invalidate registered tokens properly

author: Akshay <[email protected]> 2024-11-15 21:25:27 +0000
committer: Akshay <[email protected]> 2024-11-15 21:25:27 +0000
commit: c5cd65eba355e66589298cbe88fe3489e0fcebae (patch)
tree: 4050c946c4611e88c51efbb61cc44903fca5fd82
parent: d4a83cb44dc98fe78f9061408137a43049344b1d (diff)
4 files changed, 5 insertions, 8 deletions
diff --git a/scripts/gen-invite.js b/scripts/gen-invite.js
index 0c6a808..3336a83 100644
--- a/scripts/gen-invite.js
+++ b/scripts/gen-invite.js
@@ -4,7 +4,6 @@ const db = new Database("readit.db", {
        strict: true,
 });
-// Create the invites table if it doesn't exist
 db.run(`
        CREATE TABLE IF NOT EXISTS invites (
                id INTEGER PRIMARY KEY AUTOINCREMENT,
@@ -14,20 +13,17 @@ db.run(`
        )
 `);
-// Generate a new invite token
 function generateInviteToken() {
        const hasher = new Bun.CryptoHasher("sha256", "super-secret-invite-key");
        return hasher.update(Math.random().toString()).digest("hex");
 }
-// Store the token in the database
 function createInvite() {
        const token = generateInviteToken();
        db.run("INSERT INTO invites (token) VALUES ($token)", { token });
        console.log(`Invite token created: ${token}`);
 }
-// CLI usage
 const command = process.argv[2];
 const arg = process.argv[3];
diff --git a/src/invite.js b/src/invite.js
index 0f6624c..7e357ac 100644
--- a/src/invite.js
+++ b/src/invite.js
@@ -11,7 +11,7 @@ const validateInviteToken = async (req, res, next) => {
        }
        const invite = db
-                .query("SELECT * FROM invites WHERE token = $token AND usedAt IS null")
+                .query("SELECT * FROM invites WHERE token = $token")
                .get({ token });
        if (!invite) {
diff --git a/src/public/styles.css b/src/public/styles.css
index 523e81b..2f39234 100644
--- a/src/public/styles.css
+++ b/src/public/styles.css
@@ -499,6 +499,7 @@ form input[type="submit"]:hover {
 }
 .register-error-message {
+  margin-bottom: 1rem;
  flex-flow: row wrap;
  color: var(--error-text-color);
 }
diff --git a/src/routes/index.js b/src/routes/index.js
index 8529595..6efeb79 100644
--- a/src/routes/index.js
+++ b/src/routes/index.js
@@ -20,7 +20,6 @@ router.get("/", authenticateToken, async (req, res) => {
                res.redirect("/r/all");
        } else {
                const p = subs.map((s) => s.subreddit).join("+");
-                console.log(p);
                res.redirect(`/r/${p}`);
        }
 });
@@ -143,7 +142,9 @@ router.post("/register", validateInviteToken, async (req, res) => {
        try {
                const hashedPassword = await Bun.password.hash(password);
-                db.query("UPDATE invites SET usedAt = CURRENT_TIMESTAMP WHERE id = $id", {
+                db.query(
+                        "UPDATE invites SET usedAt = CURRENT_TIMESTAMP WHERE id = $id",
+                ).run({
                        id: req.invite.id,
                });
@@ -165,7 +166,6 @@ router.post("/register", validateInviteToken, async (req, res) => {
                        })
                        .redirect("/");
        } catch (err) {
-                console.log(err);
                return res.render("register", {
                        message: "error registering user, try again later",
                });
author	Akshay <[email protected]>	2024-11-15 21:25:27 +0000
committer	Akshay <[email protected]>	2024-11-15 21:25:27 +0000
commit	c5cd65eba355e66589298cbe88fe3489e0fcebae (patch)
tree	4050c946c4611e88c51efbb61cc44903fca5fd82
parent	d4a83cb44dc98fe78f9061408137a43049344b1d (diff)