fix: catch hopefully the most of the edge cases (#251)

* fix: catch hopefully the most of the edge cases

* fix: invite only, fools

src/lib/middleware/withOAuth.ts

@@ -83,7 +83,9 @@ export const withOAuth =
           },
         });
         existingOauth = existing?.oauth?.find((o) => o.provider === provider.toUpperCase());
-        existingOauth.lastCase = true;
+        if (existingOauth) existingOauth.fallback = true;
+      } else {
+        logger.error(`Failed to find existing oauth. ${e}`);
       }
     }
 
@@ -155,7 +157,7 @@ export const withOAuth =
       logger.info(`User ${user.username} (${user.id}) logged in via oauth(${provider})`);
 
       return res.redirect('/dashboard');
-    } else if ((existingOauth && existingOauth.lastCase) || existingOauth) {
+    } else if ((existingOauth && existingOauth.fallback) || existingOauth) {
       await prisma.oAuth.update({
         where: {
           id: existingOauth!.id,
@@ -180,6 +182,7 @@ export const withOAuth =
       return oauthError(`Username ${oauth_resp.username} is already taken, unable to create account.`);
 
     logger.debug('creating new user via oauth');
+    try {
       const nuser = await prisma.user.create({
         data: {
           username: oauth_resp.username,
@@ -204,4 +207,10 @@ export const withOAuth =
       logger.info(`User ${nuser.username} (${nuser.id}) logged in via oauth(${provider})`);
 
       return res.redirect('/dashboard');
+    } catch (e) {
+      if (e.code === 'P2002') {
+        logger.debug(`account already linked with ${provider}`);
+        return oauthError('This account is already linked with another user.');
+      } else throw e;
+    }
   };

src/pages/api/auth/create.ts

@@ -12,10 +12,10 @@ const logger = Logger.get('user');
 
 async function handler(req: NextApiReq, res: NextApiRes) {
   // handle invites
-  if (req.body.code) {
-    if (!config.features.invites && req.body.code) return res.badRequest('invites are disabled');
   if (!config.features.user_registration && !req.body.code)
     return res.badRequest('user registration is disabled');
+  else if (req.body.code) {
+    if (!config.features.invites && req.body.code) return res.badRequest('invites are disabled');
 
     const { code, username, password } = req.body as {
       code?: string;

src/pages/api/user/check.ts

@@ -3,8 +3,9 @@ import prisma from 'lib/prisma';
 import { NextApiReq, NextApiRes, withZipline } from 'middleware/withZipline';
 
 async function handler(req: NextApiReq, res: NextApiRes) {
-  if (!config.features.invites || !config.features.user_registration)
+  if (!config.features.user_registration && !req.body.code)
-    return res.forbidden('user/invites are disabled');
+    return res.badRequest('user registration is disabled');
+  else if (!config.features.invites && req.body.code) return res.forbidden('user/invites are disabled');
 
   if (!req.body?.code) return res.badRequest('no code');
   if (!req.body?.username) return res.badRequest('no username');
@@ -17,6 +18,7 @@ async function handler(req: NextApiReq, res: NextApiRes) {
 
   const user = await prisma.user.findFirst({
     where: { username },
+    select: { id: true },
   });
 
   if (user) return res.badRequest('username already exists');