JhumanJ · chiragchhatrala · Dec 10, 2024 · Dec 10, 2024 · Dec 10, 2024 · Dec 10, 2024
diff --git a/api/app/Http/Controllers/Auth/RegisterController.php b/api/app/Http/Controllers/Auth/RegisterController.php
@@ -12,6 +12,7 @@
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Validator;
 use Illuminate\Validation\Rule;
+use App\Rules\ValidHCaptcha;
 
 class RegisterController extends Controller
 {
@@ -27,6 +28,10 @@ class RegisterController extends Controller
     public function __construct()
     {
         $this->middleware('guest');
+        if (app()->environment() !== 'testing') {
+            $this->middleware('throttle:5,1')->only('register'); // 5 attempts per minute
+            $this->middleware('throttle:30,60')->only('register'); // 30 attempts per hour
+        }
     }
 
     /**
@@ -56,16 +61,22 @@ protected function registered(Request $request, User $user)
      */
     protected function validator(array $data)
     {
-        return Validator::make($data, [
+        $rules = [
             'name' => 'required|max:255',
             'email' => 'required|email:filter|max:255|unique:users|indisposable',
             'password' => 'required|min:6|confirmed',
             'hear_about_us' => 'required|string',
             'agree_terms' => ['required', Rule::in([true])],
             'appsumo_license' => ['nullable'],
             'invite_token' => ['nullable', 'string'],
-            'utm_data' => ['nullable', 'array']
-        ], [
+            'utm_data' => ['nullable', 'array'],
+        ];
+
+        if (config('services.h_captcha.secret_key')) {
+            $rules['h-captcha-response'] = [new ValidHCaptcha()];
+        }
+
+        return Validator::make($data, $rules, [
             'agree_terms' => 'Please agree with the terms and conditions.',
         ]);
     }
@@ -84,6 +95,7 @@ protected function create(array $data)
             'password' => bcrypt($data['password']),
             'hear_about_us' => $data['hear_about_us'],
             'utm_data' => array_key_exists('utm_data', $data) ? $data['utm_data'] : null,
+            'meta' => ['registration_ip' => request()->ip()],
         ]);
 
         // Add relation with user

diff --git a/api/app/Http/Requests/Integration/FormIntegrationsRequest.php b/api/app/Http/Requests/Integration/FormIntegrationsRequest.php
@@ -2,6 +2,7 @@
 
 namespace App\Http\Requests\Integration;
 
+use App\Models\Forms\Form;
 use App\Models\Integration\FormIntegration;
 use App\Rules\IntegrationLogicRule;
 use Illuminate\Foundation\Http\FormRequest;
@@ -14,9 +15,11 @@ class FormIntegrationsRequest extends FormRequest
     public array $integrationRules = [];
 
     private ?string $integrationClassName = null;
+    private ?Form $form = null;
 
     public function __construct(Request $request)
     {
+        $this->form = Form::findOrFail(request()->route('id'));
         if ($request->integration_id) {
             // Load integration class, and get rules
             $integration = FormIntegration::getIntegration($request->integration_id);
@@ -77,7 +80,7 @@ protected function isOAuthRequired(): bool
 
     private function loadIntegrationRules()
     {
-        foreach ($this->integrationClassName::getValidationRules() as $key => $value) {
+        foreach ($this->integrationClassName::getValidationRules($this->form) as $key => $value) {
             $this->integrationRules['settings.' . $key] = $value;
         }
     }

diff --git a/api/app/Integrations/Handlers/AbstractIntegrationHandler.php b/api/app/Integrations/Handlers/AbstractIntegrationHandler.php
@@ -94,7 +94,7 @@ public function handle(): void
         Http::throw()->post($this->getWebhookUrl(), $this->getWebhookData());
     }
 
-    abstract public static function getValidationRules(): array;
+    abstract public static function getValidationRules(?Form $form): array;
 
     public static function isOAuthRequired(): bool
     {

diff --git a/api/app/Integrations/Handlers/DiscordIntegration.php b/api/app/Integrations/Handlers/DiscordIntegration.php
@@ -2,14 +2,15 @@
 
 namespace App\Integrations\Handlers;
 
+use App\Models\Forms\Form;
 use App\Open\MentionParser;
 use App\Service\Forms\FormSubmissionFormatter;
 use Illuminate\Support\Arr;
 use Vinkla\Hashids\Facades\Hashids;
 
 class DiscordIntegration extends AbstractIntegrationHandler
 {
-    public static function getValidationRules(): array
+    public static function getValidationRules(?Form $form): array
     {
         return [
             'discord_webhook_url' => 'required|url|starts_with:https://discord.com/api/webhooks',

diff --git a/api/app/Integrations/Handlers/EmailIntegration.php b/api/app/Integrations/Handlers/EmailIntegration.php
@@ -2,20 +2,23 @@
 
 namespace App\Integrations\Handlers;
 
+use App\Models\Forms\Form;
+use App\Models\Integration\FormIntegration;
 use App\Notifications\Forms\FormEmailNotification;
 use Illuminate\Support\Facades\Log;
 use Illuminate\Support\Facades\Notification;
 use App\Open\MentionParser;
 use App\Service\Forms\FormSubmissionFormatter;
+use Illuminate\Validation\ValidationException;
 
 class EmailIntegration extends AbstractEmailIntegrationHandler
 {
     public const RISKY_USERS_LIMIT = 120;
 
-    public static function getValidationRules(): array
+    public static function getValidationRules(?Form $form): array
     {
-        return [
-            'send_to' => 'required',
+        $rules = [
+            'send_to' => ['required'],
             'sender_name' => 'required',
             'sender_email' => 'email|nullable',
             'subject' => 'required',
@@ -24,6 +27,31 @@ public static function getValidationRules(): array
             'include_hidden_fields_submission_data' => ['nullable', 'boolean'],
             'reply_to' => 'nullable',
         ];
+
+        if ($form->is_pro || config('app.self_hosted')) {
+            return $rules;
+        }
+
+        // Free plan users can only send to a single email address (avoid spam)
+        $rules['send_to'][] = function ($attribute, $value, $fail) use ($form) {
+            if (count(explode("\n", trim($value))) > 1 || count(explode(',', $value)) > 1) {
+                $fail('You can only send to a single email address on the free plan. Please upgrade to the Pro plan to create a new integration.');
+            }
+        };
+
+        // Free plan users can only have a single email integration per form (avoid spam)
+        if (!request()->route('integrationid')) {
+            $existingEmailIntegrations = FormIntegration::where('form_id', $form->id)
+                ->where('integration_id', 'email')
+                ->count();
+            if ($existingEmailIntegrations > 0) {
+                throw ValidationException::withMessages([
+                    'settings.send_to' => ['Free users are limited to 1 email integration per form.']
+                ]);
+            }
+        }
-        // Free plan users can only have a single email integration per form (avoid spam)
-        if (!request()->route('integrationid')) {
-            $existingEmailIntegrations = FormIntegration::where('form_id', $form->id)
-                ->where('integration_id', 'email')
-                ->count();
-            if ($existingEmailIntegrations > 0) {
-                throw ValidationException::withMessages([
-                    'settings.send_to' => ['Free users are limited to 1 email integration per form.']
-                ]);
-            }
-        }
+        // Free plan users can only have a single email integration per form (avoid spam)
+        if (!request()->route('integrationid')) {
+            $existingEmailIntegrations = FormIntegration::where('form_id', $form->id)
+                ->where('integration_id', 'email')
+                ->whereNull('deleted_at')  // Exclude soft-deleted integrations
+                ->count();
+            if ($existingEmailIntegrations > 0) {
+                throw ValidationException::withMessages([
+                    'settings.send_to' => ['You can only have a single email integration on the free plan. Please upgrade to the Pro plan to create a new integration.']
+                ]);
+            }
+        }
-        // Free plan users can only have a single email integration per form (avoid spam)
-        if (!request()->route('integrationid')) {
-            $existingEmailIntegrations = FormIntegration::where('form_id', $form->id)
-                ->where('integration_id', 'email')
-                ->count();
-            if ($existingEmailIntegrations > 0) {
-                throw ValidationException::withMessages([
-                    'settings.send_to' => ['Free users are limited to 1 email integration per form.']
-                ]);
-            }
-        }
+        // Free plan users can only have a single email integration per form (avoid spam)
+        if (!request()->route('integrationid')) {
+            $existingEmailIntegrations = FormIntegration::where('form_id', $form->id)
+                ->where('integration_id', 'email')
+                ->whereNull('deleted_at')  // Exclude soft-deleted integrations
+                ->count();
+            if ($existingEmailIntegrations > 0) {
+                throw ValidationException::withMessages([
+                    'settings.send_to' => ['You can only have a single email integration on the free plan. Please upgrade to the Pro plan to create a new integration.']
+                ]);
+            }
+        }
+
+        return $rules;
     }
 
     protected function shouldRun(): bool

diff --git a/api/app/Integrations/Handlers/GoogleSheetsIntegration.php b/api/app/Integrations/Handlers/GoogleSheetsIntegration.php
@@ -4,6 +4,7 @@
 
 use App\Events\Forms\FormSubmitted;
 use App\Integrations\Google\Google;
+use App\Models\Forms\Form;
 use App\Models\Integration\FormIntegration;
 use Exception;
 use Illuminate\Support\Facades\Log;
@@ -22,11 +23,9 @@ public function __construct(
         $this->client = new Google($formIntegration);
     }
 
-    public static function getValidationRules(): array
+    public static function getValidationRules(?Form $form): array
     {
-        return [
-
-        ];
+        return [];
     }
 
     public static function isOAuthRequired(): bool

diff --git a/api/app/Integrations/Handlers/SlackIntegration.php b/api/app/Integrations/Handlers/SlackIntegration.php
@@ -2,14 +2,15 @@
 
 namespace App\Integrations\Handlers;
 
+use App\Models\Forms\Form;
 use App\Open\MentionParser;
 use App\Service\Forms\FormSubmissionFormatter;
 use Illuminate\Support\Arr;
 use Vinkla\Hashids\Facades\Hashids;
 
 class SlackIntegration extends AbstractIntegrationHandler
 {
-    public static function getValidationRules(): array
+    public static function getValidationRules(?Form $form): array
     {
         return [
             'slack_webhook_url' => 'required|url|starts_with:https://hooks.slack.com/',

diff --git a/api/app/Integrations/Handlers/WebhookIntegration.php b/api/app/Integrations/Handlers/WebhookIntegration.php
@@ -2,9 +2,11 @@
 
 namespace App\Integrations\Handlers;
 
+use App\Models\Forms\Form;
+
 class WebhookIntegration extends AbstractIntegrationHandler
 {
-    public static function getValidationRules(): array
+    public static function getValidationRules(?Form $form): array
     {
         return [
             'webhook_url' => 'required|url'

diff --git a/api/app/Integrations/Handlers/ZapierIntegration.php b/api/app/Integrations/Handlers/ZapierIntegration.php
@@ -3,6 +3,7 @@
 namespace App\Integrations\Handlers;
 
 use App\Events\Forms\FormSubmitted;
+use App\Models\Forms\Form;
 use App\Models\Integration\FormIntegration;
 use Exception;
 
@@ -16,7 +17,7 @@ public function __construct(
         parent::__construct($event, $formIntegration, $integration);
     }
 
-    public static function getValidationRules(): array
+    public static function getValidationRules(?Form $form): array
     {
         return [];
     }

diff --git a/api/app/Models/User.php b/api/app/Models/User.php
@@ -33,6 +33,7 @@ class User extends Authenticatable implements JWTSubject
         'password',
         'hear_about_us',
         'utm_data',
+        'meta'
     ];
 
     /**
@@ -44,6 +45,7 @@ class User extends Authenticatable implements JWTSubject
         'password',
         'remember_token',
         'hear_about_us',
+        'meta'
     ];
 
     /**
@@ -56,6 +58,7 @@ protected function casts()
         return [
             'email_verified_at' => 'datetime',
             'utm_data' => 'array',
+            'meta' => 'array',
         ];
     }
 

diff --git a/api/database/migrations/2024_12_10_094605_add_meta_to_users_table.php b/api/database/migrations/2024_12_10_094605_add_meta_to_users_table.php
@@ -0,0 +1,35 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Query\Expression;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\DB;
+use Illuminate\Support\Facades\Schema;
+
+return new class () extends Migration {
+    /**
+     * Run the migrations.
+     */
+    public function up(): void
+    {
+        $driver = DB::getDriverName();
+
+        Schema::table('users', function (Blueprint $table) use ($driver) {
+            if ($driver === 'mysql') {
+                $table->json('meta')->default(new Expression('(JSON_OBJECT())'));
+            } else {
+                $table->json('meta')->default('{}');
+            }
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     */
+    public function down(): void
+    {
+        Schema::table('users', function (Blueprint $table) {
+            $table->dropColumn('meta');
+        });
+    }
+};