add: invite codes

2025-06-22 13:03:02 -04:00 · 2025-06-22 13:03:02 -04:00 · 626c6711ef
commit 626c6711ef
parent d1a074eaeb
19 changed files with 410 additions and 10 deletions
--- a/crates/app/src/routes/api/v1/auth/mod.rs
+++ b/crates/app/src/routes/api/v1/auth/mod.rs
@ -18,7 +18,7 @@ use axum::{
 };
 use axum_extra::extract::CookieJar;
 use serde::Deserialize;
-use tetratto_core::model::addr::RemoteAddr;
+use tetratto_core::model::{addr::RemoteAddr, permissions::FinePermission};
 use tetratto_shared::hash::hash;

 use cf_turnstile::{SiteVerifyRequest, TurnstileClient};
@ -86,6 +86,50 @@ pub async fn register_request(
    let mut user = User::new(props.username.to_lowercase(), props.password);
    user.settings.policy_consent = true;

+    // check invite code
+    if data.0.0.security.enable_invite_codes {
+        if props.invite_code.is_empty() {
+            return (
+                None,
+                Json(Error::MiscError("Missing invite code".to_string()).into()),
+            );
+        }
+
+        let invite_code = match data.get_invite_code_by_code(&props.invite_code).await {
+            Ok(c) => c,
+            Err(e) => return (None, Json(e.into())),
+        };
+
+        if invite_code.is_used {
+            return (
+                None,
+                Json(Error::MiscError("This code has already been used".to_string()).into()),
+            );
+        }
+
+        let owner = match data.get_user_by_id(invite_code.owner).await {
+            Ok(u) => u,
+            Err(e) => return (None, Json(e.into())),
+        };
+
+        if !owner.permissions.check(FinePermission::SUPPORTER) {
+            return (
+                None,
+                Json(
+                    Error::MiscError("Invite code owner must be an active supporter".to_string())
+                        .into(),
+                ),
+            );
+        }
+
+        user.invite_code = invite_code.id;
+
+        if let Err(e) = data.update_invite_code_is_used(invite_code.id, true).await {
+            return (None, Json(e.into()));
+        }
+    }
+
+    // push initial token
    let (initial_token, t) = User::create_token(&real_ip);
    user.tokens.push(t);

--- a/crates/app/src/routes/api/v1/auth/profile.rs
+++ b/crates/app/src/routes/api/v1/auth/profile.rs
@ -21,7 +21,7 @@ use futures_util::{sink::SinkExt, stream::StreamExt};
 use tetratto_core::{
    cache::Cache,
    model::{
-        auth::{Token, UserSettings},
+        auth::{InviteCode, Token, UserSettings},
        oauth,
        permissions::FinePermission,
        socket::{PacketType, SocketMessage, SocketMethod},
@ -817,3 +817,33 @@ pub async fn refresh_grant_request(
        Err(e) => Json(e.into()),
    }
 }
+
+/// Generate an invite code.
+///
+/// Does not support third-party grants.
+pub async fn generate_invite_code_request(
+    jar: CookieJar,
+    Extension(data): Extension<State>,
+) -> impl IntoResponse {
+    let data = &(data.read().await).0;
+    let user = match get_user_from_token!(jar, data) {
+        Some(ua) => ua,
+        None => return Json(Error::NotAllowed.into()),
+    };
+
+    if !data.0.0.security.enable_invite_codes {
+        return Json(Error::NotAllowed.into());
+    }
+
+    match data
+        .create_invite_code(InviteCode::new(user.id), &user)
+        .await
+    {
+        Ok(x) => Json(ApiReturn {
+            ok: true,
+            message: "Code generated".to_string(),
+            payload: Some(x.code),
+        }),
+        Err(e) => Json(e.into()),
+    }
+}