openclawd/docfast
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: BUG-022 check duplicate email before rate limit, BUG-024 support X-API-Key header

Browse source
This commit is contained in:
OpenClaw 2026-02-14 18:41:46 +00:00
parent f59b99203e
commit a67c16cd0f
3 changed files with 28 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

15
src/routes/signup.ts
View file

@ -22,8 +22,21 @@ const verifyLimiter = rateLimit({
legacyHeaders: false,
});
// Pre-check: reject already-registered emails BEFORE rate limiting (BUG-022)
function rejectDuplicateEmail(req: Request, res: Response, next: Function) {
const { email } = req.body || {};
if (email && typeof email === "string") {
const cleanEmail = email.trim().toLowerCase();
if (isEmailVerified(cleanEmail)) {
res.status(409).json({ error: "Email already registered" });
return;
}
}
next();
}
// Step 1: Request signup — generates 6-digit code
router.post("/free", signupLimiter, async (req: Request, res: Response) => {
router.post("/free", rejectDuplicateEmail, signupLimiter, async (req: Request, res: Response) => {
const { email } = req.body || {};
if (!email || typeof email !== "string" || !/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(email)) {