Merge pull request #51 from Mirza-Samad-Ahmed-Baig/fix/registration-race-condition

Fix: Prevent race condition in user registration

server/routes/auth.js

@@ -1,6 +1,6 @@
 import express from 'express';
 import bcrypt from 'bcrypt';
-import { userDb } from '../database/db.js';
+import { userDb, db } from '../database/db.js';
 import { generateToken, authenticateToken } from '../middleware/auth.js';
 
 const router = express.Router();
@@ -33,9 +33,13 @@ router.post('/register', async (req, res) => {
       return res.status(400).json({ error: 'Username must be at least 3 characters, password at least 6 characters' });
     }
     
+    // Use a transaction to prevent race conditions
+    db.prepare('BEGIN').run();
+    try {
       // Check if users already exist (only allow one user)
       const hasUsers = userDb.hasUsers();
       if (hasUsers) {
+        db.prepare('ROLLBACK').run();
         return res.status(403).json({ error: 'User already exists. This is a single-user system.' });
       }
       
@@ -52,11 +56,17 @@ router.post('/register', async (req, res) => {
       // Update last login
       userDb.updateLastLogin(user.id);
 
+      db.prepare('COMMIT').run();
+      
       res.json({
         success: true,
         user: { id: user.id, username: user.username },
         token
       });
+    } catch (error) {
+      db.prepare('ROLLBACK').run();
+      throw error;
+    }
     
   } catch (error) {
     console.error('Registration error:', error);