📩 feat: invite user

api/models/Token.js

@@ -0,0 +1,117 @@
+const tokenSchema = require('./schema/tokenSchema');
+const mongoose = require('mongoose');
+const { logger } = require('~/config');
+
+/**
+ * Token model.
+ * @type {mongoose.Model}
+ */
+const Token = mongoose.model('Token', tokenSchema);
+
+/**
+ * Creates a new Token instance.
+ * @param {Object} tokenData - The data for the new Token.
+ * @param {mongoose.Types.ObjectId} tokenData.userId - The user's ID. It is required.
+ * @param {String} tokenData.email - The user's email.
+ * @param {String} tokenData.token - The token. It is required.
+ * @param {Number} tokenData.expiresIn - The number of seconds until the token expires.
+ * @returns {Promise<mongoose.Document>} The new Token instance.
+ * @throws Will throw an error if token creation fails.
+ */
+async function createToken(tokenData) {
+  try {
+    const currentTime = new Date();
+    const expiresAt = new Date(currentTime.getTime() + tokenData.expiresIn * 1000);
+
+    const newTokenData = {
+      ...tokenData,
+      createdAt: currentTime,
+      expiresAt,
+    };
+
+    const newToken = new Token(newTokenData);
+    return await newToken.save();
+  } catch (error) {
+    logger.debug('An error occurred while creating token:', error);
+    throw error;
+  }
+}
+
+/**
+ * Finds a Token document that matches the provided query.
+ * @param {Object} query - The query to match against.
+ * @param {mongoose.Types.ObjectId|String} query.userId - The ID of the user.
+ * @param {String} query.token - The token value.
+ * @param {String} query.email - The email of the user.
+ * @returns {Promise<Object|null>} The matched Token document, or null if not found.
+ * @throws Will throw an error if the find operation fails.
+ */
+async function findToken(query) {
+  try {
+    const conditions = [];
+
+    if (query.userId) {
+      conditions.push({ userId: query.userId });
+    }
+    if (query.token) {
+      conditions.push({ token: query.token });
+    }
+    if (query.email) {
+      conditions.push({ email: query.email });
+    }
+
+    const token = await Token.findOne({
+      $and: conditions,
+    }).lean();
+
+    return token;
+  } catch (error) {
+    logger.debug('An error occurred while finding token:', error);
+    throw error;
+  }
+}
+
+/**
+ * Updates a Token document that matches the provided query.
+ * @param {Object} query - The query to match against.
+ * @param {mongoose.Types.ObjectId|String} query.userId - The ID of the user.
+ * @param {String} query.token - The token value.
+ * @param {Object} updateData - The data to update the Token with.
+ * @returns {Promise<mongoose.Document|null>} The updated Token document, or null if not found.
+ * @throws Will throw an error if the update operation fails.
+ */
+async function updateToken(query, updateData) {
+  try {
+    return await Token.findOneAndUpdate(query, updateData, { new: true });
+  } catch (error) {
+    logger.debug('An error occurred while updating token:', error);
+    throw error;
+  }
+}
+
+/**
+ * Deletes all Token documents that match the provided token, user ID, or email.
+ * @param {Object} query - The query to match against.
+ * @param {mongoose.Types.ObjectId|String} query.userId - The ID of the user.
+ * @param {String} query.token - The token value.
+ * @param {String} query.email - The email of the user.
+ * @returns {Promise<Object>} The result of the delete operation.
+ * @throws Will throw an error if the delete operation fails.
+ */
+async function deleteTokens(query) {
+  try {
+    return await Token.deleteMany({
+      $or: [{ userId: query.userId }, { token: query.token }, { email: query.email }],
+    });
+  } catch (error) {
+    logger.debug('An error occurred while deleting tokens:', error);
+    throw error;
+  }
+}
+
+module.exports = {
+  createToken,
+  findToken,
+  updateToken,
+  deleteTokens,
+};

