Merge upstream

2024-12-22 12:44:09 +09:00 · 2024-12-22 12:44:09 +09:00 · 29c25555b8
commit 29c25555b8
parent 3358fb7a9b 4ecfae0d85
40 changed files with 1183 additions and 667 deletions
--- a/packages/backend/src/server/api/endpoints/meta.ts
+++ b/packages/backend/src/server/api/endpoints/meta.ts
@ -11,6 +11,8 @@ export const meta = {
 	tags: ['meta'],

 	requireCredential: false,
+	allowGet: true,
+	cacheSec: 60,

 	res: {
 		type: 'object',
--- a/packages/backend/src/server/api/endpoints/stats.ts
+++ b/packages/backend/src/server/api/endpoints/stats.ts
@ -12,6 +12,8 @@ import UsersChart from '@/core/chart/charts/users.js';

 export const meta = {
 	requireCredential: false,
+	allowGet: true,
+	cacheSec: 60,

 	tags: ['meta'],

--- a/packages/backend/src/server/api/endpoints/users/get-security-info.ts
+++ b/packages/backend/src/server/api/endpoints/users/get-security-info.ts
@ -0,0 +1,72 @@
+import { Inject, Injectable } from '@nestjs/common';
+import type { UserProfilesRepository, UserSecurityKeysRepository } from '@/models/_.js';
+import { Endpoint } from '@/server/api/endpoint-base.js';
+import { DI } from '@/di-symbols.js';
+import bcrypt from 'bcryptjs';
+import ms from 'ms';
+
+export const meta = {
+	tags: ['users'],
+
+	requireCredential: false,
+
+	limit: {
+		duration: ms('1hour'),
+		max: 30,
+	},
+
+	res: {
+		type: 'object',
+		properties: {
+			twoFactorEnabled: { type: 'boolean' },
+			usePasswordLessLogin: { type: 'boolean' },
+			securityKeys: { type: 'boolean' },
+		},
+	},
+	errors: {
+	},
+} as const;
+
+export const paramDef = {
+	type: 'object',
+	properties: {
+		email: { type: 'string' },
+		password: { type: 'string' },
+	},
+	required: ['email', 'password'],
+} as const;
+
+@Injectable()
+export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-disable-line import/no-default-export
+	constructor(
+		@Inject(DI.userProfilesRepository)
+		private userProfilesRepository: UserProfilesRepository,
+
+		@Inject(DI.userSecurityKeysRepository)
+		private userSecurityKeysRepository: UserSecurityKeysRepository,
+	) {
+		super(meta, paramDef, async (ps, me) => {
+			const profile = await this.userProfilesRepository.findOneBy({
+				email: ps.email,
+				emailVerified: true,
+			});
+
+			const passwordMatched = await bcrypt.compare(ps.password, profile?.password ?? '');
+			if (!profile || !passwordMatched) {
+				return {
+					twoFactorEnabled: false,
+					usePasswordLessLogin: false,
+					securityKeys: false,
+				};
+			}
+
+			return {
+				twoFactorEnabled: profile.twoFactorEnabled,
+				usePasswordLessLogin: profile.usePasswordLessLogin,
+				securityKeys: profile.twoFactorEnabled
+					? await this.userSecurityKeysRepository.countBy({ userId: profile.userId }).then(result => result >= 1)
+					: false,
+			};
+		});
+	}
+}