gtsocial-umbx

Unnamed repository; edit this file 'description' to name the repository.
Log | Files | Refs | README | LICENSE

accountcreate.go (4526B)

      1 // GoToSocial
      2 // Copyright (C) GoToSocial Authors admin@gotosocial.org
      3 // SPDX-License-Identifier: AGPL-3.0-or-later
      4 //
      5 // This program is free software: you can redistribute it and/or modify
      6 // it under the terms of the GNU Affero General Public License as published by
      7 // the Free Software Foundation, either version 3 of the License, or
      8 // (at your option) any later version.
      9 //
     10 // This program is distributed in the hope that it will be useful,
     11 // but WITHOUT ANY WARRANTY; without even the implied warranty of
     12 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
     13 // GNU Affero General Public License for more details.
     14 //
     15 // You should have received a copy of the GNU Affero General Public License
     16 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
     17 
     18 package accounts
     19 
     20 import (
     21 	"errors"
     22 	"net"
     23 	"net/http"
     24 
     25 	"github.com/gin-gonic/gin"
     26 	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
     27 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
     28 	"github.com/superseriousbusiness/gotosocial/internal/config"
     29 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
     30 	"github.com/superseriousbusiness/gotosocial/internal/oauth"
     31 	"github.com/superseriousbusiness/gotosocial/internal/validate"
     32 )
     33 
     34 // AccountCreatePOSTHandler swagger:operation POST /api/v1/accounts accountCreate
     35 //
     36 // Create a new account using an application token.
     37 //
     38 // The parameters can also be given in the body of the request, as JSON, if the content-type is set to 'application/json'.
     39 // The parameters can also be given in the body of the request, as XML, if the content-type is set to 'application/xml'.
     40 //
     41 //	---
     42 //	tags:
     43 //	- accounts
     44 //
     45 //	consumes:
     46 //	- application/json
     47 //	- application/xml
     48 //	- application/x-www-form-urlencoded
     49 //
     50 //	produces:
     51 //	- application/json
     52 //
     53 //	security:
     54 //	- OAuth2 Application:
     55 //		- write:accounts
     56 //
     57 //	responses:
     58 //		'200':
     59 //			description: "An OAuth2 access token for the newly-created account."
     60 //			schema:
     61 //				"$ref": "#/definitions/oauthToken"
     62 //		'400':
     63 //			description: bad request
     64 //		'401':
     65 //			description: unauthorized
     66 //		'404':
     67 //			description: not found
     68 //		'406':
     69 //			description: not acceptable
     70 //		'500':
     71 //			description: internal server error
     72 func (m *Module) AccountCreatePOSTHandler(c *gin.Context) {
     73 	authed, err := oauth.Authed(c, true, true, false, false)
     74 	if err != nil {
     75 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
     76 		return
     77 	}
     78 
     79 	if _, err := apiutil.NegotiateAccept(c, apiutil.JSONAcceptHeaders...); err != nil {
     80 		apiutil.ErrorHandler(c, gtserror.NewErrorNotAcceptable(err, err.Error()), m.processor.InstanceGetV1)
     81 		return
     82 	}
     83 
     84 	form := &apimodel.AccountCreateRequest{}
     85 	if err := c.ShouldBind(form); err != nil {
     86 		apiutil.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGetV1)
     87 		return
     88 	}
     89 
     90 	if err := validateCreateAccount(form); err != nil {
     91 		apiutil.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGetV1)
     92 		return
     93 	}
     94 
     95 	clientIP := c.ClientIP()
     96 	signUpIP := net.ParseIP(clientIP)
     97 	if signUpIP == nil {
     98 		err := errors.New("ip address could not be parsed from request")
     99 		apiutil.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGetV1)
    100 		return
    101 	}
    102 	form.IP = signUpIP
    103 
    104 	ti, errWithCode := m.processor.Account().Create(c.Request.Context(), authed.Token, authed.Application, form)
    105 	if errWithCode != nil {
    106 		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
    107 		return
    108 	}
    109 
    110 	c.JSON(http.StatusOK, ti)
    111 }
    112 
    113 // validateCreateAccount checks through all the necessary prerequisites for creating a new account,
    114 // according to the provided account create request. If the account isn't eligible, an error will be returned.
    115 func validateCreateAccount(form *apimodel.AccountCreateRequest) error {
    116 	if form == nil {
    117 		return errors.New("form was nil")
    118 	}
    119 
    120 	if !config.GetAccountsRegistrationOpen() {
    121 		return errors.New("registration is not open for this server")
    122 	}
    123 
    124 	if err := validate.Username(form.Username); err != nil {
    125 		return err
    126 	}
    127 
    128 	if err := validate.Email(form.Email); err != nil {
    129 		return err
    130 	}
    131 
    132 	if err := validate.NewPassword(form.Password); err != nil {
    133 		return err
    134 	}
    135 
    136 	if !form.Agreement {
    137 		return errors.New("agreement to terms and conditions not given")
    138 	}
    139 
    140 	if err := validate.Language(form.Locale); err != nil {
    141 		return err
    142 	}
    143 
    144 	return validate.SignUpReason(form.Reason, config.GetAccountsReasonRequired())
    145 }