Leahnaya/account
1
0
Fork 0
mirror of https://github.com/PretendoNetwork/account.git synced 2026-04-25 15:41:36 -05:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

chore: revert support revert
Some checks failed
Build and Publish Docker Image / build-publish (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Jonathan Barrow 2025-05-09 18:44:03 -04:00
parent 6434e7ce13
commit a1b5cea250
No known key found for this signature in database
GPG Key ID: 2A7DAA6DED5A77E5
1 changed files with 51 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
src/services/nnas/routes/support.ts
View File

@ -3,8 +3,57 @@ import express from 'express';
import xmlbuilder from 'xmlbuilder';
import moment from 'moment';
import { getPNIDByEmailAddress, getPNIDByPID } from '@/database';
import { Device } from '@/models/device';
import { sendEmailConfirmedEmail, sendConfirmationEmail, sendForgotPasswordEmail, sendEmailConfirmedParentalControlsEmail } from '@/util';
// * Middleware to ensure the input device is valid
// TODO - Make this available for more routes? This could be useful elsewhere
async function validateDeviceIDMiddleware(request: express.Request, response: express.Response, next: express.NextFunction): Promise<void> {
const deviceID = request.header('x-nintendo-device-id');
const serial = request.header('x-nintendo-serial-number');
// * Since these values are linked at the time of device creation, and the
// * device ID is always validated against the device certificate for legitimacy
// * we can safely assume that every console hitting our servers through normal
// * means will be stored correctly. And since once both values are set they
// * cannot be changed, these checks will always be safe
const device = await Device.findOne({
device_id: Number(deviceID),
serial: serial
});
if (!device) {
response.status(400).send(xmlbuilder.create({
errors: {
error: {
cause: 'device_id',
code: '0113',
message: 'Unauthorized device'
}
}
}).end());
return;
}
if (device.access_level < 0) {
response.status(400).send(xmlbuilder.create({
errors: {
error: {
code: '0012',
message: 'Device has been banned by game server' // TODO - This is not the right error message
}
}
}).end());
return;
}
// TODO - Once we push support for linking PNIDs to consoles, also check if the PID is linked or not
next();
}
const router = express.Router();
/**
@ -101,7 +150,7 @@ router.put('/email_confirmation/:pid/:code', async (request: express.Request, re
* Replacement for: https://account.nintendo.net/v1/api/support/resend_confirmation
* Description: Resends a users confirmation email
*/
router.get('/resend_confirmation', async (request: express.Request, response: express.Response): Promise<void> => {
router.get('/resend_confirmation', validateDeviceIDMiddleware, async (request: express.Request, response: express.Response): Promise<void> => {
const pid = Number(request.headers['x-nintendo-pid']);
const pnid = await getPNIDByPID(pid);
@ -160,7 +209,7 @@ router.get('/send_confirmation/pin/:email', async (request: express.Request, res
* Description: Sends the user a password reset email
* NOTE: On NN this was a temp password that expired after 24 hours. We do not do that
*/
router.get('/forgotten_password/:pid', async (request: express.Request, response: express.Response): Promise<void> => {
router.get('/forgotten_password/:pid', validateDeviceIDMiddleware, async (request: express.Request, response: express.Response): Promise<void> => {
const pid = Number(request.params.pid);
const pnid = await getPNIDByPID(pid);