Merge branch 'main' of https://github.com/fosrl/pangolin

2026-02-10 20:02:26 +00:00 · 2024-12-25 15:55:50 -05:00
parent 4a1e869e58 29bd88ebdf
commit 4cdaa9b588
22 changed files with 520 additions and 438 deletions
--- a/server/auth/resourceOtp.ts
+++ b/server/auth/resourceOtp.ts
@@ -3,11 +3,10 @@ import { resourceOtp } from "@server/db/schema";
 import { and, eq } from "drizzle-orm";
 import { createDate, isWithinExpirationDate, TimeSpan } from "oslo";
 import { alphabet, generateRandomString, sha256 } from "oslo/crypto";
-import { encodeHex } from "oslo/encoding";
 import { sendEmail } from "@server/emails";
 import ResourceOTPCode from "@server/emails/templates/ResourceOTPCode";
 import config from "@server/config";
-import { hash, verify } from "@node-rs/argon2";
+import { verifyPassword } from "./password";
 import { hashPassword } from "./password";

 export async function sendResourceOtpEmail(
@@ -37,24 +36,25 @@ export async function generateResourceOtpCode(
    resourceId: number,
    email: string
 ): Promise<string> {
-    await db
-        .delete(resourceOtp)
-        .where(
-            and(
-                eq(resourceOtp.email, email),
-                eq(resourceOtp.resourceId, resourceId)
-            )
-        );
-
    const otp = generateRandomString(8, alphabet("0-9", "A-Z", "a-z"));
+    await db.transaction(async (trx) => {
+        await trx
+            .delete(resourceOtp)
+            .where(
+                and(
+                    eq(resourceOtp.email, email),
+                    eq(resourceOtp.resourceId, resourceId)
+                )
+            );

-    const otpHash = await hashPassword(otp);
+        const otpHash = await hashPassword(otp);

-    await db.insert(resourceOtp).values({
-        resourceId,
-        email,
-        otpHash,
-        expiresAt: createDate(new TimeSpan(15, "m")).getTime()
+        await trx.insert(resourceOtp).values({
+            resourceId,
+            email,
+            otpHash,
+            expiresAt: createDate(new TimeSpan(15, "m")).getTime()
+        });
    });

    return otp;
--- a/server/auth/sendEmailVerificationCode.ts
+++ b/server/auth/sendEmailVerificationCode.ts
@@ -31,18 +31,18 @@ async function generateEmailVerificationCode(
    userId: string,
    email: string
 ): Promise<string> {
-    await db
-        .delete(emailVerificationCodes)
-        .where(eq(emailVerificationCodes.userId, userId));
-
    const code = generateRandomString(8, alphabet("0-9"));
+    await db.transaction(async (trx) => {
+        await trx
+            .delete(emailVerificationCodes)
+            .where(eq(emailVerificationCodes.userId, userId));

-    await db.insert(emailVerificationCodes).values({
-        userId,
-        email,
-        code,
-        expiresAt: createDate(new TimeSpan(15, "m")).getTime()
+        await trx.insert(emailVerificationCodes).values({
+            userId,
+            email,
+            code,
+            expiresAt: createDate(new TimeSpan(15, "m")).getTime()
+        });
    });
-
    return code;
 }