fix: register page captcha

2025-07-05 11:58:51 -04:00 · 2025-07-05 11:58:51 -04:00 · 9ba6320d46
commit 9ba6320d46
parent e5b6b5a4d4
3 changed files with 9 additions and 7 deletions
--- a/crates/app/src/main.rs
+++ b/crates/app/src/main.rs
@ -130,7 +130,7 @@ async fn main() {
        )
        .layer(SetResponseHeaderLayer::if_not_present(
            HeaderName::from_static("content-security-policy"),
-            HeaderValue::from_static("default-src 'self' *.spotify.com musicbrainz.org; img-src * data:; media-src *; font-src *; style-src 'unsafe-inline' 'self' *; script-src 'self' 'unsafe-inline' *; object-src 'self' *; upgrade-insecure-requests; connect-src * localhost; frame-src 'self'; frame-ancestors 'self'"),
+            HeaderValue::from_static("default-src 'self' *.spotify.com musicbrainz.org; img-src * data:; media-src *; font-src *; style-src 'unsafe-inline' 'self' *; script-src 'self' 'unsafe-inline' *; object-src 'self' *; upgrade-insecure-requests; connect-src * localhost; frame-src 'self' *.cloudflare.com; frame-ancestors 'self'"),
        ))
        .layer(CatchPanicLayer::new());

--- a/crates/app/src/routes/pages/journals.rs
+++ b/crates/app/src/routes/pages/journals.rs
@ -365,7 +365,7 @@ pub async fn global_view_request(
    Ok((
        [(
            "content-security-policy",
-            "default-src 'self' *.spotify.com musicbrainz.org; img-src * data:; media-src *; font-src *; style-src 'unsafe-inline' 'self' *; script-src 'self' 'unsafe-inline' *; object-src 'self' *; upgrade-insecure-requests; connect-src * localhost; frame-src 'self'; frame-ancestors *",
+            "default-src 'self' *.spotify.com musicbrainz.org; img-src * data:; media-src *; font-src *; style-src 'unsafe-inline' 'self' *; script-src 'self' 'unsafe-inline' *; object-src 'self' *; upgrade-insecure-requests; connect-src * localhost; frame-src 'self' *.cloudflare.com; frame-ancestors *",
        )],
        Html(data.1.render("journals/app.html", &context).unwrap()),
    ))
--- a/crates/core/src/database/invite_codes.rs
+++ b/crates/core/src/database/invite_codes.rs
@ -103,12 +103,14 @@ impl DataManager {
    /// # Arguments
    /// * `data` - a mock [`InviteCode`] object to insert
    pub async fn create_invite_code(&self, data: InviteCode, user: &User) -> Result<InviteCode> {
-        // check account creation date
+        // check account creation date (if we aren't a supporter OR this is a purchased account)
+        if !user.permissions.check(FinePermission::SUPPORTER) | user.was_purchased {
            if unix_epoch_timestamp() - user.created < Self::MINIMUM_ACCOUNT_AGE_FOR_INVITE_CODES {
                return Err(Error::MiscError(
                    "Your account is too young to do this".to_string(),
                ));
            }
+        }

        // ...
        if !user.permissions.check(FinePermission::SUPPORTER) {