api/models/index.js

@@ -1,11 +1,3 @@
-const {
-  getMessages,
-  saveMessage,
-  recordMessage,
-  updateMessage,
-  deleteMessagesSince,
-  deleteMessages,
-} = require('./Message');
 const {
   comparePassword,
   deleteUserById,
@@ -16,8 +8,6 @@ const {
   countUsers,
   findUser,
 } = require('./userMethods');
-const { getConvoTitle, getConvo, saveConvo, deleteConvos } = require('./Conversation');
-const { getPreset, getPresets, savePreset, deletePresets } = require('./Preset');
 const {
   findFileById,
   createFile,
@@ -27,26 +17,40 @@ const {
   getFiles,
   updateFileUsage,
 } = require('./File');
-const Key = require('./Key');
-const User = require('./User');
+const {
+  getMessages,
+  saveMessage,
+  recordMessage,
+  updateMessage,
+  deleteMessagesSince,
+  deleteMessages,
+} = require('./Message');
+const { getConvoTitle, getConvo, saveConvo, deleteConvos } = require('./Conversation');
+const { getPreset, getPresets, savePreset, deletePresets } = require('./Preset');
+const { createToken, findToken, updateToken, deleteTokens } = require('./Token');
 const Session = require('./Session');
 const Balance = require('./Balance');
+const User = require('./User');
+const Key = require('./Key');
 
 module.exports = {
-  User,
-  Key,
-  Session,
-  Balance,
-
   comparePassword,
   deleteUserById,
   generateToken,
   getUserById,
-  countUsers,
-  createUser,
   updateUser,
+  createUser,
+  countUsers,
   findUser,
 
+  findFileById,
+  createFile,
+  updateFile,
+  deleteFile,
+  deleteFiles,
+  getFiles,
+  updateFileUsage,
+
   getMessages,
   saveMessage,
   recordMessage,
@@ -64,11 +68,13 @@ module.exports = {
   savePreset,
   deletePresets,
 
-  findFileById,
-  createFile,
-  updateFile,
-  deleteFile,
-  deleteFiles,
-  getFiles,
-  updateFileUsage,
+  createToken,
+  findToken,
+  updateToken,
+  deleteTokens,
+
+  User,
+  Key,
+  Session,
+  Balance,
 };

api/models/inviteUser.js

@@ -0,0 +1,67 @@
+const crypto = require('crypto');
+const bcrypt = require('bcryptjs');
+const mongoose = require('mongoose');
+const { createToken, findToken } = require('./Token');
+const logger = require('~/config/winston');
+
+/**
+ * @module inviteUser
+ * @description This module provides functions to create and get user invites
+ */
+
+module.exports = {
+  /**
+   * @function createInvite
+   * @description This function creates a new user invite
+   * @param {string} email - The email of the user to invite
+   * @returns {Promise<Object>} A promise that resolves to the saved invite document
+   * @throws {Error} If there is an error creating the invite
+   */
+  createInvite: async (email) => {
+    try {
+      let token = crypto.randomBytes(32).toString('hex');
+      const hash = bcrypt.hashSync(token, 10);
+      const encodedToken = encodeURIComponent(token);
+
+      const fakeUserId = new mongoose.Types.ObjectId();
+
+      await createToken({
+        userId: fakeUserId,
+        email,
+        token: hash,
+        createdAt: Date.now(),
+        expiresIn: 604800,
+      });
+
+      return encodedToken;
+    } catch (error) {
+      logger.error('[createInvite] Error creating invite', error);
+      return { message: 'Error creating invite' };
+    }
+  },
+
+  /**
+   * @function getInvite
+   * @description This function retrieves a user invite
+   * @param {string} encodedToken - The token of the invite to retrieve
+   * @param {string} email - The email of the user to validate
+   * @returns {Promise<Object>} A promise that resolves to the retrieved invite document
+   * @throws {Error} If there is an error retrieving the invite, if the invite does not exist, or if the email does not match
+   */
+  getInvite: async (encodedToken, email) => {
+    try {
+      const token = decodeURIComponent(encodedToken);
+      const hash = bcrypt.hashSync(token, 10);
+      const invite = await findToken({ token: hash, email });
+
+      if (!invite) {
+        throw new Error('Invite not found or email does not match');
+      }
+
+      return invite;
+    } catch (error) {
+      logger.error('[getInvite] Error getting invite', error);
+      return { error: true, message: error.message };
+    }
+  },
+};

