🔒 (auth) Block disposable emails during sign up

baptisteArno · Jul 27, 2023 · abc3abd · abc3abd
1 parent 320cffc
commit abc3abd
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/apps/builder/src/pages/api/auth/[...nextauth].ts b/apps/builder/src/pages/api/auth/[...nextauth].ts
@@ -16,6 +16,7 @@ import { getNewUserInvitations } from '@/features/auth/helpers/getNewUserInvitat
 import { sendVerificationRequest } from '@/features/auth/helpers/sendVerificationRequest'
 import { Ratelimit } from '@upstash/ratelimit'
 import { Redis } from '@upstash/redis/nodejs'
+import got from 'got'
 
 const providers: Provider[] = []
 
@@ -172,6 +173,14 @@ export const authOptions: AuthOptions = {
     signIn: async ({ account, user }) => {
       if (!account) return false
       const isNewUser = !('createdAt' in user && isDefined(user.createdAt))
+      if (isNewUser && user.email) {
+        const { body } = await got.get(
+          'https://raw.githubusercontent.com/disposable-email-domains/disposable-email-domains/master/disposable_email_blocklist.conf'
+        )
+        const disposableEmailDomains = body.split('\n')
+        if (disposableEmailDomains.includes(user.email.split('@')[1]))
+          return false
+      }
       if (process.env.DISABLE_SIGNUP === 'true' && isNewUser && user.email) {
         const { invitations, workspaceInvitations } =
           await getNewUserInvitations(prisma, user.email)