blsmedia/bot
2
0
Fork 0
Code Activity

🔒 (auth) Block disposable emails during sign up

Browse Source
This commit is contained in:
Baptiste Arnaud
2023-07-27 09:29:17 +02:00
parent 320cffc420
commit abc3abd86b
1 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
apps/builder/src/pages/api/auth/[...nextauth].ts
View File

@@ -16,6 +16,7 @@ import { getNewUserInvitations } from '@/features/auth/helpers/getNewUserInvitat
import { sendVerificationRequest } from '@/features/auth/helpers/sendVerificationRequest' import { sendVerificationRequest } from '@/features/auth/helpers/sendVerificationRequest'
import { Ratelimit } from '@upstash/ratelimit' import { Ratelimit } from '@upstash/ratelimit'
import { Redis } from '@upstash/redis/nodejs' import { Redis } from '@upstash/redis/nodejs'
import got from 'got'
const providers: Provider[] = [] const providers: Provider[] = []
@@ -172,6 +173,14 @@ export const authOptions: AuthOptions = {
signIn: async ({ account, user }) => { signIn: async ({ account, user }) => {
if (!account) return false if (!account) return false
const isNewUser = !('createdAt' in user && isDefined(user.createdAt)) const isNewUser = !('createdAt' in user && isDefined(user.createdAt))
if (isNewUser && user.email) {
const { body } = await got.get(
'https://raw.githubusercontent.com/disposable-email-domains/disposable-email-domains/master/disposable_email_blocklist.conf'
)
const disposableEmailDomains = body.split('\n')
if (disposableEmailDomains.includes(user.email.split('@')[1]))
return false
}
if (process.env.DISABLE_SIGNUP === 'true' && isNewUser && user.email) { if (process.env.DISABLE_SIGNUP === 'true' && isNewUser && user.email) {
const { invitations, workspaceInvitations } = const { invitations, workspaceInvitations } =
await getNewUserInvitations(prisma, user.email) await getNewUserInvitations(prisma, user.email)