Fix registration upload size, mail helper env variables, and verification rate limits

This commit is contained in:
ilham_gmail
2026-06-11 20:08:30 +07:00
parent 3b62f71946
commit 36e3e829ac
7 changed files with 209 additions and 36 deletions
+85 -5
View File
@@ -544,6 +544,28 @@ function openAuthModal(mode){
if(switchToRegister) switchToRegister.onclick = function(){ openAuthModal('register'); };
if(switchToLogin) switchToLogin.onclick = function(){ openAuthModal('login'); };
}catch(e){}
if(mode === 'register'){
const orgProof = document.getElementById('org_proof_input');
if(orgProof){
orgProof.addEventListener('change', function(){
const f = (orgProof.files && orgProof.files[0]) ? orgProof.files[0] : null;
if(!f) return;
const maxSize = 5 * 1024 * 1024;
const allowed = ['jpg','jpeg','png','svg','pdf'];
const ext = (f.name || '').split('.').pop().toLowerCase();
if(f.size > maxSize){
showToast('Ukuran file bukti organisasi maksimal 5MB', 'error', 5000);
orgProof.value = '';
return;
}
if(!allowed.includes(ext)){
showToast('Jenis file tidak diperbolehkan. Hanya .png, .jpg, .jpeg, .svg, atau .pdf.', 'error', 5000);
orgProof.value = '';
return;
}
});
}
}
const form = document.getElementById('auth-modal-form');
form.onsubmit = async function(ev){
ev.preventDefault();
@@ -615,6 +637,29 @@ function openAuthModal(mode){
return;
}
// Client-side rate limiting check
const limitKey = 'webgis_limit_' + btoa(email);
let limitInfo = { attempts: 0, lastTime: 0, lockedUntil: 0 };
try{
const cached = localStorage.getItem(limitKey);
if(cached) limitInfo = JSON.parse(cached);
}catch(e){}
const now = Date.now();
if(limitInfo.lockedUntil && now < limitInfo.lockedUntil){
const diff = limitInfo.lockedUntil - now;
const hours = Math.floor(diff / (3600 * 1000));
const mins = Math.ceil((diff % (3600 * 1000)) / (60 * 1000));
showToast(`Batas pengiriman kode tercapai. Anda harus menunggu ${hours} jam ${mins} menit lagi.`, 'error', 5000);
return;
}
if(limitInfo.lastTime && now - limitInfo.lastTime < 30 * 1000){
const remaining = Math.ceil((30 * 1000 - (now - limitInfo.lastTime)) / 1000);
showToast(`Silakan tunggu ${remaining} detik sebelum mengirim kembali.`, 'error', 3000);
return;
}
sendCodeBtn.disabled = true;
sendCodeBtn.textContent = 'Mengirim...';
@@ -628,23 +673,58 @@ function openAuthModal(mode){
const jr = await resp.json().catch(()=>null);
if(!resp.ok || (jr && jr.success === false)){
showToast(jr && jr.error ? jr.error : 'Gagal mengirim kode', 'error', 4000);
const errMessage = jr && jr.message ? jr.message : (jr && jr.error ? jr.error : 'Gagal mengirim kode');
showToast(errMessage, 'error', 5000);
// If locked on server side, sync client side state
if(jr && jr.error === 'locked_24h' && jr.locked_until){
limitInfo.lockedUntil = jr.locked_until;
try{ localStorage.setItem(limitKey, JSON.stringify(limitInfo)); }catch(e){}
}
sendCodeBtn.disabled = false;
sendCodeBtn.textContent = 'Kirim Kode Verifikasi';
return;
}
// Update client side rate limiting on success
limitInfo.attempts = (limitInfo.lockedUntil && now >= limitInfo.lockedUntil) ? 1 : (limitInfo.attempts + 1);
limitInfo.lastTime = now;
if(limitInfo.attempts >= 3){
limitInfo.lockedUntil = now + 24 * 3600 * 1000;
} else {
limitInfo.lockedUntil = 0;
}
try{ localStorage.setItem(limitKey, JSON.stringify(limitInfo)); }catch(e){}
authRegisterState.code_sent = true;
authRegisterState.email = email;
if(jr.debug_code){
authRegisterState.code = jr.debug_code;
const codeInput = form.querySelector('input[name="verify_code"]');
if(codeInput){
codeInput.value = jr.debug_code;
showToast('Gagal mengirim email. Menggunakan kode pengujian: ' + jr.debug_code, 'warning', 8000);
}
}
showToast('Kode verifikasi dikirim ke email Anda!', 'success', 4000);
sendCodeBtn.textContent = 'Kode Terkirim ✓';
setTimeout(() => {
sendCodeBtn.disabled = false;
}, 3000);
// Cooldown countdown timer
let cooldown = 30;
sendCodeBtn.disabled = true;
sendCodeBtn.textContent = `Kirim Ulang (${cooldown}s)`;
const timer = setInterval(() => {
cooldown--;
if(cooldown <= 0){
clearInterval(timer);
sendCodeBtn.disabled = false;
sendCodeBtn.textContent = 'Kirim Kode Verifikasi';
} else {
sendCodeBtn.textContent = `Kirim Ulang (${cooldown}s)`;
}
}, 1000);
}catch(e){
console.error(e);
showToast('Gagal mengirim kode verifikasi', 'error', 5000);