prevent duplicate email registering
This commit is contained in:
@@ -1962,6 +1962,14 @@ ALTER TABLE ONLY public."user"
|
||||
ADD CONSTRAINT user_name_unique UNIQUE ("user");
|
||||
|
||||
|
||||
--
|
||||
-- Name: user user_email_unique; Type: CONSTRAINT; Schema: public; Owner: f0ckm
|
||||
--
|
||||
|
||||
ALTER TABLE ONLY public."user"
|
||||
ADD CONSTRAINT user_email_unique UNIQUE (email);
|
||||
|
||||
|
||||
--
|
||||
-- Name: user_options user_options_user_id; Type: CONSTRAINT; Schema: public; Owner: f0ckm
|
||||
--
|
||||
|
||||
@@ -6,11 +6,11 @@ import { fileURLToPath } from "url";
|
||||
let config = JSON.parse(JSON.stringify(_config));
|
||||
|
||||
// Environment variable overrides for database connection
|
||||
if (process.env.DB_HOST) config.sql.host = process.env.DB_HOST;
|
||||
if (process.env.DB_PORT) config.sql.port = parseInt(process.env.DB_PORT, 10);
|
||||
if (process.env.DB_USER) config.sql.user = process.env.DB_USER;
|
||||
if (process.env.DB_PASS) config.sql.password = process.env.DB_PASS;
|
||||
if (process.env.DB_NAME) config.sql.database = process.env.DB_NAME;
|
||||
config.sql.host = process.env.DB_HOST || process.env.POSTGRES_HOST || process.env.PGHOST || config.sql.host;
|
||||
config.sql.port = parseInt(process.env.DB_PORT || process.env.POSTGRES_PORT || process.env.PGPORT || config.sql.port, 10);
|
||||
config.sql.user = process.env.DB_USER || process.env.POSTGRES_USER || process.env.PGUSER || config.sql.user;
|
||||
config.sql.password = process.env.DB_PASS || process.env.POSTGRES_PASSWORD || process.env.PGPASSWORD || config.sql.password;
|
||||
config.sql.database = process.env.DB_NAME || process.env.POSTGRES_DB || process.env.PGDATABASE || config.sql.database;
|
||||
|
||||
if (process.env.NODE_ENV === 'production') {
|
||||
config.main.development = false;
|
||||
|
||||
@@ -382,9 +382,22 @@ export default router => {
|
||||
group.put(/\/email/, lib.loggedin, async (req, res) => {
|
||||
const { email } = req.post;
|
||||
if (!email || !email.trim()) return res.json({ success: false, msg: 'Email is required' }, 400);
|
||||
if (!email.includes('@')) return res.json({ success: false, msg: 'Invalid email address' }, 400);
|
||||
const cleanEmail = email.trim();
|
||||
if (!cleanEmail.includes('@')) return res.json({ success: false, msg: 'Invalid email address' }, 400);
|
||||
|
||||
await db`update "user" set email = ${email.trim()} where id = ${+req.session.id}`;
|
||||
// Check if email is already taken by another user
|
||||
const existing = await db`
|
||||
select id from "user"
|
||||
where lower(email) = lower(${cleanEmail})
|
||||
and id != ${+req.session.id}
|
||||
limit 1
|
||||
`;
|
||||
|
||||
if (existing.length > 0) {
|
||||
return res.json({ success: false, msg: 'Email already in use' }, 400);
|
||||
}
|
||||
|
||||
await db`update "user" set email = ${cleanEmail} where id = ${+req.session.id}`;
|
||||
return res.json({ success: true, msg: 'Email updated successfully' }, 200);
|
||||
});
|
||||
|
||||
|
||||
@@ -110,8 +110,22 @@ export default (router, tpl) => {
|
||||
}
|
||||
|
||||
// Check user existence
|
||||
const existing = await db`select id from "user" where "login" = ${username.toLowerCase()} or "user" = ${username}`;
|
||||
if (existing.length > 0) return renderError("Username taken");
|
||||
const existing = await db`
|
||||
select id, login, email
|
||||
from "user"
|
||||
where "login" = ${username.toLowerCase()}
|
||||
or "user" = ${username}
|
||||
or ("email" is not null and "email" = ${email})
|
||||
`;
|
||||
|
||||
if (existing.length > 0) {
|
||||
// Check if it was the email that matched
|
||||
const emailMatch = existing.find(u => u.email && u.email.toLowerCase() === (email || '').toLowerCase());
|
||||
if (emailMatch) {
|
||||
return renderError("Email already registered");
|
||||
}
|
||||
return renderError("Username taken");
|
||||
}
|
||||
|
||||
// Create User
|
||||
const hash = await lib.hash(password);
|
||||
|
||||
Reference in New Issue
Block a user