Mirrors/continuwuity
1
0
Fork 0
mirror of https://forgejo.ellis.link/continuwuation/continuwuity.git synced 2026-05-26 20:49:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(!783): Initial implementation

Browse Source 
Adds support for extra limited-use registration tokens
stored in the database, and a new service to manage them.
This commit is contained in:
Ginger
2026-01-05 17:27:00 -05:00
parent ecf74bb31f
commit 42f4ec34cd
9 changed files with 288 additions and 82 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/api/client/account.rs
+20 -10
View File
@@ -185,7 +185,10 @@ pub(crate) async fn register_route(
if is_guest
&& (!services.config.allow_guest_registration
|| (services.config.allow_registration
&& services.globals.registration_token.is_some()))
&& services
.registration_tokens
.get_config_file_token()
.is_some()))
{
info!(
"Guest registration disabled / registration enabled with token configured, \
@@ -301,7 +304,13 @@ pub(crate) async fn register_route(
let skip_auth = body.appservice_info.is_some() || is_guest;
// Populate required UIAA flows
if services.globals.registration_token.is_some() {
if services
.registration_tokens
.iterate_tokens()
.next()
.await
.is_some()
{
// Registration token required
uiaainfo.flows.push(AuthFlow {
stages: vec![AuthType::RegistrationToken],
@@ -846,19 +855,20 @@ pub(crate) async fn request_3pid_management_token_via_msisdn_route(
/// # `GET /_matrix/client/v1/register/m.login.registration_token/validity`
///
/// Checks if the provided registration token is valid at the time of checking
///
/// Currently does not have any ratelimiting, and this isn't very practical as
/// there is only one registration token allowed.
/// Checks if the provided registration token is valid at the time of checking.
pub(crate) async fn check_registration_token_validity(
State(services): State<crate::State>,
body: Ruma<check_registration_token_validity::v1::Request>,
) -> Result<check_registration_token_validity::v1::Response> {
let Some(reg_token) = services.globals.registration_token.clone() else {
return Err!(Request(Forbidden("Server does not allow token registration")));
};
// TODO: ratelimit this pretty heavily
Ok(check_registration_token_validity::v1::Response { valid: reg_token == body.token })
let valid = services
.registration_tokens
.validate_token(&body.token)
.await
.is_some();
Ok(check_registration_token_validity::v1::Response { valid })
}
/// Runs through all the deactivation steps: