remixed v0

2022-05-14 12:22:06 +02:00
parent 9275d4499b
commit 98b89ae0f7
338 changed files with 22549 additions and 44628 deletions
--- a/app/features/auth/actions/forgot-password.ts
+++ b/app/features/auth/actions/forgot-password.ts
@ -0,0 +1,63 @@
+import { type ActionFunction, json } from "@remix-run/node";
+import { type User, TokenType } from "@prisma/client";
+
+import db from "~/utils/db.server";
+import { type FormError, validate } from "~/utils/validation.server";
+import { sendForgotPasswordEmail } from "~/mailers/forgot-password-mailer.server";
+import { generateToken, hashToken } from "~/utils/token.server";
+import { ForgotPassword } from "../validations";
+
+const RESET_PASSWORD_TOKEN_EXPIRATION_IN_HOURS = 24;
+
+type ForgotPasswordFailureActionData = { errors: FormError<typeof ForgotPassword>; submitted?: never };
+type ForgotPasswordSuccessfulActionData = { errors?: never; submitted: true };
+export type ForgotPasswordActionData = ForgotPasswordFailureActionData | ForgotPasswordSuccessfulActionData;
+
+const action: ActionFunction = async ({ request }) => {
+	const formData = Object.fromEntries(await request.formData());
+	const validation = validate(ForgotPassword, formData);
+	if (validation.errors) {
+		return json<ForgotPasswordFailureActionData>({ errors: validation.errors });
+	}
+
+	const { email } = validation.data;
+	const user = await db.user.findUnique({ where: { email: email.toLowerCase() } });
+
+	// always wait the same amount of time so attackers can't tell the difference whether a user is found
+	await Promise.all([updatePassword(user), new Promise((resolve) => setTimeout(resolve, 750))]);
+
+	// return the same result whether a password reset email was sent or not
+	return json<ForgotPasswordSuccessfulActionData>({ submitted: true });
+};
+
+export default action;
+
+async function updatePassword(user: User | null) {
+	const membership = await db.membership.findFirst({ where: { userId: user?.id } });
+	if (!user || !membership) {
+		return;
+	}
+
+	const token = generateToken();
+	const hashedToken = hashToken(token);
+	const expiresAt = new Date();
+	expiresAt.setHours(expiresAt.getHours() + RESET_PASSWORD_TOKEN_EXPIRATION_IN_HOURS);
+
+	await db.token.deleteMany({ where: { type: TokenType.RESET_PASSWORD, userId: user.id } });
+	await db.token.create({
+		data: {
+			user: { connect: { id: user.id } },
+			membership: { connect: { id: membership.id } },
+			type: TokenType.RESET_PASSWORD,
+			expiresAt,
+			hashedToken,
+			sentTo: user.email,
+		},
+	});
+
+	await sendForgotPasswordEmail({
+		to: user.email,
+		token,
+		userName: user.fullName,
+	});
+}
--- a/app/features/auth/actions/register.ts
+++ b/app/features/auth/actions/register.ts
@ -0,0 +1,56 @@
+import { type ActionFunction, json } from "@remix-run/node";
+import { GlobalRole, MembershipRole } from "@prisma/client";
+
+import db from "~/utils/db.server";
+import { authenticate, hashPassword } from "~/utils/auth.server";
+import { type FormError, validate } from "~/utils/validation.server";
+import { Register } from "../validations";
+
+export type RegisterActionData = {
+	errors: FormError<typeof Register>;
+};
+
+const action: ActionFunction = async ({ request }) => {
+	const formData = Object.fromEntries(await request.formData());
+	const validation = validate(Register, formData);
+	if (validation.errors) {
+		return json<RegisterActionData>({ errors: validation.errors });
+	}
+
+	const { orgName, fullName, email, password } = validation.data;
+	const hashedPassword = await hashPassword(password.trim());
+	try {
+		await db.user.create({
+			data: {
+				fullName: fullName.trim(),
+				email: email.toLowerCase().trim(),
+				hashedPassword,
+				role: GlobalRole.CUSTOMER,
