From 1ffe1b4fd6a9f8ed00a7b9374cf9abe8c99b33ad Mon Sep 17 00:00:00 2001 From: James Brechtel Date: Wed, 8 Jul 2026 21:30:03 -0400 Subject: [PATCH] Prevent signup from UI when a user already exists --- handler/auth.go | 17 ++++++++++++++--- template/signin.html | 2 ++ 2 files changed, 16 insertions(+), 3 deletions(-) diff --git a/handler/auth.go b/handler/auth.go index 9469525..0051ba4 100644 --- a/handler/auth.go +++ b/handler/auth.go @@ -54,6 +54,12 @@ type AuthHandler struct { } func (h *AuthHandler) ServeSignup(w http.ResponseWriter, r *http.Request) { + count, err := h.Store.UserCount() + if err == nil && count > 0 { + http.Redirect(w, r, "/signin", http.StatusSeeOther) + return + } + if r.Method == http.MethodGet { h.Tpl.Render(w, "signup", nil) return @@ -91,9 +97,14 @@ func (h *AuthHandler) ServeSignup(w http.ResponseWriter, r *http.Request) { } } +func (h *AuthHandler) hasUsers() bool { + count, err := h.Store.UserCount() + return err == nil && count > 0 +} + func (h *AuthHandler) ServeSignin(w http.ResponseWriter, r *http.Request) { if r.Method == http.MethodGet { - h.Tpl.Render(w, "signin", nil) + h.Tpl.Render(w, "signin", map[string]any{"HasUser": h.hasUsers()}) return } @@ -103,12 +114,12 @@ func (h *AuthHandler) ServeSignin(w http.ResponseWriter, r *http.Request) { user, err := h.Store.UserByEmail(email) if err != nil { - h.Tpl.Render(w, "signin", map[string]string{"Error": "Invalid email or password."}) + h.Tpl.Render(w, "signin", map[string]any{"Error": "Invalid email or password.", "HasUser": h.hasUsers()}) return } if err := bcrypt.CompareHashAndPassword([]byte(user.PasswordHash), []byte(password)); err != nil { - h.Tpl.Render(w, "signin", map[string]string{"Error": "Invalid email or password."}) + h.Tpl.Render(w, "signin", map[string]any{"Error": "Invalid email or password.", "HasUser": h.hasUsers()}) return } diff --git a/template/signin.html b/template/signin.html index ba8a6f2..35481ad 100644 --- a/template/signin.html +++ b/template/signin.html @@ -11,9 +11,11 @@