Sharkey/packages/backend/src/server/api/SignupApiService.ts

import { Inject, Injectable } from '@nestjs/common';
import rndstr from 'rndstr';
import bcrypt from 'bcryptjs';
import { DI } from '@/di-symbols.js';
import type { RegistrationTicketsRepository, UserPendingsRepository, UserProfilesRepository, UsersRepository } from '@/models/index.js';
import type { Config } from '@/config.js';
import { MetaService } from '@/core/MetaService.js';
import { CaptchaService } from '@/core/CaptchaService.js';
import { IdService } from '@/core/IdService.js';
import { SignupService } from '@/core/SignupService.js';
import { UserEntityService } from '@/core/entities/UserEntityService.js';
import { EmailService } from '@/core/EmailService.js';
import { SigninService } from './SigninService.js';
import type Koa from 'koa';

@Injectable()
export class SignupApiService {
	constructor(
		@Inject(DI.config)
		private config: Config,

		@Inject(DI.usersRepository)
		private usersRepository: UsersRepository,

		@Inject(DI.userProfilesRepository)
		private userProfilesRepository: UserProfilesRepository,

		@Inject(DI.userPendingsRepository)
		private userPendingsRepository: UserPendingsRepository,

		@Inject(DI.registrationTicketsRepository)
		private registrationTicketsRepository: RegistrationTicketsRepository,

		private userEntityService: UserEntityService,
		private idService: IdService,
		private metaService: MetaService,
		private captchaService: CaptchaService,
		private signupService: SignupService,
		private signinService: SigninService,
		private emailService: EmailService,
	) {
	}

	public async signup(ctx: Koa.Context) {
		const body = ctx.request.body;

		const instance = await this.metaService.fetch(true);
	
		// Verify *Captcha
		// ただしテスト時はこの機構は障害となるため無効にする
		if (process.env.NODE_ENV !== 'test') {
			if (instance.enableHcaptcha && instance.hcaptchaSecretKey) {
				await this.captchaService.verifyHcaptcha(instance.hcaptchaSecretKey, body['hcaptcha-response']).catch(e => {
					ctx.throw(400, e);
				});
			}
	
			if (instance.enableRecaptcha && instance.recaptchaSecretKey) {
				await this.captchaService.verifyRecaptcha(instance.recaptchaSecretKey, body['g-recaptcha-response']).catch(e => {
					ctx.throw(400, e);
				});
			}
		}
	
		const username = body['username'];
		const password = body['password'];
		const host: string | null = process.env.NODE_ENV === 'test' ? (body['host'] ?? null) : null;
		const invitationCode = body['invitationCode'];
		const emailAddress = body['emailAddress'];
	
		if (instance.emailRequiredForSignup) {
			if (emailAddress == null || typeof emailAddress !== 'string') {
				ctx.status = 400;
				return;
			}
	
			const available = await this.emailService.validateEmailForAccount(emailAddress);
			if (!available) {
				ctx.status = 400;
				return;
			}
		}
	
		if (instance.disableRegistration) {
			if (invitationCode == null || typeof invitationCode !== 'string') {
				ctx.status = 400;
				return;
			}
	
			const ticket = await this.registrationTicketsRepository.findOneBy({
				code: invitationCode,
			});
	
			if (ticket == null) {
				ctx.status = 400;
				return;
			}
	
			this.registrationTicketsRepository.delete(ticket.id);
		}
	
		if (instance.emailRequiredForSignup) {
			const code = rndstr('a-z0-9', 16);
	
			// Generate hash of password
			const salt = await bcrypt.genSalt(8);
			const hash = await bcrypt.hash(password, salt);
	
			await this.userPendingsRepository.insert({
				id: this.idService.genId(),
				createdAt: new Date(),
				code,
				email: emailAddress,
				username: username,
				password: hash,
			});
	
			const link = `${this.config.url}/signup-complete/${code}`;
	
			sendEmail(emailAddress, 'Signup',
				`To complete signup, please click this link:<br><a href="${link}">${link}</a>`,
				`To complete signup, please click this link: ${link}`);
	
			ctx.status = 204;
		} else {
			try {
				const { account, secret } = await this.signupService.signup({
					username, password, host,
				});
	
				const res = await this.userEntityService.pack(account, account, {
					detail: true,
					includeSecrets: true,
				});
	
				(res as any).token = secret;
	
				ctx.body = res;
			} catch (e) {
				ctx.throw(400, e);
			}
		}
	}

	public async signupPending(ctx: Koa.Context) {
		const body = ctx.request.body;

		const code = body['code'];

		try {
			const pendingUser = await this.userPendingsRepository.findOneByOrFail({ code });

			const { account, secret } = await this.signupService.signup({
				username: pendingUser.username,
				passwordHash: pendingUser.password,
			});

			this.userPendingsRepository.delete({
				id: pendingUser.id,
			});

			const profile = await this.userProfilesRepository.findOneByOrFail({ userId: account.id });

			await this.userProfilesRepository.update({ userId: profile.userId }, {
				email: pendingUser.email,
				emailVerified: true,
				emailVerifyCode: null,
			});

			this.signinService.signin(ctx, account);
		} catch (e) {
			ctx.throw(400, e);
		}
	}
}