Prevent signup from UI when a user already exists
Build and Deploy / build-and-deploy (push) Successful in 1m25s

This commit is contained in:
2026-07-08 21:30:03 -04:00
parent 76425caf65
commit 1ffe1b4fd6
2 changed files with 16 additions and 3 deletions
+14 -3
View File
@@ -54,6 +54,12 @@ type AuthHandler struct {
}
func (h *AuthHandler) ServeSignup(w http.ResponseWriter, r *http.Request) {
count, err := h.Store.UserCount()
if err == nil && count > 0 {
http.Redirect(w, r, "/signin", http.StatusSeeOther)
return
}
if r.Method == http.MethodGet {
h.Tpl.Render(w, "signup", nil)
return
@@ -91,9 +97,14 @@ func (h *AuthHandler) ServeSignup(w http.ResponseWriter, r *http.Request) {
}
}
func (h *AuthHandler) hasUsers() bool {
count, err := h.Store.UserCount()
return err == nil && count > 0
}
func (h *AuthHandler) ServeSignin(w http.ResponseWriter, r *http.Request) {
if r.Method == http.MethodGet {
h.Tpl.Render(w, "signin", nil)
h.Tpl.Render(w, "signin", map[string]any{"HasUser": h.hasUsers()})
return
}
@@ -103,12 +114,12 @@ func (h *AuthHandler) ServeSignin(w http.ResponseWriter, r *http.Request) {
user, err := h.Store.UserByEmail(email)
if err != nil {
h.Tpl.Render(w, "signin", map[string]string{"Error": "Invalid email or password."})
h.Tpl.Render(w, "signin", map[string]any{"Error": "Invalid email or password.", "HasUser": h.hasUsers()})
return
}
if err := bcrypt.CompareHashAndPassword([]byte(user.PasswordHash), []byte(password)); err != nil {
h.Tpl.Render(w, "signin", map[string]string{"Error": "Invalid email or password."})
h.Tpl.Render(w, "signin", map[string]any{"Error": "Invalid email or password.", "HasUser": h.hasUsers()})
return
}