fix(services): improve validation PUT /users/current

src/models/UserSettings.ts

@@ -8,10 +8,10 @@ export const themes = [Type.Literal('light'), Type.Literal('dark')]
 
 export const userSettingsSchema = {
   id,
-  language: Type.Union(languages, { default: 'en' }),
-  theme: Type.Union(themes, { default: 'dark' }),
-  isPublicEmail: Type.Boolean({ default: false }),
-  isPublicGuilds: Type.Boolean({ default: false }),
+  language: Type.Union(languages),
+  theme: Type.Union(themes),
+  isPublicEmail: Type.Boolean(),
+  isPublicGuilds: Type.Boolean(),
   createdAt: date.createdAt,
   updatedAt: date.updatedAt,
   userId: id

src/services/users/current/__test__/put.test.ts

@@ -82,7 +82,7 @@ describe('PUT /users/current', () => {
     expect(response.statusCode).toEqual(400)
   })
 
-  it('suceeds with valid website url', async () => {
+  it('succeeds with valid website url', async () => {
     const newWebsite = 'https://somerandomwebsite.com'
     const { accessToken, user } = await authenticateUserTest()
     prismaMock.user.update.mockResolvedValue({

src/services/users/current/put.ts

@@ -1,5 +1,4 @@
 import { randomUUID } from 'node:crypto'
-
 import { Static, Type } from '@sinclair/typebox'
 import { FastifyPluginAsync, FastifySchema } from 'fastify'
 
@@ -14,10 +13,10 @@ import { parseStringNullish } from '../../../tools/utils/parseStringNullish.js'
 
 const bodyPutServiceSchema = Type.Object({
   name: Type.Optional(userSchema.name),
-  email: Type.Optional(userSchema.email),
-  status: Type.Optional(userSchema.status),
-  biography: Type.Optional(userSchema.biography),
-  website: Type.Optional(userSchema.website)
+  email: Type.Optional(Type.Union([userSchema.email, Type.Null()])),
+  status: Type.Optional(Type.Union([userSchema.status, Type.Null()])),
+  biography: Type.Optional(Type.Union([userSchema.biography, Type.Null()])),
+  website: Type.Optional(Type.Union([userSchema.website, Type.Null()]))
 })
 
 type BodyPutServiceSchemaType = Static<typeof bodyPutServiceSchema>
@@ -89,7 +88,12 @@ export const putCurrentUser: FastifyPluginAsync = async (fastify) => {
       if (request.user.current.password != null) {
         strategies.push('local')
       }
-      if (email != null) {
+      if (email === null && strategies.includes('local')) {
+        throw fastify.httpErrors.badRequest(
+          'You must have an email to sign in.'
+        )
+      }
+      if (email != null && email !== request.user.current.email) {
         await prisma.refreshToken.deleteMany({
           where: {
             userId: request.user.current.id

src/tools/utils/parseStringNullish.ts

@@ -1,21 +1,25 @@
 /**
  * Parse a nullish string:
+ *  - if `string === undefined`, it returns `defaultString`
+ *  - if `string === null`, it returns `null`
  *  - if `string.length === 0`, it returns `null`
- *  - if `string == null`, it returns `defaultString`
- *  - if `string.length > 0`, it returns `string`
+ *  - else, it returns `string`
  * @param defaultString
  * @param string
  * @returns
  */
 export const parseStringNullish = (
   defaultString: string | null,
-  string?: string
+  string?: string | null
 ): string | null => {
-  if (string != null) {
-    if (string.length > 0) {
-      return string
-    }
+  if (string === undefined) {
+    return defaultString
+  }
+  if (string === null) {
     return null
   }
-  return defaultString
+  if (string.length === 0) {
+    return null
+  }
+  return string
 }