From 1c16184bfe2188ba474e153786c806604718f685 Mon Sep 17 00:00:00 2001
From: Dita Aji Pratama <ditaajipratama@protonmail.com>
Date: Thu, 7 Aug 2025 12:22:07 +0700
Subject: [PATCH] Validating email and username (if username not null)

---
 modules/api/auth.py | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/modules/api/auth.py b/modules/api/auth.py
index 35d1aef..bde6b0a 100644
--- a/modules/api/auth.py
+++ b/modules/api/auth.py
@@ -257,6 +257,10 @@ class auth:
             loggorilla.prcss(APIADDR, "Get dependency data")
             self.cursor.execute("SELECT COUNT(*) AS `count`, auth.token, auth_profile.id, auth_profile.username, auth.password FROM auth_profile INNER JOIN auth ON auth.token = auth_profile.token WHERE auth_profile.username = %s ; ", (user['profile']['username'],) )
             result_login = self.cursor.fetchone()
+            self.cursor.execute(f"SELECT COUNT(*) AS `count`, auth_profile.token, auth_profile.email FROM auth_profile_verification INNER JOIN auth_profile ON auth_profile.id = auth_profile_verification.profile WHERE auth_profile.email = %s AND auth_profile_verification.type = 'email' ; ", (email,) )
+            result_email = self.cursor.fetchone()
+            self.cursor.execute("SELECT COUNT(*) AS `count` FROM auth_profile WHERE username = %s ; ", (username,) )
+            result_username = self.cursor.fetchone()
             loggorilla.prcss(APIADDR, "Account validation")
             user_validation 	= procedure_validation.validation().account(APIADDR, allowed_roles, token)
             user 		= user_validation['data']
@@ -272,6 +276,22 @@ class auth:
                 loggorilla.prcss(APIADDR, "Giving response")
                 response["status"	] = "failed"
                 response["desc"		] = "Incorrect password for send invitation"
+            elif result_email["count"] > 0:
+                loggorilla.prcss(APIADDR, "Giving response")
+                response["status"	] = "failed"
+                response["desc"		] = "Email already taken"
+            elif username != None and result_username["count"] >= 1:
+                response["status"	] = "failed"
+                response["desc"		] = "username already taken"
+            elif username != None and not re.match(r'^\w+$', username):
+                response["status"	] = "failed"
+                response["desc"		] = "username can only use letters, numbers, and the underscore symbol"
+            elif username != None and len(username) > 35:
+                response["status"	] = "failed"
+                response["desc"		] = "username can not longer than 35 character"
+            elif username != None and len(username) < 3:
+                response["status"	] = "failed"
+                response["desc"		] = "username too short"
             else:
                 loggorilla.prcss(APIADDR, "Set expired datetime")
                 expired 		= globalvar.invitation_link_expiration