1 рік тому · 219cc94fbf
--- a/packages/backend/src/routers/change_email.js
+++ b/packages/backend/src/routers/change_email.js
@@ -79,6 +79,11 @@ const CHANGE_EMAIL_START = eggspress('/change_email/start', {
 
				         confirm_url: `${config.origin}/change_email/confirm?token=${jwt_token}`,
			
 
				         username: user.username,
			
 
				     });
			
 
				+    const old_email = user.email;
			
 
				+    // TODO: NotificationService
			
 
				+    await svc_email.send_email({ email: old_email }, 'email_change_notification', {
			
 
				+        new_email: new_email,
			
 
				+    });
			
 
				 
			
 
				     // update user
			
 
				     await db.write(
			
--- a/packages/backend/src/routers/change_username.js
+++ b/packages/backend/src/routers/change_username.js
@@ -54,6 +54,11 @@ module.exports = eggspress('/change_username', {
 
				     if(await username_exists(req.body.new_username))
			
 
				         throw APIError.create('username_already_in_use', null, { username: req.body.new_username });
			
 
				 
			
 
				+    const svc_edgeRateLimit = req.services.get('edge-rate-limit');
			
 
				+    if ( ! svc_edgeRateLimit.check('change-email-start') ) {
			
 
				+        return res.status(429).send('Too many requests.');
			
 
				+    }
			
 
				+
			
 
				     const db = Context.get('services').get('database').get(DB_WRITE, 'auth');
			
 
				 
			
 
				     // Has the user already changed their username twice this month?
			
--- a/packages/backend/src/services/EmailService.js
+++ b/packages/backend/src/services/EmailService.js
@@ -63,6 +63,17 @@ We received a request to link this email to the user "{{username}}" on Puter. If
 
				 
			
 
				 <p>
			
 
				 <a href="{{confirm_url}}">Confirm email change</a>
			
 
				+</p>
			
 
				+                `,
			
 
				+            },
			
 
				+            'email_change_notification': {
			
 
				+                subject: '\u{1f4dd} Notification of email change',
			
 
				+                html: `
			
 
				+<p>Hi there,</p>
			
 
				+<p>
			
 
				+We're sending an email to let you know about a change to your account.
			
 
				+We have sent a confirmation to "{{new_email}}" to confirm an email change request.
			
 
				+If this was not you, please contact support@puter.com immediately.
			
 
				 </p>
			
 
				                 `,
			
 
				             },
			
--- a/packages/backend/src/services/abuse-prevention/EdgeRateLimitService.js
+++ b/packages/backend/src/services/abuse-prevention/EdgeRateLimitService.js
@@ -8,7 +8,7 @@ class EdgeRateLimitService extends BaseService {
 
				     _construct () {
			
 
				         this.scopes = {
			
 
				             ['login']: {
			
 
				-                limit: 3,
			
 
				+                limit: 10,
			
 
				                 window: 15 * MINUTE,
			
 
				             },
			
 
				             ['signup']: {