Fix account approval bypass and enforce AI verification
This commit is contained in:
Antigravity
parent
0d4d27cdc1
commit
1635c70eb3
20
app.py
20
app.py
|
|
@ -476,9 +476,17 @@ def on_join(data):
|
||||||
hashed = bcrypt.hashpw(password.encode(), bcrypt.gensalt()).decode()
|
hashed = bcrypt.hashpw(password.encode(), bcrypt.gensalt()).decode()
|
||||||
db_user = User(username=username, password_hash=hashed, email=email)
|
db_user = User(username=username, password_hash=hashed, email=email)
|
||||||
db.session.add(db_user); db.session.commit()
|
db.session.add(db_user); db.session.commit()
|
||||||
user.update(user_id=db_user.id, is_registered=True,
|
|
||||||
has_ai_access=False, ai_messages_used=0)
|
# DO NOT login yet – stay as guest and wait for mod
|
||||||
token = _issue_jwt(db_user.id, db_user.username)
|
emit("joined", {
|
||||||
|
"username": username,
|
||||||
|
"is_admin": False,
|
||||||
|
"is_registered": False,
|
||||||
|
"has_ai_access": False,
|
||||||
|
"ai_messages_used": 0,
|
||||||
|
"system_msg": "Account created! Please wait for a moderator to verify you before logging in."
|
||||||
|
})
|
||||||
|
return
|
||||||
|
|
||||||
elif mode == "login":
|
elif mode == "login":
|
||||||
db_user = User.query.filter(
|
db_user = User.query.filter(
|
||||||
|
|
@ -645,6 +653,8 @@ def on_pm_message(data):
|
||||||
if f":{AI_BOT_NAME.lower()}" in room.lower():
|
if f":{AI_BOT_NAME.lower()}" in room.lower():
|
||||||
if not user.get("user_id"):
|
if not user.get("user_id"):
|
||||||
emit("error", {"msg": "You must be registered to chat with Violet."}); return
|
emit("error", {"msg": "You must be registered to chat with Violet."}); return
|
||||||
|
if not user.get("is_verified"):
|
||||||
|
emit("error", {"msg": "Your account is pending moderator approval. Please wait to chat with Violet."}); return
|
||||||
if not user.get("has_ai_access") and user.get("ai_messages_used", 0) >= AI_FREE_LIMIT:
|
if not user.get("has_ai_access") and user.get("ai_messages_used", 0) >= AI_FREE_LIMIT:
|
||||||
emit("pm_message", {"from": AI_BOT_NAME, "text": "ai_limit_reached", "room": room, "system": True}, to=sid)
|
emit("pm_message", {"from": AI_BOT_NAME, "text": "ai_limit_reached", "room": room, "system": True}, to=sid)
|
||||||
return
|
return
|
||||||
|
|
@ -801,6 +811,10 @@ def on_verify(data):
|
||||||
target_info = connected_users.get(target_sid)
|
target_info = connected_users.get(target_sid)
|
||||||
if target_info:
|
if target_info:
|
||||||
target_info["is_verified"] = True
|
target_info["is_verified"] = True
|
||||||
|
socketio.emit("system", {
|
||||||
|
"msg": "🎉 **Your account has been verified!** You can now log in to access persistent features and chat with Violet.",
|
||||||
|
"ts": _ts()
|
||||||
|
}, to=target_sid)
|
||||||
|
|
||||||
socketio.emit("system", {"msg": f"✅ **{target_user.username}** has been verified by a moderator.", "ts": _ts()}, to=LOBBY)
|
socketio.emit("system", {"msg": f"✅ **{target_user.username}** has been verified by a moderator.", "ts": _ts()}, to=LOBBY)
|
||||||
socketio.emit("nicklist", {"users": _get_nicklist()}, to=LOBBY)
|
socketio.emit("nicklist", {"users": _get_nicklist()}, to=LOBBY)
|
||||||
|
|
|
||||||
|
|
@ -143,6 +143,10 @@ socket.on("joined", (data) => {
|
||||||
joinScreen.classList.add("hidden");
|
joinScreen.classList.add("hidden");
|
||||||
chatScreen.classList.remove("hidden");
|
chatScreen.classList.remove("hidden");
|
||||||
updateVioletBadge();
|
updateVioletBadge();
|
||||||
|
|
||||||
|
if (data.system_msg) {
|
||||||
|
addMessage("lobby", { system: true, text: data.system_msg });
|
||||||
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
socket.on("error", (data) => {
|
socket.on("error", (data) => {
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue