k1nq/TREK
1
0
Fork 0
mirror of https://github.com/mauriceboe/TREK.git synced 2026-06-19 13:21:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

Block demo user from deleting account and changing password (v2.4.1)

Browse Source
This commit is contained in:
Maurice
2026-03-20 00:02:53 +01:00
parent c887acddee
commit 3edf65957b
2 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
server/package.json
+1 -1
View File
@@ -1,6 +1,6 @@
{ {
"name": "nomad-server", "name": "nomad-server",
"version": "2.4.0", "version": "2.4.1",
"main": "src/index.js", "main": "src/index.js",
"scripts": { "scripts": {
"start": "node --experimental-sqlite src/index.js", "start": "node --experimental-sqlite src/index.js",
server/src/routes/auth.js
+7
View File
@@ -189,6 +189,9 @@ router.get('/me', authenticate, (req, res) => {
// PUT /api/auth/me/password // PUT /api/auth/me/password
router.put('/me/password', authenticate, (req, res) => { router.put('/me/password', authenticate, (req, res) => {
if (process.env.DEMO_MODE === 'true' && req.user.email === 'demo@nomad.app') {
return res.status(403).json({ error: 'Password change is disabled in demo mode.' });
}
const { new_password } = req.body; const { new_password } = req.body;
if (!new_password) return res.status(400).json({ error: 'New password is required' }); if (!new_password) return res.status(400).json({ error: 'New password is required' });
if (new_password.length < 8) return res.status(400).json({ error: 'Password must be at least 8 characters' }); if (new_password.length < 8) return res.status(400).json({ error: 'Password must be at least 8 characters' });
@@ -200,6 +203,10 @@ router.put('/me/password', authenticate, (req, res) => {
// DELETE /api/auth/me — delete own account // DELETE /api/auth/me — delete own account
router.delete('/me', authenticate, (req, res) => { router.delete('/me', authenticate, (req, res) => {
// Block demo user
if (process.env.DEMO_MODE === 'true' && req.user.email === 'demo@nomad.app') {
return res.status(403).json({ error: 'Account deletion is disabled in demo mode.' });
}
// Prevent deleting last admin // Prevent deleting last admin
if (req.user.role === 'admin') { if (req.user.role === 'admin') {
const adminCount = db.prepare("SELECT COUNT(*) as count FROM users WHERE role = 'admin'").get().count; const adminCount = db.prepare("SELECT COUNT(*) as count FROM users WHERE role = 'admin'").get().count;