Password reset and new email validation ID stored in DB for more security

This commit is contained in:
2024-12-17 17:51:12 +01:00
parent b24a083d2e
commit ec0afa9686
26 changed files with 1042 additions and 40 deletions

View File

@@ -1,10 +1,11 @@
import { eq } from "drizzle-orm";
import { eq, getTableColumns, lte } from "drizzle-orm";
import { z } from "zod";
import useDatabase from "~/composables/useDatabase";
import { usersTable } from "~/db/schema";
import { emailValidationTable, usersTable } from "~/db/schema";
const schema = z.object({
h: z.coerce.string(),
i: z.coerce.string(),
u: z.coerce.number(),
t: z.coerce.number(),
});
@@ -15,22 +16,33 @@ export default defineEventHandler(async (e) => {
if(!query.success)
throw query.error;
if(Bun.hash(query.data.u.toString(), query.data.t).toString() !== query.data.h)
if(Bun.hash('1' + query.data.u.toString(), query.data.t).toString() !== query.data.h)
{
return createError({
statusCode: 400,
message: 'Lien incorrect',
})
});
}
if(Date.now() > query.data.t + (60 * 60 * 1000))
{
return createError({
statusCode: 400,
message: 'Le lien a expiré',
})
});
}
const db = useDatabase();
const validate = db.select(getTableColumns(emailValidationTable)).from(emailValidationTable).where(eq(emailValidationTable.id, query.data.i)).get();
if(!validate || validate.timestamp <= new Date())
{
return createError({
statusCode: 400,
message: 'Le lien a expiré',
});
}
db.delete(emailValidationTable).where(lte(emailValidationTable.timestamp, new Date())).run();
const result = db.select({ state: usersTable.state }).from(usersTable).where(eq(usersTable.id, query.data.u)).get();
if(result === undefined)
@@ -38,14 +50,14 @@ export default defineEventHandler(async (e) => {
return createError({
statusCode: 400,
message: 'Aucune donnée utilisateur trouvée',
})
});
}
if(result?.state === 1)
{
return createError({
statusCode: 400,
message: 'Votre compte a déjà été validé',
})
});
}
db.update(usersTable).set({ state: 1 }).where(eq(usersTable.id, query.data.u)).run();