Merge branch 'main' of https://github.com/fosrl/pangolin

2026-03-01 08:16:44 +00:00 · 2024-12-25 15:55:50 -05:00
parent 4a1e869e58 29bd88ebdf
commit 4cdaa9b588
22 changed files with 520 additions and 438 deletions
--- a/server/routers/auth/disable2fa.ts
+++ b/server/routers/auth/disable2fa.ts
@@ -92,10 +92,6 @@ export async function disable2fa(
            .set({ twoFactorEnabled: false })
            .where(eq(users.userId, user.userId));

-        await db
-            .delete(twoFactorBackupCodes)
-            .where(eq(twoFactorBackupCodes.userId, user.userId));
-
        sendEmail(
            TwoFactorAuthNotification({
                email: user.email,
--- a/server/routers/auth/requestPasswordReset.ts
+++ b/server/routers/auth/requestPasswordReset.ts
@@ -63,18 +63,23 @@ export async function requestPasswordReset(
            );
        }

-        await db
-            .delete(passwordResetTokens)
-            .where(eq(passwordResetTokens.userId, existingUser[0].userId));
+        const token = generateRandomString(
+            8,
+            alphabet("0-9", "A-Z", "a-z")
+        );
+        await db.transaction(async (trx) => {
+            await trx
+                .delete(passwordResetTokens)
+                .where(eq(passwordResetTokens.userId, existingUser[0].userId));

-        const token = generateRandomString(8, alphabet("0-9", "A-Z", "a-z"));
-        const tokenHash = await hashPassword(token);
+            const tokenHash = await hashPassword(token);

-        await db.insert(passwordResetTokens).values({
-            userId: existingUser[0].userId,
-            email: existingUser[0].email,
-            tokenHash,
-            expiresAt: createDate(new TimeSpan(2, "h")).getTime()
+            await trx.insert(passwordResetTokens).values({
+                userId: existingUser[0].userId,
+                email: existingUser[0].email,
+                tokenHash,
+                expiresAt: createDate(new TimeSpan(2, "h")).getTime()
+            });
        });

        const url = `${config.app.base_url}/auth/reset-password?email=${email}&token=${token}`;
--- a/server/routers/auth/resetPassword.ts
+++ b/server/routers/auth/resetPassword.ts
@@ -135,20 +135,22 @@ export async function resetPassword(

        await invalidateAllSessions(resetRequest[0].userId);

-        await db
-            .update(users)
-            .set({ passwordHash })
-            .where(eq(users.userId, resetRequest[0].userId));
+        await db.transaction(async (trx) => {
+            await trx
+                .update(users)
+                .set({ passwordHash })
+                .where(eq(users.userId, resetRequest[0].userId));

-        await db
-            .delete(passwordResetTokens)
-            .where(eq(passwordResetTokens.email, email));
+            await trx
+                .delete(passwordResetTokens)
+                .where(eq(passwordResetTokens.email, email));
+        });

        await sendEmail(ConfirmPasswordReset({ email }), {
            from: config.email?.no_reply,
            to: email,
            subject: "Password Reset Confirmation"
-        })
+        });

        return response<ResetPasswordResponse>(res, {
            data: null,
--- a/server/routers/auth/verifyEmail.ts
+++ b/server/routers/auth/verifyEmail.ts
@@ -62,16 +62,18 @@ export async function verifyEmail(
        const valid = await isValidCode(user, code);

        if (valid) {
-            await db
-                .delete(emailVerificationCodes)
-                .where(eq(emailVerificationCodes.userId, user.userId));
+            await db.transaction(async (trx) => {
+                await trx
+                    .delete(emailVerificationCodes)
+                    .where(eq(emailVerificationCodes.userId, user.userId));

-            await db
-                .update(users)
-                .set({
-                    emailVerified: true
-                })
-                .where(eq(users.userId, user.userId));
+                await trx
+                    .update(users)
+                    .set({
+                        emailVerified: true
+                    })
+                    .where(eq(users.userId, user.userId));
+            });
        } else {
            return next(
                createHttpError(
--- a/server/routers/auth/verifyTotp.ts
+++ b/server/routers/auth/verifyTotp.ts
@@ -76,21 +76,23 @@ export async function verifyTotp(
        let codes;
        if (valid) {
            // if valid, enable two-factor authentication; the totp secret is no longer temporary
-            await db
-                .update(users)
-                .set({ twoFactorEnabled: true })
-                .where(eq(users.userId, user.userId));
+            await db.transaction(async (trx) => {
+                await trx
+                    .update(users)
+                    .set({ twoFactorEnabled: true })
+                    .where(eq(users.userId, user.userId));

-            const backupCodes = await generateBackupCodes();
-            codes = backupCodes;
-            for (const code of backupCodes) {
-                const hash = await hashPassword(code);
+                const backupCodes = await generateBackupCodes();
+                codes = backupCodes;
+                for (const code of backupCodes) {
+                    const hash = await hashPassword(code);

-                await db.insert(twoFactorBackupCodes).values({
-                    userId: user.userId,
-                    codeHash: hash
-                });
-            }
+                    await trx.insert(twoFactorBackupCodes).values({
+                        userId: user.userId,
+                        codeHash: hash
+                    });
+                }
+            });
        }

        if (!valid) {