update due to activation_codes being a different table now

Author: pendo324

api/activate.js

@@ -4,10 +4,9 @@ const db = require('./../db');
 const app = express.Router();
 
 app.get('/activate/:code([a-zA-Z0-9]{64})', async (req, res) => {
-  await db.query(
-    'update users set activated=$1, activation_code=$2 where activation_code=$3',
-    [true, null, req.params.code]
-  );
+  await db.query('delete from activation_codes where activation_code = $1', [
+    req.params.code
+  ]);
 
   res.sendStatus(200);
 });

api/createAccount.js

@@ -42,22 +42,28 @@ app.post('/create', async (req, res) => {
     await checkAccountExists(req.body.username, req.body.email);
     const activationCode = makeActivationCode(req.body.username);
     try {
-      await db.query(
-        'insert into users (id, username, password_hash, email, activation_code, activated) values ($1, $2, $3, $4, $5, $6)',
+      const userRes = await db.query(
+        'insert into users (id, username, password_hash, email, activated) values ($1, $2, $3, $4, $5) returning id',
         [
           ulid(),
           req.body.username,
           hashPassword(req.body.password),
           req.body.email,
-          activationCode,
           false
         ]
       );
+
+      const userId = userRes.rows[0].id;
+
+      await db.query(
+        'insert into activation_codes (id, user_id, activation_code) values ($1, $2, $3)',
+        [ulid(), userId, activationCode]
+      );
       res.sendStatus(200);
       emailer.sendActivationEmail(req.body.email, activationCode);
     } catch (err) {
       console.log(err);
-      res.sendStatus(503);
+      return res.sendStatus(503);
     }
   } catch (err) {
     console.log(err);

api/login.js

@@ -19,10 +19,34 @@ app.post('/login', async (req, res) => {
 
   try {
     const result = await db.query(
-      'select username, id, password_hash from users where username=$1',
+      'select username, id, password_hash, activated from users where username=$1',
       [req.body.username]
     );
 
+    if (result.rows.length !== 1) {
+      return res.status(500).send();
+    }
+
+    const userId = result.rows[0].id;
+
+    const activatedRes = await db.query(
+      'select id from activation_codes where user_id = $1',
+      [userId]
+    );
+
+    if (activatedRes.rows.length > 0) {
+      return res.status(403).json({
+        error: 'User not activated'
+      });
+    }
+
+    if (!result.rows[0].activated) {
+      await db.query('update users set activated=$2 where id = $1', [
+        userId,
+        true
+      ]);
+    }
+
     if (bcrypt.compareSync(req.body.password, result.rows[0].password_hash)) {
       const token = jwt.sign(
         {