import { Player } from 'shared/player';
+import xss from 'xss';
import bcrypt from 'bcrypt';
import { loadPlayer } from './player';
import { Auth } from '../shared/auth';
const hash = await bcrypt.hash(password, salt);
const data: Auth = {
id: playerId,
- username,
+ username: xss(username, { whiteList: {} }),
password: hash
};
console.log(e);
if(e?.code === '23505') {
if(e?.constraint === 'auth_pkey') {
- console.log(`Key ${playerId} was already claimed. ${username} tried claiming again..`);
+ console.log(`Key ${playerId} was already claimed. ${data.username} tried claiming again..`);
}
// someone already claimed this key
throw new Error('Invalid account');