add: invite codes

2025-06-22 13:03:02 -04:00 · 2025-06-22 13:03:02 -04:00 · 626c6711ef
commit 626c6711ef
parent d1a074eaeb
19 changed files with 410 additions and 10 deletions
--- a/crates/app/src/routes/api/v1/auth/mod.rs
+++ b/crates/app/src/routes/api/v1/auth/mod.rs
@ -18,7 +18,7 @@ use axum::{
 };
 use axum_extra::extract::CookieJar;
 use serde::Deserialize;
-use tetratto_core::model::addr::RemoteAddr;
+use tetratto_core::model::{addr::RemoteAddr, permissions::FinePermission};
 use tetratto_shared::hash::hash;

 use cf_turnstile::{SiteVerifyRequest, TurnstileClient};
@ -86,6 +86,50 @@ pub async fn register_request(
    let mut user = User::new(props.username.to_lowercase(), props.password);
    user.settings.policy_consent = true;

+    // check invite code
+    if data.0.0.security.enable_invite_codes {
+        if props.invite_code.is_empty() {
+            return (
+                None,
+                Json(Error::MiscError("Missing invite code".to_string()).into()),
+            );
+        }
+
+        let invite_code = match data.get_invite_code_by_code(&props.invite_code).await {
+            Ok(c) => c,
+            Err(e) => return (None, Json(e.into())),
+        };
+
+        if invite_code.is_used {
+            return (
+                None,
+                Json(Error::MiscError("This code has already been used".to_string()).into()),
+            );
+        }
+
+        let owner = match data.get_user_by_id(invite_code.owner).await {
+            Ok(u) => u,
+            Err(e) => return (None, Json(e.into())),
+        };
+
+        if !owner.permissions.check(FinePermission::SUPPORTER) {
+            return (
+                None,
+                Json(
+                    Error::MiscError("Invite code owner must be an active supporter".to_string())
+                        .into(),
+                ),
+            );
+        }
+
+        user.invite_code = invite_code.id;
+
+        if let Err(e) = data.update_invite_code_is_used(invite_code.id, true).await {
+            return (None, Json(e.into()));
+        }
+    }
+
+    // push initial token
    let (initial_token, t) = User::create_token(&real_ip);
    user.tokens.push(t);

--- a/crates/app/src/routes/api/v1/auth/profile.rs
+++ b/crates/app/src/routes/api/v1/auth/profile.rs
@ -21,7 +21,7 @@ use futures_util::{sink::SinkExt, stream::StreamExt};
 use tetratto_core::{
    cache::Cache,
    model::{
-        auth::{Token, UserSettings},
+        auth::{InviteCode, Token, UserSettings},
        oauth,
        permissions::FinePermission,
        socket::{PacketType, SocketMessage, SocketMethod},
@ -817,3 +817,33 @@ pub async fn refresh_grant_request(
        Err(e) => Json(e.into()),
    }
 }
+
+/// Generate an invite code.
+///
+/// Does not support third-party grants.
+pub async fn generate_invite_code_request(
+    jar: CookieJar,
+    Extension(data): Extension<State>,
+) -> impl IntoResponse {
+    let data = &(data.read().await).0;
+    let user = match get_user_from_token!(jar, data) {
+        Some(ua) => ua,
+        None => return Json(Error::NotAllowed.into()),
+    };
+
+    if !data.0.0.security.enable_invite_codes {
+        return Json(Error::NotAllowed.into());
+    }
+
+    match data
+        .create_invite_code(InviteCode::new(user.id), &user)
+        .await
+    {
+        Ok(x) => Json(ApiReturn {
+            ok: true,
+            message: "Code generated".to_string(),
+            payload: Some(x.code),
+        }),
+        Err(e) => Json(e.into()),
+    }
+}
--- a/crates/app/src/routes/api/v1/mod.rs
+++ b/crates/app/src/routes/api/v1/mod.rs
@ -37,6 +37,7 @@ pub fn routes() -> Router {
        .route("/util/proxy", get(util::proxy_request))
        .route("/util/lang", get(util::set_langfile_request))
        .route("/util/ip", get(util::ip_test_request))
+        .route("/invite", post(auth::profile::generate_invite_code_request))
        // reactions
        .route("/reactions", post(reactions::create_request))
        .route("/reactions/{id}", get(reactions::get_request))
@ -605,6 +606,8 @@ pub struct RegisterProps {
    pub password: String,
    pub policy_consent: bool,
    pub captcha_response: String,
+    #[serde(default)]
+    pub invite_code: String,
 }

 #[derive(Deserialize)]
--- a/crates/app/src/routes/pages/profile.rs
+++ b/crates/app/src/routes/pages/profile.rs
@ -101,6 +101,18 @@ pub async fn settings_request(
        }
    };

+    let invites = match data.0.get_invite_codes_by_owner(profile.id).await {
+        Ok(l) => match data.0.fill_invite_codes(l).await {
+            Ok(l) => l,
+            Err(e) => {
+                return Err(Html(render_error(e, &jar, &data, &None).await));
+            }
+        },
+        Err(e) => {
+            return Err(Html(render_error(e, &jar, &data, &None).await));
+        }
+    };
+
    let tokens = profile.tokens.clone();

    let lang = get_lang!(jar, data.0);
@ -113,6 +125,7 @@ pub async fn settings_request(
    context.insert("following", &following);
    context.insert("blocks", &blocks);
    context.insert("stackblocks", &stackblocks);
+    context.insert("invites", &invites);
    context.insert(
        "user_tokens_serde",
        &serde_json::to_string(&tokens)