prevent duplicate email registering

This commit is contained in:
2026-05-05 20:14:18 +02:00
parent 65ecca8c61
commit f6647cd075
4 changed files with 44 additions and 9 deletions

View File

@@ -1962,6 +1962,14 @@ ALTER TABLE ONLY public."user"
ADD CONSTRAINT user_name_unique UNIQUE ("user"); ADD CONSTRAINT user_name_unique UNIQUE ("user");
--
-- Name: user user_email_unique; Type: CONSTRAINT; Schema: public; Owner: f0ckm
--
ALTER TABLE ONLY public."user"
ADD CONSTRAINT user_email_unique UNIQUE (email);
-- --
-- Name: user_options user_options_user_id; Type: CONSTRAINT; Schema: public; Owner: f0ckm -- Name: user_options user_options_user_id; Type: CONSTRAINT; Schema: public; Owner: f0ckm
-- --

View File

@@ -6,11 +6,11 @@ import { fileURLToPath } from "url";
let config = JSON.parse(JSON.stringify(_config)); let config = JSON.parse(JSON.stringify(_config));
// Environment variable overrides for database connection // Environment variable overrides for database connection
if (process.env.DB_HOST) config.sql.host = process.env.DB_HOST; config.sql.host = process.env.DB_HOST || process.env.POSTGRES_HOST || process.env.PGHOST || config.sql.host;
if (process.env.DB_PORT) config.sql.port = parseInt(process.env.DB_PORT, 10); config.sql.port = parseInt(process.env.DB_PORT || process.env.POSTGRES_PORT || process.env.PGPORT || config.sql.port, 10);
if (process.env.DB_USER) config.sql.user = process.env.DB_USER; config.sql.user = process.env.DB_USER || process.env.POSTGRES_USER || process.env.PGUSER || config.sql.user;
if (process.env.DB_PASS) config.sql.password = process.env.DB_PASS; config.sql.password = process.env.DB_PASS || process.env.POSTGRES_PASSWORD || process.env.PGPASSWORD || config.sql.password;
if (process.env.DB_NAME) config.sql.database = process.env.DB_NAME; config.sql.database = process.env.DB_NAME || process.env.POSTGRES_DB || process.env.PGDATABASE || config.sql.database;
if (process.env.NODE_ENV === 'production') { if (process.env.NODE_ENV === 'production') {
config.main.development = false; config.main.development = false;

View File

@@ -382,9 +382,22 @@ export default router => {
group.put(/\/email/, lib.loggedin, async (req, res) => { group.put(/\/email/, lib.loggedin, async (req, res) => {
const { email } = req.post; const { email } = req.post;
if (!email || !email.trim()) return res.json({ success: false, msg: 'Email is required' }, 400); if (!email || !email.trim()) return res.json({ success: false, msg: 'Email is required' }, 400);
if (!email.includes('@')) return res.json({ success: false, msg: 'Invalid email address' }, 400); const cleanEmail = email.trim();
if (!cleanEmail.includes('@')) return res.json({ success: false, msg: 'Invalid email address' }, 400);
await db`update "user" set email = ${email.trim()} where id = ${+req.session.id}`; // Check if email is already taken by another user
const existing = await db`
select id from "user"
where lower(email) = lower(${cleanEmail})
and id != ${+req.session.id}
limit 1
`;
if (existing.length > 0) {
return res.json({ success: false, msg: 'Email already in use' }, 400);
}
await db`update "user" set email = ${cleanEmail} where id = ${+req.session.id}`;
return res.json({ success: true, msg: 'Email updated successfully' }, 200); return res.json({ success: true, msg: 'Email updated successfully' }, 200);
}); });

View File

@@ -110,8 +110,22 @@ export default (router, tpl) => {
} }
// Check user existence // Check user existence
const existing = await db`select id from "user" where "login" = ${username.toLowerCase()} or "user" = ${username}`; const existing = await db`
if (existing.length > 0) return renderError("Username taken"); select id, login, email
from "user"
where "login" = ${username.toLowerCase()}
or "user" = ${username}
or ("email" is not null and "email" = ${email})
`;
if (existing.length > 0) {
// Check if it was the email that matched
const emailMatch = existing.find(u => u.email && u.email.toLowerCase() === (email || '').toLowerCase());
if (emailMatch) {
return renderError("Email already registered");
}
return renderError("Username taken");
}
// Create User // Create User
const hash = await lib.hash(password); const hash = await lib.hash(password);