From 31d8c3f46985ed04fc1f7e8ee0ea0c3fe2385aab Mon Sep 17 00:00:00 2001
From: Marcel Baumgartner <marcel.kbkm@gmail.com>
Date: Tue, 15 Aug 2023 15:45:12 +0200
Subject: [PATCH] Improved auto admin security

As mentioned in issue 253
---
 Moonlight/App/Services/UserService.cs | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/Moonlight/App/Services/UserService.cs b/Moonlight/App/Services/UserService.cs
index d8f2397b..2cf8df84 100644
--- a/Moonlight/App/Services/UserService.cs
+++ b/Moonlight/App/Services/UserService.cs
@@ -21,6 +21,7 @@ public class UserService
     private readonly DateTimeService DateTimeService;
     private readonly ConfigService ConfigService;
     private readonly TempMailService TempMailService;
+    private readonly MoonlightService MoonlightService;
 
     private readonly string JwtSecret;
 
@@ -32,7 +33,8 @@ public class UserService
         IdentityService identityService,
         IpLocateService ipLocateService,
         DateTimeService dateTimeService,
-        TempMailService tempMailService)
+        TempMailService tempMailService,
+        MoonlightService moonlightService)
     {
         UserRepository = userRepository;
         TotpService = totpService;
@@ -42,6 +44,7 @@ public class UserService
         IpLocateService = ipLocateService;
         DateTimeService = dateTimeService;
         TempMailService = tempMailService;
+        MoonlightService = moonlightService;
 
         JwtSecret = configService
             .Get()
@@ -67,11 +70,21 @@ public class UserService
             throw new DisplayException("The email is already in use");
         }
 
+        bool admin = false;
+
+        if (!UserRepository.Get().Any())
+        {
+            if ((DateTime.UtcNow - MoonlightService.StartTimestamp).TotalMinutes < 15)
+                admin = true;
+            else
+                throw new DisplayException("You have to register within 15 minutes after the start of moonlight to get admin permissions. Please restart moonlight in order to register as admin. Please note that this will only works once and will be deactivated after a admin has registered");
+        }
+
         // Add user
         var user = UserRepository.Add(new()
         {
             Address = "",
-            Admin = !UserRepository.Get().Any(),
+            Admin = admin,
             City = "",
             Country = "",
             Email = email.ToLower(),