From 5de37c11b6cca1649efbb0df37371591c7856ff9 Mon Sep 17 00:00:00 2001 From: Thomas Hintz Date: Mon, 24 Apr 2023 06:56:59 +0200 Subject: [PATCH] fixing status codes in redirects --- src/pages/api/create-account.js | 14 +++++++------- src/pages/api/sign-in.js | 8 ++++---- src/pages/api/sign-out.js | 2 +- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/src/pages/api/create-account.js b/src/pages/api/create-account.js index a9c84c4..f0ad54c 100644 --- a/src/pages/api/create-account.js +++ b/src/pages/api/create-account.js @@ -55,7 +55,7 @@ async function handler(req, res) { if (email && password && password === passwordagain && (csi || patreon_magic_key)) { // Check for minimum password length if (password.length < 12) { - return res.redirect(makeMsg(csi, email, 'Please enter a password that is at least 12 characters long.'), 303); + return res.redirect(303, makeMsg(csi, email, 'Please enter a password that is at least 12 characters long.')); } // Retrieve Stripe session and email or get verify patreon magic key @@ -70,14 +70,14 @@ async function handler(req, res) { if (!session) { console.error('unable to get session'); } if (!emailFromSession) { console.error('unable to get email from session'); } if (!email === emailFromSession) { console.error('session email does not match form email'); } - return res.redirect('/reactors/create-account?unexpected_error=true', 303); + return res.redirect(303, '/reactors/create-account?unexpected_error=true'); } // Check if user already exists const existingUser = await db.get('select id from users where email=?', email); if (existingUser) { console.error('User already exists'); - return res.redirect('/reactors/create-account?unexpected_error=true', 303); + return res.redirect(303, '/reactors/create-account?unexpected_error=true'); } // Create new user and subscription @@ -86,18 +86,18 @@ async function handler(req, res) { const userId = await createUser(email, salt, hashRes); await createSubscription(userId, sessionType); console.log('User created successfully'); - return res.redirect('/reactors/account', 303); + return res.redirect(303, '/reactors/account'); } else { // Handle missing or invalid form data if (!email || !csi) { console.error('Missing email or csi'); - return res.redirect('/reactors/create-account?unexpected_error=true', 303); + return res.redirect(303, '/reactors/create-account?unexpected_error=true'); } if (!password) { - return res.redirect(makeMsg(csi, email, 'Please enter a password'), 303); + return res.redirect(303, makeMsg(csi, email, 'Please enter a password')); } if (password !== passwordagain) { - return res.redirect(makeMsg(csi, email, 'Passwords did not match. Please try again.'), 303) + return res.redirect(303, makeMsg(csi, email, 'Passwords did not match. Please try again.')) } } } else { diff --git a/src/pages/api/sign-in.js b/src/pages/api/sign-in.js index 0a5d2f5..fa037e7 100644 --- a/src/pages/api/sign-in.js +++ b/src/pages/api/sign-in.js @@ -46,16 +46,16 @@ async function handler(req, res) { const expiresDate = new Date(today.getTime() + (1000 * maxAge)); await db.run('insert into sessions (user_id, session_id, expires) values (?, ?, ?);', userId, sessionId, expiresDate.toISOString()); setCookie('session', sessionId, { req, res, maxAge: rememberMe ? maxAge : undefined, httpOnly: true, sameSite: true, secure: process.env.NODE_ENV === 'production' }); - res.redirect('/reactors/account', 303) + res.redirect(303, '/reactors/account') } else { - res.redirect(makeMsg(email, 'Invalid password or account does not exist.'), 303); + res.redirect(303, makeMsg(email, 'Invalid password or account does not exist.')); } } else { if (!email) { - res.redirect(makeMsg(email, 'Please enter an email address.'), 303); + res.redirect(303, makeMsg(email, 'Please enter an email address.')); } if (!password) { - res.redirect(makeMsg(email, 'Please enter a password.'), 303); + res.redirect(303, makeMsg(email, 'Please enter a password.')); } } } else { diff --git a/src/pages/api/sign-out.js b/src/pages/api/sign-out.js index cb62e04..7870cc7 100644 --- a/src/pages/api/sign-out.js +++ b/src/pages/api/sign-out.js @@ -3,7 +3,7 @@ import { deleteCookie } from 'cookies-next'; export default async function handler(req, res) { if (req.method === 'POST') { deleteCookie('session', { req, res, httpOnly: true, sameSite: true, secure: process.env.NODE_ENV === 'production' }); - return res.redirect('/', 303); + return res.redirect(303, '/'); } else { // Handle any other HTTP method }