Fix: Prevent race condition in user registration

2025-12-09 09:39:37 +00:00 · 2025-07-13 14:30:09 +05:00
parent ed920bb73b
commit 23e5f7ac2d
1 changed files with 34 additions and 24 deletions
--- a/server/routes/auth.js
+++ b/server/routes/auth.js
@@ -1,6 +1,6 @@
 import express from 'express';
 import bcrypt from 'bcrypt';
-import { userDb } from '../database/db.js';
+import { userDb, db } from '../database/db.js';
 import { generateToken, authenticateToken } from '../middleware/auth.js';

 const router = express.Router();
@@ -33,9 +33,13 @@ router.post('/register', async (req, res) => {
      return res.status(400).json({ error: 'Username must be at least 3 characters, password at least 6 characters' });
    }
    
+    // Use a transaction to prevent race conditions
+    db.prepare('BEGIN').run();
+    try {
      // Check if users already exist (only allow one user)
      const hasUsers = userDb.hasUsers();
      if (hasUsers) {
+        db.prepare('ROLLBACK').run();
        return res.status(403).json({ error: 'User already exists. This is a single-user system.' });
      }
      
@@ -52,11 +56,17 @@ router.post('/register', async (req, res) => {
      // Update last login
      userDb.updateLastLogin(user.id);

+      db.prepare('COMMIT').run();
+      
      res.json({
        success: true,
        user: { id: user.id, username: user.username },
        token
      });
+    } catch (error) {
+      db.prepare('ROLLBACK').run();
+      throw error;
+    }
    
  } catch (error) {
    console.error('Registration error:', error);