Skip to content

Commit

Permalink
fix explot
Browse files Browse the repository at this point in the history
  • Loading branch information
@potts99
potts99 committed Mar 20, 2024
1 parent 4deb013 commit b96f76b
Show file tree
Hide file tree
Showing 2 changed files with 44 additions and 46 deletions.
68 changes: 42 additions & 26 deletions apps/api/src/controllers/auth.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ import jwt from "jsonwebtoken";
import { track } from "../lib/hog";
import { checkToken } from "../lib/jwt";
import { forgotPassword } from "../lib/nodemailer/auth/forgot-password";
import { checkSession } from "../lib/session";
import { prisma } from "../prisma";

export function authRoutes(fastify: FastifyInstance) {
Expand All @@ -26,44 +27,59 @@ export function authRoutes(fastify: FastifyInstance) {
},
},
async (request: FastifyRequest, reply: FastifyReply) => {
const bearer = request.headers.authorization!.split(" ")[1];

let { email, password, admin, name } = request.body as {
email: string;
password: string;
admin: boolean;
name: string;
};

// Checks if email already exists
let record = await prisma.user.findUnique({
where: { email },
});
if (bearer) {
const token = checkToken(bearer);
if (token) {
const requester = await checkSession(token);

// if exists, return 400
if (record) {
reply.code(400).send({
message: "Email already exists",
});
}
if (!requester?.isAdmin) {
reply.code(401).send({
message: "Unauthorized",
});
}

const user = await prisma.user.create({
data: {
email,
password: await bcrypt.hash(password, 10),
name,
isAdmin: admin,
},
});
// Checks if email already exists
let record = await prisma.user.findUnique({
where: { email },
});

const hog = track();
// if exists, return 400
if (record) {
reply.code(400).send({
message: "Email already exists",
});
}

const user = await prisma.user.create({
data: {
email,
password: await bcrypt.hash(password, 10),
name,
isAdmin: admin,
},
});

hog.capture({
event: "user_registered",
distinctId: user.id,
});
const hog = track();

reply.send({
success: true,
});
hog.capture({
event: "user_registered",
distinctId: user.id,
});

reply.send({
success: true,
});
}
}
}
);

Expand Down
22 changes: 2 additions & 20 deletions apps/client/pages/ticket/[id].tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -373,6 +373,7 @@ export default function Ticket() {
>
save
</Button>
)}
{user.isAdmin && (
<button
type="button"
Expand All @@ -382,26 +383,6 @@ export default function Ticket() {
{data.ticket.hidden ? "Show Global" : "Hide Ticket"}
</button>
)}
{!edit ? (
<button
type="button"
onClick={() => setEdit(true)}
className="inline-flex justify-center items-center gap-x-1.5 rounded-md bg-white px-5 py-2 text-sm font-semibold text-gray-900 shadow-sm ring-1 ring-inset ring-gray-300 hover:bg-gray-50"
>
{t("edit-btn")}
</button>
) : (
<button
type="button"
onClick={() => {
update();
setEdit(false);
}}
className="inline-flex justify-center gap-x-1.5 rounded-md bg-white px-5 py-2 text-sm font-semibold text-gray-900 shadow-sm ring-1 ring-inset ring-gray-300 hover:bg-gray-50"
>
{t("save")}
</button>
)}
</div>
</div>
<aside className="mt-4 xl:hidden">
Expand Down Expand Up @@ -459,6 +440,7 @@ export default function Ticket() {
: n
? n.name
: t("select_new_user")}
</span>
</Listbox.Button>

<Transition
Expand Down

0 comments on commit b96f76b

Please sign in to comment.