set SMS send code for login optional

MadAppGang · Dec 20, 2023 · ab2b5a9 · ab2b5a9
1 parent 1b438e8
commit ab2b5a9
Showing 1 changed file with 13 additions and 1 deletion.
diff --git a/web/api/phone_login.go b/web/api/phone_login.go
@@ -41,7 +41,19 @@ func (ar *Router) RequestVerificationCode() http.HandlerFunc {
 			return
 		}
 
-		// TODO: add limiter here. Check frequency of requests.
+		//// TODO: add limiter here. Check frequency of requests.
+		// TODO: rate limiter is a function of network infrastructure. Better to use AWS WAF or similar solution.
+		_, err := ar.server.Storages().User.UserByPhone(authData.PhoneNumber)
+		if err == model.ErrUserNotFound {
+			if !ar.server.Settings().Login.AllowRegisterMissing {
+				ar.Error(w, locale, http.StatusUnauthorized, l.ErrorAPIAPPRegistrationForbidden)
+				return
+			}
+		} else if err != nil {
+			ar.Error(w, locale, http.StatusInternalServerError, l.ErrorStorageFindUserPhoneError, err)
+			return
+		}
+
 		code := randStringBytes(phoneVerificationCodeLength)
 		if err := ar.server.Storages().Verification.CreateVerificationCode(authData.PhoneNumber, code); err != nil {
 			ar.Error(w, locale, http.StatusInternalServerError, l.ErrorStorageVerificationCreateError, err)