fix(api): fixed being able to override user (#98)

diced · Sep 9, 2021 · ece3e16 · ece3e16
2 parents 636de18 + 9208dbe
commit ece3e16
Showing 1 changed file with 15 additions and 5 deletions.
diff --git a/src/pages/api/user/index.ts b/src/pages/api/user/index.ts
@@ -16,10 +16,20 @@ async function handler(req: NextApiReq, res: NextApiRes) {
       });
     }
 
-    if (req.body.username) await prisma.user.update({
-      where: { id: user.id },
-      data: { username: req.body.username }
-    });
+    if (req.body.username) {
+      const existing = await prisma.user.findFirst({
+        where: {
+          username: req.body.username
+        }
+      });
+      if (existing && user.username !== req.body.username) { 
+        return res.forbid('Username is already taken');
+      }
+      await prisma.user.update({
+        where: { id: user.id },
+        data: { username: req.body.username }
+      });
+    }
 
     if (req.body.embedTitle) await prisma.user.update({
       where: { id: user.id },
@@ -82,4 +92,4 @@ async function handler(req: NextApiReq, res: NextApiRes) {
   }
 }
 
-export default withZipline(handler);
+export default withZipline(handler);