feat: add limit; fix doc

EhTagTranslation · Jul 23, 2022 · 92bc1b3 · 92bc1b3
1 parent 3088f41
commit 92bc1b3
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 11 deletions.
diff --git a/src/server/app/github-identity.guard.ts b/src/server/app/github-identity.guard.ts
@@ -1,11 +1,15 @@
-import { CanActivate, ExecutionContext, Injectable, UnauthorizedException } from '@nestjs/common';
+import { CanActivate, ExecutionContext, Injectable, UnauthorizedException, ForbiddenException } from '@nestjs/common';
+import { ConfigService } from '@nestjs/config';
 import type { FastifyRequest } from 'fastify';
 import { InjectableBase } from '../injectable-base.js';
 import { OctokitService } from '../octokit/octokit.service.js';
 
+/* 账号最少需要注册后 15 天 */
+const DAFAULT_MIN_ACCOUNT_AGE = 15 * 24 * 60 * 60 * 1000;
+
 @Injectable()
 export class GithubIdentityGuard extends InjectableBase implements CanActivate {
-    constructor(private readonly octokit: OctokitService) {
+    constructor(private readonly octokit: OctokitService, private readonly config: ConfigService) {
         super();
     }
     async canActivate(context: ExecutionContext): Promise<boolean> {
@@ -15,18 +19,24 @@ export class GithubIdentityGuard extends InjectableBase implements CanActivate {
         if (!token) return true;
         if (typeof token != 'string') throw new UnauthorizedException('Invalid token.');
         token = token.trim();
-        if (/^bearer\s+/i.test(token)) token = token.slice(6).trimLeft();
+        if (/^bearer\s+/i.test(token)) token = token.slice(6).trimStart();
         if (token.length < 8) throw new UnauthorizedException('Invalid token.');
+        let user;
         try {
-            const user = await this.octokit.user(token);
-            Object.defineProperty(request, 'user', {
-                value: user,
-                enumerable: true,
-                writable: false,
-            });
-            return true;
+            user = await this.octokit.user(token);
         } catch {
             throw new UnauthorizedException('Bad token.');
         }
+        if (
+            Date.parse(user.created_at) >=
+            Date.now() - Number(this.config.get('MIN_ACCOUNT_AGE', DAFAULT_MIN_ACCOUNT_AGE))
+        ) {
+            throw new ForbiddenException('Account age too young.');
+        }
+        Object.defineProperty(request, 'user', {
+            value: user,
+            configurable: true,
+        });
+        return true;
     }
 }
diff --git a/src/server/setup.ts b/src/server/setup.ts
@@ -1,5 +1,6 @@
 import { DocumentBuilder, SwaggerModule } from '@nestjs/swagger';
 import type { INestApplication } from '@nestjs/common';
+import type { FastifyReply } from 'fastify';
 
 export function setupSwagger(app: INestApplication): void {
     const options = new DocumentBuilder()
@@ -11,7 +12,10 @@ export function setupSwagger(app: INestApplication): void {
         .addTag('Tools', '不直接操作数据库的帮助工具。')
         .build();
     const document = SwaggerModule.createDocument(app, options);
-    SwaggerModule.setup('/', app, document);
+    SwaggerModule.setup('/swagger', app, document);
+    app.getHttpAdapter().get('/', (req, res: FastifyReply) => {
+        void res.redirect(302, '/swagger');
+    });
 }
 
 export function enableCors(app: INestApplication): void {