diff options
Diffstat (limited to 'packages')
| -rw-r--r-- | packages/shared/config.ts | 6 | ||||
| -rw-r--r-- | packages/trpc/auth.ts | 4 | ||||
| -rw-r--r-- | packages/trpc/routers/apiKeys.ts | 8 | ||||
| -rw-r--r-- | packages/trpc/routers/users.ts | 4 |
4 files changed, 17 insertions, 5 deletions
diff --git a/packages/shared/config.ts b/packages/shared/config.ts index 288becab..44b7e26d 100644 --- a/packages/shared/config.ts +++ b/packages/shared/config.ts @@ -10,7 +10,7 @@ const stringBool = (defaultValue: string) => const allEnv = z.object({ API_URL: z.string().url().default("http://localhost:3000"), DISABLE_SIGNUPS: stringBool("false"), - DISABLE_PASSWORD_SIGNUPS: stringBool("false"), + DISABLE_PASSWORD_AUTH: stringBool("false"), OAUTH_ALLOW_DANGEROUS_EMAIL_ACCOUNT_LINKING: stringBool("false"), OAUTH_WELLKNOWN_URL: z.string().url().optional(), OAUTH_CLIENT_SECRET: z.string().optional(), @@ -54,7 +54,7 @@ const serverConfigSchema = allEnv.transform((val) => { apiUrl: val.API_URL, auth: { disableSignups: val.DISABLE_SIGNUPS, - disablePasswordSignups: val.DISABLE_PASSWORD_SIGNUPS, + disablePasswordAuth: val.DISABLE_PASSWORD_AUTH, oauth: { allowDangerousEmailAccountLinking: val.OAUTH_ALLOW_DANGEROUS_EMAIL_ACCOUNT_LINKING, @@ -114,7 +114,7 @@ export const clientConfig = { demoMode: serverConfig.demoMode, auth: { disableSignups: serverConfig.auth.disableSignups, - disablePasswordSignups: serverConfig.auth.disablePasswordSignups, + disablePasswordAuth: serverConfig.auth.disablePasswordAuth, }, inference: { inferredTagLang: serverConfig.inference.inferredTagLang, diff --git a/packages/trpc/auth.ts b/packages/trpc/auth.ts index 846c07b6..39aebd3b 100644 --- a/packages/trpc/auth.ts +++ b/packages/trpc/auth.ts @@ -3,6 +3,7 @@ import * as bcrypt from "bcryptjs"; import { db } from "@hoarder/db"; import { apiKeys } from "@hoarder/db/schema"; +import serverConfig from "@hoarder/shared/config"; // API Keys @@ -79,6 +80,9 @@ export async function hashPassword(password: string) { } export async function validatePassword(email: string, password: string) { + if (serverConfig.auth.disablePasswordAuth) { + throw new Error("Password authentication is currently disabled"); + } const user = await db.query.users.findFirst({ where: (u, { eq }) => eq(u.email, email), }); diff --git a/packages/trpc/routers/apiKeys.ts b/packages/trpc/routers/apiKeys.ts index 81e3bb2b..b7468dd2 100644 --- a/packages/trpc/routers/apiKeys.ts +++ b/packages/trpc/routers/apiKeys.ts @@ -3,6 +3,7 @@ import { and, eq } from "drizzle-orm"; import { z } from "zod"; import { apiKeys } from "@hoarder/db/schema"; +import serverConfig from "@hoarder/shared/config"; import { authenticateApiKey, generateApiKey, validatePassword } from "../auth"; import { authedProcedure, publicProcedure, router } from "../index"; @@ -74,6 +75,13 @@ export const apiKeysAppRouter = router({ .output(zApiKeySchema) .mutation(async ({ input }) => { let user; + // Special handling as otherwise the extension would show "username or password is wrong" + if (serverConfig.auth.disablePasswordAuth) { + throw new TRPCError({ + message: "Password authentication is currently disabled", + code: "FORBIDDEN", + }); + } try { user = await validatePassword(input.email, input.password); } catch (e) { diff --git a/packages/trpc/routers/users.ts b/packages/trpc/routers/users.ts index 736e7e2f..87d0fa2d 100644 --- a/packages/trpc/routers/users.ts +++ b/packages/trpc/routers/users.ts @@ -31,9 +31,9 @@ export const usersAppRouter = router({ .mutation(async ({ input, ctx }) => { if ( serverConfig.auth.disableSignups || - serverConfig.auth.disablePasswordSignups + serverConfig.auth.disablePasswordAuth ) { - const errorMessage = serverConfig.auth.disablePasswordSignups + const errorMessage = serverConfig.auth.disablePasswordAuth ? "Local Signups are disabled in the server config. Use OAuth instead!" : "Signups are disabled in server config"; throw new TRPCError({ |