-
Notifications
You must be signed in to change notification settings - Fork 2.2k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
f506bf0
commit f20c674
Showing
1 changed file
with
24 additions
and
8 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -2,6 +2,7 @@ | |
|
|
||
| import { ratelimit, redis } from "@/lib/upstash"; | ||
| import { prisma } from "@dub/prisma"; | ||
| import { get } from "@vercel/edge-config"; | ||
| import { sendEmail } from "emails"; | ||
| import VerifyEmail from "emails/verify-email"; | ||
| import { flattenValidationErrors } from "next-safe-action"; | ||
|
|
@@ -33,22 +34,37 @@ export const sendOtpAction = actionClient | |
| throw new Error("Too many requests. Please try again later."); | ||
| } | ||
|
|
||
| if (email.includes("+") && email.endsWith("@gmail.com")) { | ||
| throw new Error( | ||
| "Email addresses with + are not allowed. Please use your work email instead.", | ||
| ); | ||
| } | ||
|
|
||
| const domain = email.split("@")[1]; | ||
| const isDisposable = await redis.sismember( | ||
| "disposableEmailDomains", | ||
| domain, | ||
| ); | ||
|
|
||
| const [isDisposable, emailDomainTerms] = await Promise.all([ | ||
| redis.sismember("disposableEmailDomains", domain), | ||
| get("emailDomainTerms"), | ||
| ]); | ||
|
|
||
| if (isDisposable) { | ||
| throw new Error( | ||
| "Disposable email addresses are not allowed. If you think this is a mistake, please contact us at [email protected]", | ||
| "Invalid email address – please use your work email instead. If you think this is a mistake, please contact us at [email protected]", | ||
| ); | ||
| } | ||
|
|
||
| if (email.includes("+") && email.endsWith("@gmail.com")) { | ||
| throw new Error( | ||
| "Email addresses with + are not allowed. Please use your work email instead.", | ||
| if (emailDomainTerms && Array.isArray(emailDomainTerms)) { | ||
| const blacklistedEmailDomainTermsRegex = new RegExp( | ||
| emailDomainTerms | ||
| .map((term: string) => term.replace(/[.*+?^${}()|[\]\\]/g, "\\$&")) // replace special characters with escape sequences | ||
| .join("|"), | ||
| ); | ||
|
|
||
| if (blacklistedEmailDomainTermsRegex.test(domain)) { | ||
| throw new Error( | ||
| "Invalid email address – please use your work email instead. If you think this is a mistake, please contact us at [email protected]", | ||
| ); | ||
| } | ||
| } | ||
|
|
||
| const code = generateOTP(); | ||
|
|
||