api/models/schema/tokenSchema.js

@@ -18,8 +18,13 @@ const tokenSchema = new Schema({
     type: Date,
     required: true,
     default: Date.now,
-    expires: 900,
+  },
+  expiresAt: {
+    type: Date,
+    required: true,
   },
 });
 
-module.exports = mongoose.model('Token', tokenSchema);
+tokenSchema.index({ expiresAt: 1 }, { expireAfterSeconds: 0 });
+
+module.exports = tokenSchema;

api/package.json

@@ -12,6 +12,7 @@
     "list-balances": "node ./list-balances.js",
     "user-stats": "node ./user-stats.js",
     "create-user": "node ./create-user.js",
+    "invite-user": "node ./invite-user.js",
     "ban-user": "node ./ban-user.js",
     "delete-user": "node ./delete-user.js"
   },

api/server/middleware/checkInviteUser.js

@@ -0,0 +1,27 @@
+const { getInvite } = require('~/models/inviteUser');
+const { deleteTokens } = require('~/models/Token');
+
+async function checkInviteUser(req, res, next) {
+  const token = req.body.token;
+
+  if (!token || token === 'undefined') {
+    next();
+    return;
+  }
+
+  try {
+    const invite = await getInvite(token, req.body.email);
+
+    if (!invite || invite.error === true) {
+      return res.status(400).json({ message: 'Invalid invite token' });
+    }
+
+    await deleteTokens({ token: invite.token });
+    req.invite = invite;
+    next();
+  } catch (error) {
+    return res.status(429).json({ message: error.message });
+  }
+}
+
+module.exports = checkInviteUser;

api/server/middleware/index.js

@@ -10,6 +10,7 @@ const requireLocalAuth = require('./requireLocalAuth');
 const canDeleteAccount = require('./canDeleteAccount');
 const requireLdapAuth = require('./requireLdapAuth');
 const abortMiddleware = require('./abortMiddleware');
+const checkInviteUser = require('./checkInviteUser');
 const requireJwtAuth = require('./requireJwtAuth');
 const validateModel = require('./validateModel');
 const moderateText = require('./moderateText');
@@ -33,6 +34,7 @@ module.exports = {
   moderateText,
   validateModel,
   requireJwtAuth,
+  checkInviteUser,
   requireLdapAuth,
   requireLocalAuth,
   canDeleteAccount,

api/server/middleware/validateRegistration.js

@@ -1,10 +1,16 @@
 const { isEnabled } = require('~/server/utils');
 
 function validateRegistration(req, res, next) {
+  if (req.invite) {
+    return next();
+  }
+
   if (isEnabled(process.env.ALLOW_REGISTRATION)) {
     next();
   } else {
-    res.status(403).send('Registration is not allowed.');
+    return res.status(403).json({
+      message: 'Registration is not allowed.',
+    });
   }
 }
 

api/server/routes/auth.js

@@ -11,6 +11,7 @@ const {
   checkBan,
   loginLimiter,
   requireJwtAuth,
+  checkInviteUser,
   registerLimiter,
   requireLdapAuth,
   requireLocalAuth,
@@ -32,7 +33,14 @@ router.post(
   loginController,
 );
 router.post('/refresh', refreshController);
-router.post('/register', registerLimiter, checkBan, validateRegistration, registrationController);
+router.post(
+  '/register',
+  registerLimiter,
+  checkBan,
+  checkInviteUser,
+  validateRegistration,
+  registrationController,
+);
 router.post(
   '/requestPasswordReset',
   resetPasswordLimiter,