eb1e8a7870
All checks were successful
Build and Push Docker Image / build (push) Successful in 8m10s
Email lookups used findUnique (case-sensitive on PostgreSQL) but user input was lowercased, causing login failures for users with mixed-case emails stored in the DB (e.g. Laurent_Faure@dietsmann.com). Also normalized 7 affected emails to lowercase on the production DB. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
38 lines
1.3 KiB
TypeScript
38 lines
1.3 KiB
TypeScript
import { NextRequest, NextResponse } from 'next/server'
|
|
import { prisma } from '@/lib/prisma'
|
|
import { checkRateLimit } from '@/lib/rate-limit'
|
|
|
|
/**
|
|
* Pre-check whether an email exists before sending a magic link.
|
|
* This is a closed platform (no self-registration) so revealing
|
|
* email existence is acceptable and helps users who mistype.
|
|
* Rate-limited to 10 requests per 15 minutes per IP.
|
|
*/
|
|
export async function POST(req: NextRequest) {
|
|
try {
|
|
const ip = req.headers.get('x-forwarded-for')?.split(',')[0]?.trim() ?? 'unknown'
|
|
const rateResult = checkRateLimit(`check-email:${ip}`, 10, 15 * 60 * 1000)
|
|
if (!rateResult.success) {
|
|
return NextResponse.json(
|
|
{ exists: false, error: 'Too many requests' },
|
|
{ status: 429 },
|
|
)
|
|
}
|
|
|
|
const { email } = await req.json()
|
|
if (!email || typeof email !== 'string') {
|
|
return NextResponse.json({ exists: false }, { status: 400 })
|
|
}
|
|
|
|
const user = await prisma.user.findFirst({
|
|
where: { email: { equals: email.toLowerCase().trim(), mode: 'insensitive' } },
|
|
select: { status: true },
|
|
})
|
|
|
|
const exists = !!user && user.status !== 'SUSPENDED'
|
|
return NextResponse.json({ exists })
|
|
} catch {
|
|
return NextResponse.json({ exists: false }, { status: 500 })
|
|
}
|
|
}
|