Fix: Re-use validator from signup on invitation creation #108 (#113)

* fix: invitation validation * fix: lint
2025-11-10 04:22:09 +10:00 · 2025-06-08 14:47:08 +10:00
parent 72ae7a2884
commit e32954ea7d
3 changed files with 15 additions and 21 deletions
--- a/pages/admin/users/auth/simple/index.vue
+++ b/pages/admin/users/auth/simple/index.vue
@ -360,9 +360,7 @@
                    :loading="loading"
                    type="submit"
                    class="w-full sm:w-fit"
-                    :disabled="
-                      !(validUsername && validEmail && username && email)
-                    "
+                    :disabled="!(validUsername && validEmail)"
                  >
                    {{ $t("users.admin.simple.inviteButton") }}
                  </LoadingButton>
--- a/server/api/v1/admin/auth/invitation/index.post.ts
+++ b/server/api/v1/admin/auth/invitation/index.post.ts
@ -1,12 +1,14 @@
 import { readDropValidatedBody, throwingArktype } from "~/server/arktype";
 import aclManager from "~/server/internal/acls";
 import prisma from "~/server/internal/db/database";
-import { CreateUserValidator } from "../../../auth/signup/simple.post";
+import { SharedRegisterValidator } from "../../../auth/signup/simple.post";

-const CreateInvite = CreateUserValidator.and({
-  expires: "Date",
-  isAdmin: "boolean = false",
-}).configure(throwingArktype);
+const CreateInvite = SharedRegisterValidator.partial()
+  .and({
+    expires: "string",
+    isAdmin: "boolean = false",
+  })
+  .configure(throwingArktype);

 export default defineEventHandler(async (h3) => {
  const allowed = await aclManager.allowSystemACL(h3, [
@ -16,8 +18,6 @@ export default defineEventHandler(async (h3) => {

  const body = await readDropValidatedBody(h3, CreateInvite);

-  console.log(body);
-
  const invitation = await prisma.invitation.create({
    data: body,
  });
--- a/server/api/v1/auth/signup/simple.post.ts
+++ b/server/api/v1/auth/signup/simple.post.ts
@ -7,10 +7,13 @@ import { type } from "arktype";
 import { randomUUID } from "node:crypto";
 import { throwingArktype } from "~/server/arktype";

-export const CreateUserValidator = type({
-  invitation: "string?", // Optional because we re-use this validator
+export const SharedRegisterValidator = type({
  username: "string >= 5",
  email: "string.email",
+});
+
+const CreateUserValidator = SharedRegisterValidator.and({
+  invitation: "string",
  password: "string >= 14",
  "displayName?": "string | undefined",
 }).configure(throwingArktype);
@ -28,15 +31,8 @@ export default defineEventHandler<{

  const user = await readValidatedBody(h3, CreateUserValidator);

-  const invitationId = user.invitation;
-  if (!invitationId)
-    throw createError({
-      statusCode: 401,
-      statusMessage: t("errors.auth.invalidInvite"),
-    });
-
  const invitation = await prisma.invitation.findUnique({
-    where: { id: invitationId },
+    where: { id: user.invitation },
  });
  if (!invitation)
    throw createError({
@ -87,7 +83,7 @@ export default defineEventHandler<{
        user: true,
      },
    }),
-    prisma.invitation.delete({ where: { id: invitationId } }),
+    prisma.invitation.delete({ where: { id: user.invitation } }),
  ]);

  return linkMec.user;