diff --git a/functions/api/events-team/strikes/new.ts b/functions/api/events-team/strikes/new.ts index 8fcd819..db34eb0 100644 --- a/functions/api/events-team/strikes/new.ts +++ b/functions/api/events-team/strikes/new.ts @@ -2,6 +2,7 @@ import { jsonError, jsonResponse } from "../../../common.js"; export async function onRequestPost(context: RequestContext) { const { reason, user } = context.data.body; + const { D1 } = context.env; if (typeof reason !== "string") return jsonError("Invalid reason", 400); @@ -9,7 +10,10 @@ export async function onRequestPost(context: RequestContext) { typeof user !== "string" || user.length > 20 || user.length < 17 || - user.match(/\D/) + user.match(/\D/) || + !(await D1.prepare("SELECT id FROM et_members WHERE id = ?;") + .bind(user) + .first()) ) return jsonError("Invalid user id", 400); @@ -17,11 +21,14 @@ export async function onRequestPost(context: RequestContext) { const id = crypto.randomUUID().replaceAll("-", ""); const actingUser = context.data.current_user.id; - await context.env.D1.prepare( - "INSERT INTO et_strikes (created_at, created_by, id, reason, user) VALUES (?1, ?2, ?3, ?4, ?5); UPDATE et_members SET points = points - 100 WHERE id = ?5;", - ) - .bind(now, actingUser, id, reason, user) - .run(); + await D1.batch([ + D1.prepare( + "INSERT INTO et_strikes (created_at, created_by, id, reason, user) VALUES (?, ?, ?, ?, ?); UPDATE et_members SET points = points - 100 WHERE id = ?5;", + ).bind(now, actingUser, id, reason, user), + D1.prepare( + "UPDATE et_members SET points = points - 100 WHERE id = ?;", + ).bind(user), + ]); return jsonResponse( JSON.stringify({