From 9208dbe2f3c45287d200e48e5fd05e97e386080d Mon Sep 17 00:00:00 2001 From: Nguyen Thanh Quang Date: Thu, 9 Sep 2021 10:56:10 +0700 Subject: [PATCH] fix(api): fixed being able to override user (#98) * fix(api): fixed being able to override user * Update index.ts --- src/pages/api/user/index.ts | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/src/pages/api/user/index.ts b/src/pages/api/user/index.ts index 57a361c..468c7ea 100644 --- a/src/pages/api/user/index.ts +++ b/src/pages/api/user/index.ts @@ -16,10 +16,20 @@ async function handler(req: NextApiReq, res: NextApiRes) { }); } - if (req.body.username) await prisma.user.update({ - where: { id: user.id }, - data: { username: req.body.username } - }); + if (req.body.username) { + const existing = await prisma.user.findFirst({ + where: { + username: req.body.username + } + }); + if (existing && user.username !== req.body.username) { + return res.forbid('Username is already taken'); + } + await prisma.user.update({ + where: { id: user.id }, + data: { username: req.body.username } + }); + } if (req.body.embedTitle) await prisma.user.update({ where: { id: user.id }, @@ -82,4 +92,4 @@ async function handler(req: NextApiReq, res: NextApiRes) { } } -export default withZipline(handler); \ No newline at end of file +export default withZipline(handler);