do not allow non-admins to register tokens with admin scopes
[akkoma] / lib / pleroma / user_invite_token.ex
1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
4
5 defmodule Pleroma.UserInviteToken do
6 use Ecto.Schema
7
8 import Ecto.Changeset
9 import Ecto.Query
10 alias Pleroma.Repo
11 alias Pleroma.UserInviteToken
12
13 @type t :: %__MODULE__{}
14 @type token :: String.t()
15
16 schema "user_invite_tokens" do
17 field(:token, :string)
18 field(:used, :boolean, default: false)
19 field(:max_use, :integer)
20 field(:expires_at, :date)
21 field(:uses, :integer, default: 0)
22 field(:invite_type, :string)
23
24 timestamps()
25 end
26
27 @spec create_invite(map()) :: {:ok, UserInviteToken.t()}
28 def create_invite(params \\ %{}) do
29 %UserInviteToken{}
30 |> cast(params, [:max_use, :expires_at])
31 |> add_token()
32 |> assign_type()
33 |> Repo.insert()
34 end
35
36 defp add_token(changeset) do
37 token = :crypto.strong_rand_bytes(32) |> Base.url_encode64()
38 put_change(changeset, :token, token)
39 end
40
41 defp assign_type(%{changes: %{max_use: _max_use, expires_at: _expires_at}} = changeset) do
42 put_change(changeset, :invite_type, "reusable_date_limited")
43 end
44
45 defp assign_type(%{changes: %{expires_at: _expires_at}} = changeset) do
46 put_change(changeset, :invite_type, "date_limited")
47 end
48
49 defp assign_type(%{changes: %{max_use: _max_use}} = changeset) do
50 put_change(changeset, :invite_type, "reusable")
51 end
52
53 defp assign_type(changeset), do: put_change(changeset, :invite_type, "one_time")
54
55 @spec list_invites() :: [UserInviteToken.t()]
56 def list_invites do
57 query = from(u in UserInviteToken, order_by: u.id)
58 Repo.all(query)
59 end
60
61 @spec update_invite!(UserInviteToken.t(), map()) :: UserInviteToken.t() | no_return()
62 def update_invite!(invite, changes) do
63 change(invite, changes) |> Repo.update!()
64 end
65
66 @spec update_invite(UserInviteToken.t(), map()) ::
67 {:ok, UserInviteToken.t()} | {:error, Changeset.t()}
68 def update_invite(invite, changes) do
69 change(invite, changes) |> Repo.update()
70 end
71
72 @spec find_by_token!(token()) :: UserInviteToken.t() | no_return()
73 def find_by_token!(token), do: Repo.get_by!(UserInviteToken, token: token)
74
75 @spec find_by_token(token()) :: {:ok, UserInviteToken.t()} | nil
76 def find_by_token(token) do
77 with %UserInviteToken{} = invite <- Repo.get_by(UserInviteToken, token: token) do
78 {:ok, invite}
79 end
80 end
81
82 @spec valid_invite?(UserInviteToken.t()) :: boolean()
83 def valid_invite?(%{invite_type: "one_time"} = invite) do
84 not invite.used
85 end
86
87 def valid_invite?(%{invite_type: "date_limited"} = invite) do
88 not_overdue_date?(invite) and not invite.used
89 end
90
91 def valid_invite?(%{invite_type: "reusable"} = invite) do
92 invite.uses < invite.max_use and not invite.used
93 end
94
95 def valid_invite?(%{invite_type: "reusable_date_limited"} = invite) do
96 not_overdue_date?(invite) and invite.uses < invite.max_use and not invite.used
97 end
98
99 defp not_overdue_date?(%{expires_at: expires_at}) do
100 Date.compare(Date.utc_today(), expires_at) in [:lt, :eq]
101 end
102
103 @spec update_usage!(UserInviteToken.t()) :: nil | UserInviteToken.t() | no_return()
104 def update_usage!(%{invite_type: "date_limited"}), do: nil
105
106 def update_usage!(%{invite_type: "one_time"} = invite),
107 do: update_invite!(invite, %{used: true})
108
109 def update_usage!(%{invite_type: invite_type} = invite)
110 when invite_type == "reusable" or invite_type == "reusable_date_limited" do
111 changes = %{
112 uses: invite.uses + 1
113 }
114
115 changes =
116 if changes.uses >= invite.max_use do
117 Map.put(changes, :used, true)
118 else
119 changes
120 end
121
122 update_invite!(invite, changes)
123 end
124 end