Add API handling of invite codes, add web page for inviting users.

src/api.ts

@@ -3,8 +3,8 @@ import * as base64id from "base64id";
 import { config } from "./config";
 import {unlink} from "fs";
 
-async function register(name: string, password: string, confirm: string): Promise<object> {
-	if(!config['satyr']['registration']) return {"error":"registration disabled"};
+async function register(name: string, password: string, confirm: string, invite?: boolean): Promise<object> {
+	if(!config['satyr']['registration'] && !invite) return {"error":"registration disabled"};
 	if(name.includes(';') || name.includes(' ') || name.includes('\'')) return {"error":"illegal characters"};
 	if(password !== confirm) return {"error":"mismatched passwords"};
 	for(let i=0;i<config['satyr']['restrictedNames'].length;i++){
@@ -104,12 +104,15 @@ async function genInvite(): Promise<string>{
 	return invitecode;
 }
 
-async function useInvite(code: string): Promise<boolean>{
+async function validInvite(code: string): Promise<boolean>{
 	if(typeof(code) !== "string" || code === "") return false;
 	var result = await db.query('SELECT code FROM invites WHERE code='+db.raw.escape(code));
 	if(!result[0] || result[0]['code'] !== code) return false;
-	await db.query('DELETE FROM invites WHERE code='+db.raw.escape(code));
 	return true;
 }
 
-export { register, update, changepwd, changesk, login, updateChat, deleteVODs, getConfig, genInvite, useInvite };
+async function useInvite(code: string): Promise<void>{
+	if(validInvite(code)) await db.query('DELETE FROM invites WHERE code='+db.raw.escape(code));
+}
+
+export { register, update, changepwd, changesk, login, updateChat, deleteVODs, getConfig, genInvite, useInvite, validInvite };

src/config.ts

@@ -16,7 +16,7 @@ const config: Object = {
 	   domain: '',
 	   registration: false,
 	   email: null,
-	   restrictedNames: [ 'live', 'user', 'users', 'register', 'login' ],
+	   restrictedNames: [ 'live', 'user', 'users', 'register', 'login', 'invite' ],
 	   rootredirect: '/users/live',
 	   version: process.env.npm_package_version,
 	 }, localconfig['satyr']),

src/http.ts

@@ -224,6 +224,21 @@ async function initAPI() {
 		});
 	});
 	app.post('/api/register', (req, res) => {
+		if("invite" in req.body){
+			if(api.validInvite(req.body.invite)){
+				api.register(req.body.username, req.body.password, req.body.confirm, true).then((result) => {
+					if(result[0]) return genToken(req.body.username).then((t) => {
+						res.cookie('Authorization', t, {maxAge: 604800000, httpOnly: true, sameSite: 'Lax'});
+						res.json(result);
+						api.useInvite(req.body.invite);
+						return;
+					});
+					res.json(result);
+				});
+			}
+			else res.json({error: "invalid invite code"});
+		}
+		else
 		api.register(req.body.username, req.body.password, req.body.confirm).then( (result) => {
 			if(result[0]) return genToken(req.body.username).then((t) => {
 				res.cookie('Authorization', t, {maxAge: 604800000, httpOnly: true, sameSite: 'Lax'});
@@ -486,6 +501,18 @@ async function initSite(openReg) {
 		}
 		else res.render('login.njk',njkconf);
 	});
+	app.get('/invite/:code', (req, res) => {
+		if(tryDecode(req.cookies.Authorization)) {
+			res.redirect('/profile');
+		}
+		else res.render('invite.njk',Object.assign({icode: req.params.code}, njkconf));
+	});
+	app.get('/invite', (req, res) => {
+		if(tryDecode(req.cookies.Authorization)) {
+			res.redirect('/profile');
+		}
+		else res.render('invite.njk',Object.assign({icode: ""}, njkconf));
+	});
 	app.get('/register', (req, res) => {
 		if(tryDecode(req.cookies.Authorization) || !openReg) {
 			res.redirect(njkconf.rootredirect);

templates/invite.njk

@@ -0,0 +1,20 @@
+{% extends "base.njk" %}
+{% block content %}
+<h3>You've been invited to {{ sitename }}</h3><span style="font-size: small;">Already registered? Log in <a href="/login">here</a>.</br></br></span>
+	<!--<div id="jscontainer" style="height: 100%;">
+		<div id="jschild" style="width: 50%;height: 100%;text-align: left;margin: 20px;">-->
+			<form action="/api/register" method="POST" target="responseFrame">
+				Username: </br><input type="text" name="username" style="min-width: 300px" placeholder="e.g. lain"/></br>
+        		Password: </br><input type="password" name="password" style="min-width: 300px"/></br>
+				Confirm: </br><input type="password" name="confirm" style="min-width: 300px"/></br>
+				Invite Code: </br><input type="text" name="invite" style="min-width: 300px" value="{{icode}}"/></br></br>
+				<input type="submit" value="Submit">
+			</form></br>
+			
+		<!--</div>
+		<div id="jschild" style="width: 50%;height: 100%;text-align: left;margin: 20px;">-->
+			{% include "tos.html" %}</br>
+			<iframe name="responseFrame" border="0" frameborder="0" style="display: inline;"></iframe>
+		<!--</div>
+	</div>-->
+{% endblock %}