fix(api): fixed being able to override user (#98)
This commit is contained in:
commit
ece3e16459
1 changed files with 15 additions and 5 deletions
|
@ -16,10 +16,20 @@ async function handler(req: NextApiReq, res: NextApiRes) {
|
|||
});
|
||||
}
|
||||
|
||||
if (req.body.username) await prisma.user.update({
|
||||
where: { id: user.id },
|
||||
data: { username: req.body.username }
|
||||
});
|
||||
if (req.body.username) {
|
||||
const existing = await prisma.user.findFirst({
|
||||
where: {
|
||||
username: req.body.username
|
||||
}
|
||||
});
|
||||
if (existing && user.username !== req.body.username) {
|
||||
return res.forbid('Username is already taken');
|
||||
}
|
||||
await prisma.user.update({
|
||||
where: { id: user.id },
|
||||
data: { username: req.body.username }
|
||||
});
|
||||
}
|
||||
|
||||
if (req.body.embedTitle) await prisma.user.update({
|
||||
where: { id: user.id },
|
||||
|
|
Loading…
Reference in a new issue