fix: 登録メール送信時に重複確認を行う (#10231)

* fix: 登録メール送信時に重複確認を行う * try-catchを使う必要はない * Remove spaces
2024-05-17 17:02:01 +02:00 · 2023-03-09 12:57:34 +09:00 · 2023-03-09 12:57:34 +09:00 · a4ca127ebd
parent 4835f0fb43
commit a4ca127ebd
1 changed files with 19 additions and 6 deletions
--- a/packages/backend/src/server/api/SignupApiService.ts
+++ b/packages/backend/src/server/api/SignupApiService.ts
@ -2,7 +2,7 @@ import { Inject, Injectable } from '@nestjs/common';
 import rndstr from 'rndstr';
 import bcrypt from 'bcryptjs';
 import { DI } from '@/di-symbols.js';
-import type { RegistrationTicketsRepository, UserPendingsRepository, UserProfilesRepository, UsersRepository } from '@/models/index.js';
+import type { RegistrationTicketsRepository, UsedUsernamesRepository, UserPendingsRepository, UserProfilesRepository, UsersRepository } from '@/models/index.js';
 import type { Config } from '@/config.js';
 import { MetaService } from '@/core/MetaService.js';
 import { CaptchaService } from '@/core/CaptchaService.js';
@ -15,6 +15,7 @@ import { FastifyReplyError } from '@/misc/fastify-reply-error.js';
 import { bindThis } from '@/decorators.js';
 import { SigninService } from './SigninService.js';
 import type { FastifyRequest, FastifyReply } from 'fastify';
+import { IsNull } from 'typeorm';

@Injectable()
 export class SignupApiService {
@ -31,6 +32,9 @@ export class SignupApiService {
 		@Inject(DI.userPendingsRepository)
 		private userPendingsRepository: UserPendingsRepository,

+		@Inject(DI.usedUsernamesRepository)
+		private usedUsernamesRepository: UsedUsernamesRepository,
+
 		@Inject(DI.registrationTicketsRepository)
 		private registrationTicketsRepository: RegistrationTicketsRepository,

@ -124,12 +128,21 @@ export class SignupApiService {
 		}
 	
 		if (instance.emailRequiredForSignup) {
+			if (await this.usersRepository.findOneBy({ usernameLower: username.toLowerCase(), host: IsNull() })) {
+				throw new FastifyReplyError(400, 'DUPLICATED_USERNAME');
+			}
+
+			// Check deleted username duplication
+			if (await this.usedUsernamesRepository.findOneBy({ username: username.toLowerCase() })) {
+				throw new FastifyReplyError(400, 'USED_USERNAME');
+			}
+
 			const code = rndstr('a-z0-9', 16);
-	
+
 			// Generate hash of password
 			const salt = await bcrypt.genSalt(8);
 			const hash = await bcrypt.hash(password, salt);
-	
+
 			await this.userPendingsRepository.insert({
 				id: this.idService.genId(),
 				createdAt: new Date(),
@ -138,13 +151,13 @@ export class SignupApiService {
 				username: username,
 				password: hash,
 			});
-	
+
 			const link = `${this.config.url}/signup-complete/${code}`;
-	
+
 			this.emailService.sendEmail(emailAddress!, 'Signup',
 				`To complete signup, please click this link:<br><a href="${link}">${link}</a>`,
 				`To complete signup, please click this link: ${link}`);
-	
+
 			reply.code(204);
 			return;
 		} else {