodeType.SignIn, { email });
   await sendPasscode(passcode);
   ctx.state = 204;
diff --git a/packages/core/src/queries/user.ts b/packages/core/src/queries/user.ts
index b9b34d588..d28d2c468 100644
--- a/packages/core/src/queries/user.ts
+++ b/packages/core/src/queries/user.ts
@@ -44,6 +44,13 @@ export const hasUserWithId = async (id: string) =>
     where ${fields.id}=${id}
   `);
 
+export const hasUserWithEmail = async (email: string) =>
+  pool.exists(sql`
+    select ${fields.primaryEmail}
+    from ${table}
+    where ${fields.primaryEmail}=${email}
+  `);
+
 export const insertUser = buildInsertInto<CreateUser, User>(pool, Users, { returning: true });
 
 export const findAllUsers = async () =>
diff --git a/packages/phrases/src/locales/en.ts b/packages/phrases/src/locales/en.ts
index 05c960353..6cf8e4d2f 100644
--- a/packages/phrases/src/locales/en.ts
+++ b/packages/phrases/src/locales/en.ts
@@ -33,6 +33,7 @@ const errors = {
   user: {
     username_exists: 'The username already exists.',
     invalid_email: 'Invalid email address.',
+    email_not_exists: 'The email address has not been registered yet.',
   },
   password: {
     unsupported_encryption_method: 'The encryption method {{name}} is not supported.',
diff --git a/packages/phrases/src/locales/zh-cn.ts b/packages/phrases/src/locales/zh-cn.ts
index fc50f12ea..c7c351753 100644
--- a/packages/phrases/src/locales/zh-cn.ts
+++ b/packages/phrases/src/locales/zh-cn.ts
@@ -35,6 +35,7 @@ const errors = {
   user: {
     username_exists: '用户名已存在。',
     invalid_email: '邮箱地址不正确。',
+    email_not_exists: '邮箱地址尚未注册。',
   },
   password: {
     unsupported_encryption_method: '不支持的加密方法 {{name}}。',