prevent duplicate email registering

This commit is contained in:
2026-05-05 20:14:18 +02:00
parent 65ecca8c61
commit f6647cd075
4 changed files with 44 additions and 9 deletions

View File

@@ -382,9 +382,22 @@ export default router => {
group.put(/\/email/, lib.loggedin, async (req, res) => {
const { email } = req.post;
if (!email || !email.trim()) return res.json({ success: false, msg: 'Email is required' }, 400);
if (!email.includes('@')) return res.json({ success: false, msg: 'Invalid email address' }, 400);
const cleanEmail = email.trim();
if (!cleanEmail.includes('@')) return res.json({ success: false, msg: 'Invalid email address' }, 400);
await db`update "user" set email = ${email.trim()} where id = ${+req.session.id}`;
// Check if email is already taken by another user
const existing = await db`
select id from "user"
where lower(email) = lower(${cleanEmail})
and id != ${+req.session.id}
limit 1
`;
if (existing.length > 0) {
return res.json({ success: false, msg: 'Email already in use' }, 400);
}
await db`update "user" set email = ${cleanEmail} where id = ${+req.session.id}`;
return res.json({ success: true, msg: 'Email updated successfully' }, 200);
});

View File

@@ -110,8 +110,22 @@ export default (router, tpl) => {
}
// Check user existence
const existing = await db`select id from "user" where "login" = ${username.toLowerCase()} or "user" = ${username}`;
if (existing.length > 0) return renderError("Username taken");
const existing = await db`
select id, login, email
from "user"
where "login" = ${username.toLowerCase()}
or "user" = ${username}
or ("email" is not null and "email" = ${email})
`;
if (existing.length > 0) {
// Check if it was the email that matched
const emailMatch = existing.find(u => u.email && u.email.toLowerCase() === (email || '').toLowerCase());
if (emailMatch) {
return renderError("Email already registered");
}
return renderError("Username taken");
}
// Create User
const hash = await lib.hash(password);