Add traps; user registration

app/routing/Middleware.js

@@ -12,6 +12,7 @@ const Middleware = [
     "auth:Utility",
     "auth:TrustTokenUtility",
     "SAMLUtility",
+    "Traps",
 
     // 'MiddlewareName',
 

app/routing/middleware/Traps.middleware.js

@@ -0,0 +1,61 @@
+const { Middleware } = require('libflitter')
+
+class TrapUtility {
+    constructor(req, res, configs) {
+        this.request = req
+        this.response = res
+        this.user = req.user
+        this.configs = configs
+    }
+
+    async begin(trap_name) {
+        this.user.trap = trap_name
+        this.request.trust.assume()
+        await this.user.save()
+    }
+
+    redirect() {
+        this.request.trust.assume()
+        return this.response.redirect(this.config().redirect_to)
+    }
+
+    async end() {
+        this.user.trap = ''
+        this.request.trust.unassume()
+        await this.user.save()
+    }
+
+    has_trap() {
+        return !!this.user.trap
+    }
+
+    get_trap() {
+        return this.user.trap
+    }
+
+    config() {
+        return this.configs[this.get_trap()]
+    }
+
+    allows(route) {
+        const config = this.config()
+        return route.startsWith('/assets') || config.allowed_routes.includes(route.toLowerCase().trim())
+    }
+}
+
+class TrapsMiddleware extends Middleware {
+    static get services() {
+        return [...super.services, 'models', 'configs']
+    }
+
+    async test(req, res, next, args = {}) {
+        if ( !req?.user ) return next()
+        req.trap = new TrapUtility(req, res, this.configs.get('traps.types'))
+
+        if ( !req.trap.has_trap() ) return next()
+        else if ( req.trap.allows(req.path) ) return next()
+        else return req.trap.redirect()
+    }
+}
+
+module.exports = exports = TrapsMiddleware

app/routing/middleware/auth/TrustTokenUtility.middleware.js

@@ -3,6 +3,8 @@ const moment = require('moment')
 const uuid = require('uuid/v4')
 
 class TrustManager {
+    assume_trust = false
+
     constructor(request, response) {
         this.request = request
         this.response = response
@@ -18,6 +20,19 @@ class TrustManager {
         this.request.session.trust_tokens = this.request.session.trust_tokens.filter(x => {
             return moment(new Date(x.expires)) > now
         })
+
+        this.assume_trust = !!this.request.session.trust_assume_trust
+    }
+
+    assume() {
+        this.request.session.trust_assume_trust = true
+        this.assume_trust = true
+    }
+
+    unassume() {
+        this.request.session.trust_assume_trust = false
+        this.assume_trust = false
+        this.purge()
     }
 
     init_flow(scope, next) {
@@ -66,7 +81,7 @@ class TrustManager {
     }
 
     has(scope) {
-        return this.request.session.trust_tokens.some(x => x.scope === scope)
+        return this.assume_trust || this.request.session.trust_tokens.some(x => x.scope === scope)
     }
 
     grant(scope) {

app/routing/middleware/util/Setting.middleware.js

@@ -0,0 +1,19 @@
+const { Middleware, HTTPError } = require('libflitter')
+
+class SettingMiddleware extends Middleware {
+    static get services() {
+        return [...super.services, 'models']
+    }
+
+    async test(req, res, next, { key, value = true }) {
+        const Setting = this.models.get('Setting')
+        const actual_value = await Setting.get(key)
+
+        if ( actual_value !== value )
+            throw new HTTPError(404)
+
+        return next()
+    }
+}
+
+module.exports = exports = SettingMiddleware

app/routing/routers/api/v1/auth.routes.js

@@ -40,6 +40,14 @@ const auth_routes = {
             'controller::api:v1:Auth.validate_username'
         ],
 
+        '/validate/user_exists': [
+            'controller::api:v1:Auth.user_exists',
+        ],
+
+        '/validate/email': [
+            'controller::api:v1:Auth.validate_email',
+        ],
+
         '/attempt': [
             'controller::api:v1:Auth.attempt'
         ],
@@ -77,6 +85,12 @@ const auth_routes = {
             ['middleware::api:Permission', { check: 'v1:auth:users:create' }],
             'controller::api:v1:Auth.create_user',
         ],
+
+        '/registration': [
+            ['middleware::util:Setting', { key: 'auth.allow_registration' }],
+            'middleware::auth:GuestOnly',
+            'controller::api:v1:Auth.registration',
+        ],
     },
 
     patch: {

app/routing/routers/auth/forms.routes.js

@@ -24,12 +24,14 @@ const index = {
 
     get: {
         '/:provider/register': [
+            ['middleware::util:Setting', { key: 'auth.allow_registration' }],
             'middleware::auth:ProviderRoute',
             'middleware::auth:GuestOnly',
             'middleware::auth:ProviderRegistrationEnabled',
             'controller::auth:Forms.registration_provider_get',
         ],
         '/register': [
+            ['middleware::util:Setting', { key: 'auth.allow_registration' }],
             'middleware::auth:ProviderRoute',
             'middleware::auth:GuestOnly',
             'middleware::auth:ProviderRegistrationEnabled',
@@ -67,7 +69,8 @@ const index = {
     },
 
     post: {
-        '/:provider/register': [
+        /*'/:provider/register': [
+            ['middleware::util:Setting', { key: 'auth.allow_registration' }],
             'middleware::auth:ProviderRoute',
             'middleware::auth:GuestOnly',
             'middleware::auth:ProviderRegistrationEnabled',
@@ -75,12 +78,13 @@ const index = {
             'controller::auth:Forms.registration_provider_present_user_created',
         ],
         '/register': [
+            ['middleware::util:Setting', { key: 'auth.allow_registration' }],
             'middleware::auth:ProviderRoute',
             'middleware::auth:GuestOnly',
             'middleware::auth:ProviderRegistrationEnabled',
             'controller::auth:Forms.registration_provider_create_user',
             'controller::auth:Forms.registration_provider_present_user_created',
-        ],
+        ],*/
         
         '/:provider/login': [
             'middleware::auth:ProviderRoute',