105 lines
2.7 KiB
PHP
105 lines
2.7 KiB
PHP
<?php
|
|
|
|
use JoeacNet\Http\Config;
|
|
use JoeacNet\Http\Db;
|
|
use JoeacNet\Http\Mail;
|
|
|
|
require_once __DIR__ . "/../../php/config.php";
|
|
require_once __DIR__ . "/../../php/db.php";
|
|
require_once __DIR__ . "/../../php/mail.php";
|
|
|
|
const SEND_OTP_TYPES = ["email"];
|
|
|
|
$db = Db\connectDb();
|
|
|
|
$payload = json_decode(file_get_contents("php://input"), true);
|
|
$email = getEmailFromPayloadAndValidate($payload);
|
|
$name = getNameFromPayloadAndValidate($payload);
|
|
$type = getTypeFromPayloadAndValidate($payload);
|
|
|
|
limitMaxDailyEmails(db: $db, email: $email, name: $name);
|
|
|
|
$otp = strtoupper(bin2hex(random_bytes(3)));
|
|
$prettyOtp = substr($otp, 0, 3) . "-" . substr($otp, 3, 6);
|
|
Db\insertOtp(db: $db, userId: $email, otp: $otp);
|
|
|
|
try {
|
|
$messageId = Mail\sendEmail(
|
|
toEmail: $email,
|
|
toName: $name,
|
|
subject: "joeac.net: your OTP is $prettyOtp",
|
|
body: <<<BODY
|
|
Someone tried to use this email address on joeac.net. If this was you,
|
|
your one-time passcode is $prettyOtp. If this wasn't you, you don't need
|
|
to do anything.
|
|
BODY,
|
|
);
|
|
} catch (Exception $e) {
|
|
error_log("Email could not be sent: $e");
|
|
http_response_code(500);
|
|
echo "Email could not be sent: $e";
|
|
exit();
|
|
}
|
|
|
|
Db\recordSentEmail($db, $messageId);
|
|
syslog(LOG_INFO, "Sent OTP ($prettyOtp) to $email. Message ID: $messageId");
|
|
|
|
http_response_code(200);
|
|
echo $messageId;
|
|
exit();
|
|
|
|
/// functions ///
|
|
|
|
function limitMaxDailyEmails(PDO $db, string $email, string $name)
|
|
{
|
|
$countEmailsSentLast24Hours = Db\countEmailsSentLast24Hours($db);
|
|
if ($countEmailsSentLast24Hours > Config\maxDailyEmails()) {
|
|
$msg =
|
|
"$name <$email> requested an OTP email, but $countEmailsSentLast24Hours emails have already been sent, whereas the max daily load is " .
|
|
Config\maxDailyEmails() .
|
|
".";
|
|
syslog(LOG_WARNING, $msg);
|
|
http_response_code(500);
|
|
echo $msg;
|
|
exit();
|
|
}
|
|
}
|
|
|
|
function getNameFromPayloadAndValidate(array $payload): string
|
|
{
|
|
$name = (string) $payload["name"];
|
|
if (is_null($name) || $name == "") {
|
|
http_response_code(400);
|
|
echo "name must not be empty";
|
|
exit();
|
|
}
|
|
return $name;
|
|
}
|
|
|
|
function getEmailFromPayloadAndValidate(array $payload): string
|
|
{
|
|
$email = (string) $payload["email"];
|
|
if (is_null($email) || $email == "") {
|
|
http_response_code(400);
|
|
echo "email must not be empty";
|
|
exit();
|
|
}
|
|
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
|
|
http_response_code(400);
|
|
echo "<$email> is not a valid email address.";
|
|
exit();
|
|
}
|
|
return $email;
|
|
}
|
|
|
|
function getTypeFromPayloadAndValidate(array $payload): string
|
|
{
|
|
$type = (string) $payload["type"];
|
|
if (!in_array($type, SEND_OTP_TYPES)) {
|
|
http_response_code(400);
|
|
echo "type must be one of: " . SEND_OTP_TYPES;
|
|
exit();
|
|
}
|
|
return $type;
|
|
}
|