Merge 32a297d2ef into b59d1b24ff

html forms only support get and post im gonna have to make this a separate route

src/server/lib/codes.ts

@@ -4,12 +4,14 @@ import crypto from "node:crypto"
 export type Intent = "verifyEmail" | "recoverAccount" | "identityProof"
 
 export const Intents = {
-    verifyEmail: {},
+    verifyEmail: {
+        limit: 2
+    },
     recoverAccount: {},
     identityProof: {
         codeGenerator: crypto.randomUUID
     }
-} as Record<Intent, {codeGenerator?: () => string}>
+} as Record<Intent, {codeGenerator?: () => string, limit?: number}>
 
 export function isIntent(intent: string): intent is Intent {
     return intent in Intents
@@ -72,4 +74,15 @@ export class Code {
     check(forUser: string) {
         return forUser === this.for
     }
+}
+
+export function code(...params: ConstructorParameters<typeof Code>): { success: true, code: Code } | { success: false, error: string } {
+    const [intent, forUser] = params
+    const {limit = 100} = Intents[intent]
+    const {length: codeCount} = codes[intent].byUser.get(forUser) || [];
+
+    if (codeCount >= limit)
+        return { success: false, error: `Too many active codes for intent ${intent} (${limit})` }
+    else
+        return { success: true, code: new Code(...params) }
 }

src/server/routes/api/v1/account/index.ts

@@ -111,12 +111,12 @@ const validators: {
 
             // send verification email
 
-            if (
+            const tryCode = CodeMgr.code("verifyEmail", target.id, params.email)
-                (CodeMgr.codes.verifyEmail.byUser.get(target.id)?.length || 0) >= 2
-            )
-                return [429, "you have too many active codes"]
 
-            let code = new CodeMgr.Code("verifyEmail", target.id, params.email)
+            if (!tryCode.success)
+                return [429, tryCode.error]
+
+            const { code } = tryCode
 
             sendMail(
                 params.email,
@@ -264,7 +264,7 @@ export default function (files: Files) {
         password: AccountSchemas.StringPassword,
         invite: z.string().max(6)
     }).omit(
-        Configuration.accounts.requiredForUpload
+        !Configuration.accounts.requiredForUpload
         ? { invite: true }
         : {}
     )), async (ctx) => {
@@ -302,7 +302,9 @@ export default function (files: Files) {
 
     router.patch(
         "/:user",
-        scheme(UserUpdateScheme),
+        scheme(
+            UserUpdateScheme
+        ),
         assertAPI(
             ctx =>
                 Object.keys(ctx.get("parsedScheme"))

src/server/routes/api/v1/account/prove.ts

@@ -49,7 +49,7 @@ export default function () {
         return ctx.json(["none"]) // if we add 2fa in the future, return available 2fa methods
     })
 
-    router.post("/", scheme(
+    router.post("/", requiresAccount, scheme(
         ProofCreationSchema
     ), async (ctx) => {
 
@@ -68,12 +68,17 @@ export default function () {
 
         // if actor does have 2fa in an else block here
 
-        return ctx.text(new CodeMgr.Code(
+        const tryCode = CodeMgr.code(
             "identityProof",
             target.id,
             Boolean(actor), // so that you can only log in with proofs created when logged out
             5 * 60 * 1000
-        ).id)
+        )
+
+        if (!tryCode.success)
+            return ServeError(ctx, 429, tryCode.error)
+
+        return ctx.text(tryCode.code.id)
     })
 
     return router