Fix account approval bypass and enforce AI verification
This commit is contained in:
Antigravity
parent
0d4d27cdc1
commit
1635c70eb3
20
app.py
20
app.py
|
|
@ -476,9 +476,17 @@ def on_join(data):
|
|||
hashed = bcrypt.hashpw(password.encode(), bcrypt.gensalt()).decode()
|
||||
db_user = User(username=username, password_hash=hashed, email=email)
|
||||
db.session.add(db_user); db.session.commit()
|
||||
user.update(user_id=db_user.id, is_registered=True,
|
||||
has_ai_access=False, ai_messages_used=0)
|
||||
token = _issue_jwt(db_user.id, db_user.username)
|
||||
|
||||
# DO NOT login yet – stay as guest and wait for mod
|
||||
emit("joined", {
|
||||
"username": username,
|
||||
"is_admin": False,
|
||||
"is_registered": False,
|
||||
"has_ai_access": False,
|
||||
"ai_messages_used": 0,
|
||||
"system_msg": "Account created! Please wait for a moderator to verify you before logging in."
|
||||
})
|
||||
return
|
||||
|
||||
elif mode == "login":
|
||||
db_user = User.query.filter(
|
||||
|
|
@ -645,6 +653,8 @@ def on_pm_message(data):
|
|||
if f":{AI_BOT_NAME.lower()}" in room.lower():
|
||||
if not user.get("user_id"):
|
||||
emit("error", {"msg": "You must be registered to chat with Violet."}); return
|
||||
if not user.get("is_verified"):
|
||||
emit("error", {"msg": "Your account is pending moderator approval. Please wait to chat with Violet."}); return
|
||||
if not user.get("has_ai_access") and user.get("ai_messages_used", 0) >= AI_FREE_LIMIT:
|
||||
emit("pm_message", {"from": AI_BOT_NAME, "text": "ai_limit_reached", "room": room, "system": True}, to=sid)
|
||||
return
|
||||
|
|
@ -801,6 +811,10 @@ def on_verify(data):
|
|||
target_info = connected_users.get(target_sid)
|
||||
if target_info:
|
||||
target_info["is_verified"] = True
|
||||
socketio.emit("system", {
|
||||
"msg": "🎉 **Your account has been verified!** You can now log in to access persistent features and chat with Violet.",
|
||||
"ts": _ts()
|
||||
}, to=target_sid)
|
||||
|
||||
socketio.emit("system", {"msg": f"✅ **{target_user.username}** has been verified by a moderator.", "ts": _ts()}, to=LOBBY)
|
||||
socketio.emit("nicklist", {"users": _get_nicklist()}, to=LOBBY)
|
||||
|
|
|
|||
|
|
@ -143,6 +143,10 @@ socket.on("joined", (data) => {
|
|||
joinScreen.classList.add("hidden");
|
||||
chatScreen.classList.remove("hidden");
|
||||
updateVioletBadge();
|
||||
|
||||
if (data.system_msg) {
|
||||
addMessage("lobby", { system: true, text: data.system_msg });
|
||||
}
|
||||
});
|
||||
|
||||
socket.on("error", (data) => {
|
||||
|
|
|
|||
Loading…
Reference in New Issue