✨ Check for disposable emails (#114)

Author: AnandChowdhary

package.json

@@ -1,6 +1,6 @@
 {
   "name": "staart-manager",
-  "version": "1.0.51",
+  "version": "1.0.52",
   "main": "index.js",
   "repository": "git@github.com:AnandChowdhary/staart.git",
   "author": "Anand Chowdhary <mail@anandchowdhary.com>",
@@ -88,6 +88,7 @@
     "cors": "^2.8.5",
     "cron": "^1.7.1",
     "crypto-random-string": "^3.0.1",
+    "disposable-email-domains": "^1.0.46",
     "express": "^4.17.0",
     "express-async-handler": "^1.1.4",
     "express-brute": "^1.0.1",
@@ -118,8 +119,8 @@
     "response-time": "^2.3.2",
     "rotating-file-stream": "^1.4.2",
     "slugify": "^1.3.4",
-    "stripe": "^7.4.0",
-    "snyk": "^1.192.3"
+    "snyk": "^1.192.3",
+    "stripe": "^7.4.0"
   },
   "files": [
     "setup"

src/config.ts

@@ -58,6 +58,7 @@ export const SES_EMAIL = process.env.SES_EMAIL || "";
 export const SES_REGION = process.env.SES_REGION || "eu-west-1";
 export const SES_ACCESS = process.env.SES_ACCESS || "";
 export const SES_SECRET = process.env.SES_SECRET || "";
+export const ALLOW_DISPOSABLE_EMAILS = !!process.env.DISPOSABLE_EMAIL;
 
 // Auth and tokens
 export const JWT_SECRET = process.env.JWT_SECRET || "staart";

src/helpers/mail.ts

@@ -12,7 +12,13 @@ import { readFile } from "fs-extra";
 import { join } from "path";
 import { render } from "mustache";
 import marked from "marked";
+import { isMatch } from "matcher";
+import disposableDomains from "disposable-email-domains/index.json";
+import wildcardDomains from "disposable-email-domains/wildcard.json";
 import i18n from "../i18n";
+import Joi from "@hapi/joi";
+import { joiValidate } from "./utils";
+import { ErrorCode } from "../interfaces/enum";
 
 const client = createClient({
   key: SES_ACCESS,
@@ -57,3 +63,24 @@ export const mail = async (
     altText
   });
 };
+
+export const checkIfDisposableEmail = (email: string) => {
+  let isDisposable = false;
+  joiValidate(
+    {
+      email: Joi.string()
+        .email()
+        .required()
+    },
+    { email }
+  );
+  const domain = email.split("@")[1];
+  if (disposableDomains.includes(domain))
+    throw new Error(ErrorCode.DISPOSABLE_EMAIL);
+  const potentialMatches = wildcardDomains.filter(w => domain.includes(w));
+  potentialMatches.forEach(
+    d => (isDisposable = isDisposable || isMatch(email, `*.${d}`))
+  );
+  if (isDisposable) throw new Error(ErrorCode.DISPOSABLE_EMAIL);
+  return;
+};

src/interfaces/enum.ts

@@ -85,7 +85,8 @@ export enum ErrorCode {
   OAUTH_NO_EMAIL = "404/oauth-no-email",
   INVALID_API_KEY_SECRET = "401/invalid-api-key-secret",
   IP_RANGE_CHECK_FAIL = "401/ip-range-check-fail",
-  REFERRER_CHECK_FAIL = "401/referrer-check-fail"
+  REFERRER_CHECK_FAIL = "401/referrer-check-fail",
+  DISPOSABLE_EMAIL = "422/disposable-email"
 }
 
 export enum Templates {

src/internal/staart-version

@@ -1 +1 @@
-1.0.51
+1.0.52

src/rest/auth.ts

@@ -16,7 +16,7 @@ import {
   getEmail,
   checkIfNewEmail
 } from "../crud/email";
-import { mail } from "../helpers/mail";
+import { mail, checkIfDisposableEmail } from "../helpers/mail";
 import {
   verifyToken,
   passwordResetToken,
@@ -52,7 +52,8 @@ import {
   FACEBOOK_CLIENT_ID,
   FACEBOOK_CLIENT_SECRET,
   SALESFORCE_CLIENT_ID,
-  SALESFORCE_CLIENT_SECRET
+  SALESFORCE_CLIENT_SECRET,
+  ALLOW_DISPOSABLE_EMAILS
 } from "../config";
 import axios from "axios";
 import { GitHubEmail } from "../interfaces/oauth";
@@ -103,7 +104,10 @@ export const register = async (
   role?: MembershipRole,
   emailVerified?: boolean
 ) => {
-  if (email) await checkIfNewEmail(email);
+  if (email) {
+    await checkIfNewEmail(email);
+    if (!ALLOW_DISPOSABLE_EMAILS) checkIfDisposableEmail(email);
+  }
   if (!user.username) user.username = createSlug(user.name);
   if (!(await checkUsernameAvailability(user.username)))
     throw new Error(ErrorCode.USERNAME_EXISTS);

tsconfig.json

@@ -10,6 +10,7 @@
     "esModuleInterop": true,
     "allowSyntheticDefaultImports": true,
     "experimentalDecorators": true,
+    "resolveJsonModule": true,
     "emitDecoratorMetadata": true,
     "declarationDir": "./dist",
     "outDir": "./dist",

yarn.lock

@@ -2540,6 +2540,11 @@ dijkstrajs@^1.0.1:
   resolved "https://registry.yarnpkg.com/dijkstrajs/-/dijkstrajs-1.0.1.tgz#d3cd81221e3ea40742cfcde556d4e99e98ddc71b"
   integrity sha1-082BIh4+pAdCz83lVtTpnpjdxxs=
 
+disposable-email-domains@^1.0.46:
+  version "1.0.46"
+  resolved "https://registry.yarnpkg.com/disposable-email-domains/-/disposable-email-domains-1.0.46.tgz#6f8c777bf56c8926f480b53986547a40a5ff3416"
+  integrity sha512-Nk8tDHrAqysWS3J0scrxPfIXeMT50iy+1zfqWrLbKg/q1x8qgWYW31gggVOUbC/YndDLalOaZk5JpnTv7A2Q0A==
+
 dns-prefetch-control@0.1.0:
   version "0.1.0"
   resolved "https://registry.yarnpkg.com/dns-prefetch-control/-/dns-prefetch-control-0.1.0.tgz#60ddb457774e178f1f9415f0cabb0e85b0b300b2"
@@ -6769,10 +6774,10 @@ snyk-try-require@1.3.1, snyk-try-require@^1.1.1, snyk-try-require@^1.3.1:
     lru-cache "^4.0.0"
     then-fs "^2.0.0"
 
-snyk@^1.192.2:
-  version "1.192.2"
-  resolved "https://registry.yarnpkg.com/snyk/-/snyk-1.192.2.tgz#7fd4cc630301cb7f288d9b1412b2dd346056df05"
-  integrity sha512-4qGp7FE+Kqy3CuvxywnaBOuFY4iADc/poc6oPT00adVz61hP9Q+VnQr5Ztq+V/LCQwTMJqKSk0EuODEGSJbVXA==
+snyk@^1.192.3:
+  version "1.192.3"
+  resolved "https://registry.yarnpkg.com/snyk/-/snyk-1.192.3.tgz#2aba981b3068aaaf8a3fafd6b8f8e29cb4629b3c"
+  integrity sha512-Rm/qr7qxuCT324GSiKGWq/VzssG7DqeF2hQp7Odu/UPVDZ6JdBKQmL0uXe8SVSrRfbx7Pmy0GFK4ya1Fgy5Aaw==
   dependencies:
     "@snyk/dep-graph" "1.8.1"
     "@snyk/gemfile" "1.2.0"