refactor: require password verification

chore: styling work
2026-03-09 14:57:11 -07:00 · 2026-03-09 14:57:11 -07:00 · 86fa2b6d4b
commit 86fa2b6d4b
parent 7977fe9ea7
16 changed files with 348 additions and 88 deletions
--- a/public/api/events/index.ts
+++ b/public/api/events/index.ts
@ -41,13 +41,6 @@ export async function GET(request: Request, meta: Record<string, any>): Promise<
 				event_id
 			} = /^.*\/events\/.*\/(?<event_type>.*?)\:(?<event_id>[A-Za-z-]+)\.json$/.exec(entry.path)?.groups ?? {};

-			console.dir({
-				entry,
-				event_type,
-				event_id,
-				query: meta.query
-			});
-
 			if (meta.query.after_id && event_id <= meta.query.after_id) {
 				return false;
 			}
--- a/public/api/users/index.ts
+++ b/public/api/users/index.ts
@ -139,6 +139,22 @@ export async function POST(req: Request, meta: Record<string, any>): Promise<Res
 			});
 		}

+		const password_verification_hash: string = body.password_verification_hash ?? (typeof body.password_verification === 'string'
+			? encodeBase64(
+				await crypto.subtle.digest('SHA-256', new TextEncoder().encode(body.password_verification))
+			)
+			: '');
+		if (password_verification_hash !== password_hash) {
+			return Response.json({
+				error: {
+					cause: 'invalid password verification hash',
+					message: 'Password and verification must be identical.'
+				}
+			}, {
+				status: 400
+			});
+		}
+
 		const at_least_one_existing_user = (await USERS.all({
 			limit: 1,
 			offset: 0