github/TREK
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add race condition detection for invite token usage

Browse Source
This commit is contained in:
Gérnyi Márk
2026-03-30 00:59:02 +02:00
parent 187989cc1d
commit 377422a9d5
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
server/src/routes/oidc.ts
View File

@@ -225,9 +225,12 @@ router.get('/callback', async (req: Request, res: Response) => {
).run(username, email, hash, role, sub, config.issuer);
if (validInvite) {
db.prepare(
const updated = db.prepare(
'UPDATE invite_tokens SET used_count = used_count + 1 WHERE id = ? AND (max_uses = 0 OR used_count < max_uses)'
).run(validInvite.id);
if (updated.changes === 0) {
console.warn(`[OIDC] Invite token ${pending.inviteToken?.slice(0, 8)}... exceeded max_uses (race condition)`);
}
}
user = { id: Number(result.lastInsertRowid), username, email, role } as User;