+				memberships: {
+					create: {
+						role: MembershipRole.OWNER,
+						organization: {
+							create: { name: orgName },
+						},
+					},
+				},
+			},
+		});
+	} catch (error: any) {
+		if (error.code === "P2002") {
+			if (error.meta.target[0] === "email") {
+				return json<RegisterActionData>({
+					errors: { general: "An account with this email address already exists" },
+				});
+			}
+		}
+
+		return json<RegisterActionData>({
+			errors: { general: `An unexpected error happened${error.code ? `\nCode: ${error.code}` : ""}` },
+		});
+	}
+
+	return authenticate({ email, password, request, failureRedirect: "/register" });
+};
+
+export default action;
--- a/app/features/auth/actions/reset-password.ts
+++ b/app/features/auth/actions/reset-password.ts
@ -0,0 +1,56 @@
+import { type ActionFunction, json, redirect } from "@remix-run/node";
+import { TokenType } from "@prisma/client";
+
+import db from "~/utils/db.server";
+import logger from "~/utils/logger.server";
+import { type FormError, validate } from "~/utils/validation.server";
+import { authenticate, hashPassword } from "~/utils/auth.server";
+import { ResetPasswordError } from "~/utils/errors";
+import { hashToken } from "~/utils/token.server";
+import { ResetPassword } from "../validations";
+
+export type ResetPasswordActionData = { errors: FormError<typeof ResetPassword> };
+
+const action: ActionFunction = async ({ request }) => {
+	const searchParams = new URL(request.url).searchParams;
+	const token = searchParams.get("token");
+	if (!token) {
+		return redirect("/forgot-password");
+	}
+
+	const formData = Object.fromEntries(await request.formData());
+	const validation = validate(ResetPassword, { ...formData, token });
+	if (validation.errors) {
+		return json<ResetPasswordActionData>({ errors: validation.errors });
+	}
+
+	const hashedToken = hashToken(token);
+	const savedToken = await db.token.findFirst({
+		where: { hashedToken, type: TokenType.RESET_PASSWORD },
+		include: { user: true },
+	});
+	if (!savedToken) {
+		logger.warn(`No token found with hashedToken=${hashedToken}`);
+		throw new ResetPasswordError();
+	}
+
+	await db.token.delete({ where: { id: savedToken.id } });
+
+	if (savedToken.expiresAt < new Date()) {
+		logger.warn(`Token with hashedToken=${hashedToken} is expired since ${savedToken.expiresAt.toUTCString()}`);
+		throw new ResetPasswordError();
+	}
+
+	const password = validation.data.password.trim();
+	const hashedPassword = await hashPassword(password);
+	const { email } = await db.user.update({
+		where: { id: savedToken.userId },
+		data: { hashedPassword },
+	});
+
+	await db.session.deleteMany({ where: { userId: savedToken.userId } });
+
+	return authenticate({ email, password, request });
+};
+
+export default action;
--- a/app/features/auth/actions/sign-in.ts
+++ b/app/features/auth/actions/sign-in.ts
@ -0,0 +1,22 @@
+import { type ActionFunction, json } from "@remix-run/node";
+
+import { SignIn } from "../validations";
+import { type FormError, validate } from "~/utils/validation.server";
+import { authenticate } from "~/utils/auth.server";
+
+export type SignInActionData = { errors: FormError<typeof SignIn> };
+
+const action: ActionFunction = async ({ request }) => {
+	const formData = Object.fromEntries(await request.clone().formData());
+	const validation = validate(SignIn, formData);
+	if (validation.errors) {
+		return json<SignInActionData>({ errors: validation.errors });
+	}
+
+	const searchParams = new URL(request.url).searchParams;
+	const redirectTo = searchParams.get("redirectTo");
+	const { email, password } = validation.data;
+	return authenticate({ email, password, request, successRedirect: redirectTo });
+};
+
+export default action;