mirror of
https://github.com/standardnotes/server
synced 2026-07-14 09:01:33 -04:00
* wip: move valet token controller * wip: move users controller * wip: move admin controller * wip: move subscription tokens controller * wip: move subscription settings controller * wip: move settings controller * wip: move middleware * wip: move session controller * wip: move offline controller * wip: move listed controller * wip: move internal controller * wip: move healthcheck controller * wip: move features controller * fix: bind inversify express controllers only for home server * fix: inversify deps
53 lines
1.6 KiB
TypeScript
53 lines
1.6 KiB
TypeScript
import { Username } from '@standardnotes/domain-core'
|
|
import { NextFunction, Request, Response } from 'express'
|
|
import { inject, injectable } from 'inversify'
|
|
import { BaseMiddleware } from 'inversify-express-utils'
|
|
import TYPES from '../../../Bootstrap/Types'
|
|
import { LockRepositoryInterface } from '../../../Domain/User/LockRepositoryInterface'
|
|
|
|
import { UserRepositoryInterface } from '../../../Domain/User/UserRepositoryInterface'
|
|
|
|
@injectable()
|
|
export class LockMiddleware extends BaseMiddleware {
|
|
constructor(
|
|
@inject(TYPES.Auth_UserRepository) private userRepository: UserRepositoryInterface,
|
|
@inject(TYPES.Auth_LockRepository) private lockRepository: LockRepositoryInterface,
|
|
) {
|
|
super()
|
|
}
|
|
|
|
async handler(request: Request, response: Response, next: NextFunction): Promise<void> {
|
|
try {
|
|
let identifier = request.body.email ?? request.body.username
|
|
const usernameOrError = Username.create(identifier)
|
|
if (usernameOrError.isFailed()) {
|
|
response.status(400).send({
|
|
error: {
|
|
message: usernameOrError.getError(),
|
|
},
|
|
})
|
|
}
|
|
const username = usernameOrError.getValue()
|
|
|
|
const user = await this.userRepository.findOneByUsernameOrEmail(username)
|
|
if (user !== null) {
|
|
identifier = user.uuid
|
|
}
|
|
|
|
if (await this.lockRepository.isUserLocked(identifier)) {
|
|
response.status(423).send({
|
|
error: {
|
|
message: 'Too many successive login requests. Please try your request again later.',
|
|
},
|
|
})
|
|
|
|
return
|
|
}
|
|
|
|
return next()
|
|
} catch (error) {
|
|
return next(error)
|
|
}
|
|
}
|
|
}
|