fix: catch hopefully the most of the edge cases (#251)

* fix: catch hopefully the most of the edge cases * fix: invite only, fools
2022-12-29 20:39:32 -08:00 · 2022-12-29 20:39:32 -08:00 · b8b1a5bba6
commit b8b1a5bba6
parent f06f52fce7
3 changed files with 37 additions and 26 deletions
--- a/src/lib/middleware/withOAuth.ts
+++ b/src/lib/middleware/withOAuth.ts
@ -83,7 +83,9 @@ export const withOAuth =
          },
        });
        existingOauth = existing?.oauth?.find((o) => o.provider === provider.toUpperCase());
-        existingOauth.lastCase = true;
+        if (existingOauth) existingOauth.fallback = true;
+      } else {
+        logger.error(`Failed to find existing oauth. ${e}`);
      }
    }

@ -155,7 +157,7 @@ export const withOAuth =
      logger.info(`User ${user.username} (${user.id}) logged in via oauth(${provider})`);

      return res.redirect('/dashboard');
-    } else if ((existingOauth && existingOauth.lastCase) || existingOauth) {
+    } else if ((existingOauth && existingOauth.fallback) || existingOauth) {
      await prisma.oAuth.update({
        where: {
          id: existingOauth!.id,
@ -180,28 +182,35 @@ export const withOAuth =
      return oauthError(`Username ${oauth_resp.username} is already taken, unable to create account.`);

    logger.debug('creating new user via oauth');
-    const nuser = await prisma.user.create({
-      data: {
-        username: oauth_resp.username,
-        token: createToken(),
-        oauth: {
-          create: {
-            provider: OauthProviders[provider.toUpperCase()],
-            token: oauth_resp.access_token,
-            refresh: oauth_resp.refresh_token || null,
-            username: oauth_resp.username,
-            oauthId: oauth_resp.user_id as string,
+    try {
+      const nuser = await prisma.user.create({
+        data: {
+          username: oauth_resp.username,
+          token: createToken(),
+          oauth: {
+            create: {
+              provider: OauthProviders[provider.toUpperCase()],
+              token: oauth_resp.access_token,
+              refresh: oauth_resp.refresh_token || null,
+              username: oauth_resp.username,
+              oauthId: oauth_resp.user_id as string,
+            },
          },
+          avatar: oauth_resp.avatar,
        },
-        avatar: oauth_resp.avatar,
-      },
-    });
+      });

-    logger.debug(`created user ${JSON.stringify(nuser)} via oauth(${provider})`);
-    logger.info(`Created user ${nuser.username} via oauth(${provider})`);
+      logger.debug(`created user ${JSON.stringify(nuser)} via oauth(${provider})`);
+      logger.info(`Created user ${nuser.username} via oauth(${provider})`);

-    res.setUserCookie(nuser.id);
-    logger.info(`User ${nuser.username} (${nuser.id}) logged in via oauth(${provider})`);
+      res.setUserCookie(nuser.id);
+      logger.info(`User ${nuser.username} (${nuser.id}) logged in via oauth(${provider})`);

-    return res.redirect('/dashboard');
+      return res.redirect('/dashboard');
+    } catch (e) {
+      if (e.code === 'P2002') {
+        logger.debug(`account already linked with ${provider}`);
+        return oauthError('This account is already linked with another user.');
+      } else throw e;
+    }
  };
--- a/src/pages/api/auth/create.ts
+++ b/src/pages/api/auth/create.ts
@ -12,10 +12,10 @@ const logger = Logger.get('user');

 async function handler(req: NextApiReq, res: NextApiRes) {
  // handle invites
-  if (req.body.code) {
+  if (!config.features.user_registration && !req.body.code)
+    return res.badRequest('user registration is disabled');
+  else if (req.body.code) {
    if (!config.features.invites && req.body.code) return res.badRequest('invites are disabled');
-    if (!config.features.user_registration && !req.body.code)
-      return res.badRequest('user registration is disabled');

    const { code, username, password } = req.body as {
      code?: string;
--- a/src/pages/api/user/check.ts
+++ b/src/pages/api/user/check.ts
@ -3,8 +3,9 @@ import prisma from 'lib/prisma';
 import { NextApiReq, NextApiRes, withZipline } from 'middleware/withZipline';

 async function handler(req: NextApiReq, res: NextApiRes) {
-  if (!config.features.invites || !config.features.user_registration)
-    return res.forbidden('user/invites are disabled');
+  if (!config.features.user_registration && !req.body.code)
+    return res.badRequest('user registration is disabled');
+  else if (!config.features.invites && req.body.code) return res.forbidden('user/invites are disabled');

  if (!req.body?.code) return res.badRequest('no code');
  if (!req.body?.username) return res.badRequest('no username');
@ -17,6 +18,7 @@ async function handler(req: NextApiReq, res: NextApiRes) {

  const user = await prisma.user.findFirst({
    where: { username },
+    select: { id: true },
  });

  if (user) return res.badRequest('username already exists');