Do not allow disposable emails

3 files changed, 60 insertions, 21 deletions

diff --git a/src/main/java/com/juick/service/EmailService.java b/src/main/java/com/juick/service/EmailService.java
index 614cf412..7d8126c5 100644
--- a/src/main/java/com/juick/service/EmailService.java
+++ b/src/main/java/com/juick/service/EmailService.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2008-2023, Juick
+ * Copyright (C) 2008-2024, Juick
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as
@@ -39,4 +39,5 @@ public interface EmailService {
     String getEmailByAuthCode(String code);
     void deleteAuthCode(String code);
     Integer cleanupAuthCodes();
+    boolean isValidEmail(String email);
 }
diff --git a/src/main/java/com/juick/service/EmailServiceImpl.java b/src/main/java/com/juick/service/EmailServiceImpl.java
index 383dbdaf..08aaf1b9 100644
--- a/src/main/java/com/juick/service/EmailServiceImpl.java
+++ b/src/main/java/com/juick/service/EmailServiceImpl.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2008-2020, Juick
+ * Copyright (C) 2008-2024, Juick
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as
@@ -17,13 +17,21 @@
 
 package com.juick.service;
 
+import com.fasterxml.jackson.databind.ObjectMapper;
 import com.juick.model.User;
+import jakarta.inject.Inject;
+import okhttp3.OkHttpClient;
+import okhttp3.Request;
 import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.dao.EmptyResultDataAccessException;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.MediaType;
 import org.springframework.jdbc.core.namedparam.MapSqlParameterSource;
 import org.springframework.stereotype.Repository;
 import org.springframework.transaction.annotation.Transactional;
 
+import java.io.IOException;
 import java.time.Instant;
 import java.time.ZoneOffset;
 import java.time.temporal.ChronoUnit;
@@ -36,6 +44,13 @@ import java.util.List;
 @Transactional
 public class EmailServiceImpl extends BaseJdbcService implements EmailService {
 
+    @Inject
+    private OkHttpClient httpClient;
+    @Inject
+    private ObjectMapper jsonMapper;
+
+    @Value("${email_validation_service_url:http://localhost:8080}")
+    private String emailValidationServiceUrl;
     @Override
     public boolean verifyAddressByCode(Integer userId, String code) {
         try {
@@ -120,4 +135,23 @@ public class EmailServiceImpl extends BaseJdbcService implements EmailService {
                 new MapSqlParameterSource()
                         .addValue("day", toDateTime(day.atOffset(ZoneOffset.UTC)), dateTimeType()));
     }
+
+    @Override
+    public boolean isValidEmail(String email) {
+        var request = new Request.Builder()
+                .url(emailValidationServiceUrl + "/?email=" + email)
+                .addHeader(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE)
+                .build();
+        try {
+            try(var response = httpClient.newCall(request).execute()) {
+                if (response.isSuccessful() && response.body() != null) {
+                    var account = jsonMapper.readTree(response.body().string());
+                    return account.has("disposable") && account.get("disposable").textValue().equals("false");
+                }
+            }
+        } catch (IOException e) {
+            return false;
+        }
+        return false;
+    }
 }
diff --git a/src/main/java/com/juick/www/controllers/Settings.java b/src/main/java/com/juick/www/controllers/Settings.java
index 457985b5..8d66bd36 100644
--- a/src/main/java/com/juick/www/controllers/Settings.java
+++ b/src/main/java/com/juick/www/controllers/Settings.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2008-2023, Juick
+ * Copyright (C) 2008-2024, Juick
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as
@@ -175,25 +175,29 @@ public class Settings {
                 }
                 break;
             case "email-add":
-                if (!emailService.verifyAddressByCode(visitor.getUid(), request.getParameter("account"))) {
-                    String authCode = RandomStringUtils.randomAlphanumeric(8).toUpperCase();
-                    if (emailService.addVerificationCode(visitor.getUid(), request.getParameter("account"), authCode)) {
-                        Session session = Session.getDefaultInstance(System.getProperties());
-                        try {
-                            MimeMessage message = new MimeMessage(session);
-                            message.setFrom(new InternetAddress("noreply@juick.com"));
-                            message.addRecipient(Message.RecipientType.TO, new InternetAddress(request.getParameter("account")));
-                            message.setSubject("Juick authorization link");
-                            message.setText(String.format("Follow link to attach this email to Juick account:\n" +
-                                    "http://juick.com/settings?page=auth-email&code=%s\n\n" +
-                                    "If you don't know, what this mean - just ignore this mail.\n", authCode));
-                            Transport.send(message);
-                            result = "<p>Authorization link has been sent to your email. Follow it to proceed.</p>" +
-                                    "<p><a href=\"/settings\">Back</a></p>";
+                if (!emailService.isValidEmail(request.getParameter("account"))) {
+                    result = "<p>Invalid email. <a href=\"/settings\">Back</a>.</p>";
+                } else {
+                    if (!emailService.verifyAddressByCode(visitor.getUid(), request.getParameter("account"))) {
+                        String authCode = RandomStringUtils.randomAlphanumeric(8).toUpperCase();
+                        if (emailService.addVerificationCode(visitor.getUid(), request.getParameter("account"), authCode)) {
+                            Session session = Session.getDefaultInstance(System.getProperties());
+                            try {
+                                MimeMessage message = new MimeMessage(session);
+                                message.setFrom(new InternetAddress("noreply@juick.com"));
+                                message.addRecipient(Message.RecipientType.TO, new InternetAddress(request.getParameter("account")));
+                                message.setSubject("Juick authorization link");
+                                message.setText(String.format("Follow link to attach this email to Juick account:\n" +
+                                        "http://juick.com/settings?page=auth-email&code=%s\n\n" +
+                                        "If you don't know, what this mean - just ignore this mail.\n", authCode));
+                                Transport.send(message);
+                                result = "<p>Authorization link has been sent to your email. Follow it to proceed.</p>" +
+                                        "<p><a href=\"/settings\">Back</a></p>";
 
-                        } catch (MessagingException ex) {
-                            logger.error("mail exception", ex);
-                            throw new HttpBadRequestException();
+                            } catch (MessagingException ex) {
+                                logger.error("mail exception", ex);
+                                throw new HttpBadRequestException();
+                            }
                         }
                     }
                 }