Add checks to make sure user only has one token.

This commit implements fixes for the issues talked about in comment: #301 (comment) Also changed the migration back to unique
TFNS · Jul 25, 2024 · 6d44414 · 6d44414
1 parent 8b22bd2
commit 6d44414
Show file tree

Hide file tree

Showing 3 changed files with 40 additions and 3 deletions.
diff --git a/api/migrations/55-discord-account-invitation-link.sql b/api/migrations/55-discord-account-invitation-link.sql
@@ -1,5 +1,5 @@
 ALTER TABLE ctfnote_private.invitation_link
-  ADD COLUMN "discord_id" TEXT DEFAULT NULL;
+  ADD COLUMN "discord_id" TEXT UNIQUE DEFAULT NULL;
 
 DROP FUNCTION ctfnote.create_invitation_link ("role" ctfnote.role);
 CREATE OR REPLACE FUNCTION ctfnote.create_invitation_link ("role" ctfnote.role, "discord_id" text default null)

diff --git a/api/src/discord/commands/register.ts b/api/src/discord/commands/register.ts
@@ -32,6 +32,24 @@ async function createAccountLogic(
     return;
   }
 
+  const existing_invitation_code = await getInvitationTokenForDiscordId(
+    interaction.user.id
+  );
+  if (existing_invitation_code != null) {
+    const invitation_url = await getInvitationUrl(existing_invitation_code);
+    if (invitation_url == "") {
+      await interaction.editReply({
+        content: "Something went wrong.", // TODO: Meaningful error messages?
+      });
+      return;
+    }
+
+    await interaction.editReply({
+      content: `Your personal invitation url: ${invitation_url}. If you already have a CTFNote account you should link it using the /link command instead.`,
+    });
+    return;
+  }
+
   await interaction.editReply({
     content:
       "Generating private invitation url... If you already have a CTFNote account you should link it using the /link command instead.",

diff --git a/api/src/discord/database/users.ts b/api/src/discord/database/users.ts
@@ -52,8 +52,27 @@ type AllowedRoles =
   | "user_manager"
   | "user_admin";
 
-export async function createInvitationURLForDiscordId(
-  role: AllowedRoles,
+export async function getInvitationTokenForDiscordId(
+  discordId: string,
+  pgClient: PoolClient | null = null
+): Promise<string | null> {
+  const useRequestClient = pgClient != null;
+  if (pgClient == null) pgClient = await connectToDatabase();
+
+  try {
+    const query =
+      "SELECT token FROM ctfnote_private.invitation_link WHERE discord_id = $1";
+    const values = [discordId];
+    const queryResult = await pgClient.query(query, values);
+
+    return queryResult.rows[0].token as string;
+  } catch (error) {
+    return null;
+  } finally {
+    if (!useRequestClient) pgClient.release();
+  }
+}
+
   discordId: string,
   pgClient: PoolClient | null = null
 ): Promise<string | null> {