feat: Add legal requirements (#1306)

2025-12-18 01:11:13 +03:00 · 2025-08-21 15:10:02 +02:00
parent bb40a22563
commit 2f4bcb0583
122 changed files with 1522 additions and 81 deletions
--- a/server/api/controllers/access-tokens/create.js
+++ b/server/api/controllers/access-tokens/create.js
@@ -4,7 +4,6 @@
 */

 const bcrypt = require('bcrypt');
-const { v4: uuid } = require('uuid');

 const { isEmailOrUsername } = require('../../../utils/validators');
 const { getRemoteAddress } = require('../../../utils/remote-address');
@@ -22,6 +21,9 @@ const Errors = {
  USE_SINGLE_SIGN_ON: {
    useSingleSignOn: 'Use single sign-on',
  },
+  TERMS_ACCEPTANCE_REQUIRED: {
+    termsAcceptanceRequired: 'Terms acceptance required',
+  },
 };

 module.exports = {
@@ -39,7 +41,6 @@ module.exports = {
    },
    withHttpOnlyToken: {
      type: 'boolean',
-      defaultsTo: false,
    },
  },

@@ -56,6 +57,12 @@ module.exports = {
    useSingleSignOn: {
      responseType: 'forbidden',
    },
+    termsAcceptanceRequired: {
+      responseType: 'forbidden',
+    },
+    adminLoginRequiredToInitializeInstance: {
+      responseType: 'forbidden',
+    },
  },

  async fn(inputs) {
@@ -90,26 +97,19 @@ module.exports = {
        : Errors.INVALID_CREDENTIALS;
    }

-    const { token: accessToken, payload: accessTokenPayload } = sails.helpers.utils.createJwtToken(
-      user.id,
-    );
-
-    const httpOnlyToken = inputs.withHttpOnlyToken ? uuid() : null;
-
-    await Session.qm.createOne({
-      accessToken,
-      httpOnlyToken,
-      remoteAddress,
-      userId: user.id,
-      userAgent: this.req.headers['user-agent'],
-    });
-
-    if (httpOnlyToken && !this.req.isSocket) {
-      sails.helpers.utils.setHttpOnlyTokenCookie(httpOnlyToken, accessTokenPayload, this.res);
-    }
-
-    return {
-      item: accessToken,
-    };
+    return sails.helpers.accessTokens.handleSteps
+      .with({
+        user,
+        remoteAddress,
+        request: this.req,
+        response: this.res,
+        withHttpOnlyToken: inputs.withHttpOnlyToken,
+      })
+      .intercept('adminLoginRequiredToInitializeInstance', (error) => ({
+        adminLoginRequiredToInitializeInstance: error.raw,
+      }))
+      .intercept('termsAcceptanceRequired', (error) => ({
+        termsAcceptanceRequired: error.raw,
+      }));
  },
 };