🐛 Raw Error 500 on /admin/arm when trying to put a npub / email on a …

src/routes/(app)/admin[[hash=admin_hash]]/arm/+page.svelte

@@ -16,6 +16,12 @@
 	}
 
 	let successMessage = '';
+	let listEmail = data.users.flatMap((user) => user.recovery?.email ?? '');
+	let listNpub = data.users.flatMap((user) => user.recovery?.npub ?? '');
+	function hasDuplicates(list: string[]) {
+		let uniqueSet = new Set(list.filter((recover) => recover));
+		return uniqueSet.size !== list.filter((recover) => recover).length;
+	}
 </script>
 
 <h1 class="text-3xl">Access Rights Management</h1>
@@ -116,7 +122,12 @@
 </ul>
 
 <h2 class="text-2xl">Users</h2>
-
+{#if hasDuplicates(listEmail)}
+	<span class="text-red-500">Duplicated emails was found, please fix them before submit</span>
+{/if}
+{#if hasDuplicates(listNpub)}
+	<span class="text-red-500">Duplicated Npubs was found, please fix them before submit</span>
+{/if}
 <a href="{data.adminPrefix}/arm/user/new" class="underline">Create a user</a>
 
 <ul
@@ -133,7 +144,7 @@
 		<span>Password</span>
 		<span>Delete</span>
 	</li>
-	{#each data.users as user}
+	{#each data.users as user, i}
 		<li class="contents">
 			<form
 				action="{data.adminPrefix}/arm/user/{user._id}?/update"
@@ -178,14 +189,14 @@
 					name="recoveryEmail"
 					class="form-input"
 					disabled={data.roleId !== SUPER_ADMIN_ROLE_ID && user.roleId === SUPER_ADMIN_ROLE_ID}
-					value={user.recovery?.email ?? ''}
+					bind:value={listEmail[i]}
 				/>
 				<input
 					type="text"
 					name="recoveryNpub"
 					class="form-input"
 					disabled={data.roleId !== SUPER_ADMIN_ROLE_ID && user.roleId === SUPER_ADMIN_ROLE_ID}
-					value={user.recovery?.npub ?? ''}
+					bind:value={listNpub[i]}
 				/>
 				<select class="form-input" disabled={user.roleId === SUPER_ADMIN_ROLE_ID} name="roleId">
 					{#each data.roles as role}
@@ -202,7 +213,12 @@
 					<option value="enabled" selected={!user.disabled}>Enabled</option>
 					<option value="disabled" selected={!!user.disabled}>Disabled</option>
 				</select>
-				<button type="submit" class="btn btn-black self-start" title="Save">
+				<button
+					type="submit"
+					class="btn btn-black self-start"
+					title="Save"
+					disabled={hasDuplicates(listEmail) || hasDuplicates(listNpub)}
+				>
 					<IconSave />
 				</button>
 				<button

src/routes/(app)/admin[[hash=admin_hash]]/arm/user/[id]/+page.server.ts

@@ -2,6 +2,7 @@ import { adminPrefix } from '$lib/server/admin';
 import { collections } from '$lib/server/database.js';
 import { zodNpub } from '$lib/server/nostr.js';
 import { sendResetPasswordNotification } from '$lib/server/sendNotification.js';
+import { isUniqueConstraintError } from '$lib/server/utils/isUniqueConstraintError';
 import { CUSTOMER_ROLE_ID, SUPER_ADMIN_ROLE_ID } from '$lib/types/User.js';
 import { error, redirect } from '@sveltejs/kit';
 import { ObjectId } from 'mongodb';
@@ -45,24 +46,30 @@ export const actions = {
 		if (user.roleId === SUPER_ADMIN_ROLE_ID && locals.user?.roleId !== SUPER_ADMIN_ROLE_ID) {
 			throw error(400, 'You are not allowed to edit admin information');
 		}
-
-		await collections.users.updateOne(
-			{ _id: user._id },
-			{
-				$set: {
-					login: parsed.login,
-					...(parsed.alias && { alias: parsed.alias }),
-					recovery: {
-						...(parsed.recoveryEmail && { email: parsed.recoveryEmail }),
-						...(parsed.recoveryNpub && { npub: parsed.recoveryNpub })
-					},
-					disabled: parsed.status === 'disabled',
-					roleId: parsed.roleId ?? user.roleId
+		try {
+			await collections.users.updateOne(
+				{ _id: user._id },
+				{
+					$set: {
+						login: parsed.login,
+						...(parsed.alias && { alias: parsed.alias }),
+						recovery: {
+							...(parsed.recoveryEmail && { email: parsed.recoveryEmail }),
+							...(parsed.recoveryNpub && { npub: parsed.recoveryNpub })
+						},
+						disabled: parsed.status === 'disabled',
+						roleId: parsed.roleId ?? user.roleId
+					}
 				}
-			}
-		);
+			);
 
-		throw redirect(303, `${adminPrefix()}/arm`);
+			throw redirect(303, `${adminPrefix()}/arm`);
+		} catch (error) {
+			if (isUniqueConstraintError(error)) {
+				return;
+			}
+			throw error;
+		}
 	},
 	resetPassword: async function ({ params }) {
 		const user = await collections.users.findOne({ _id: new ObjectId(params.id) });

src/routes/(app)/admin[[hash=admin_hash]]/arm/user/new/+page.server.ts

@@ -6,6 +6,7 @@ import { ObjectId } from 'mongodb';
 import { zodNpub } from '$lib/server/nostr.js';
 import { sendResetPasswordNotification } from '$lib/server/sendNotification.js';
 import { adminPrefix } from '$lib/server/admin.js';
+import { isUniqueConstraintError } from '$lib/server/utils/isUniqueConstraintError';
 
 export const actions = {
 	default: async function ({ request }) {
@@ -44,11 +45,17 @@ export const actions = {
 			updatedAt: new Date(),
 			roleId
 		};
+		try {
+			await collections.users.insertOne(user);
 
-		await collections.users.insertOne(user);
+			await sendResetPasswordNotification(user);
 
-		await sendResetPasswordNotification(user);
-
-		throw redirect(303, `${adminPrefix()}/arm`);
+			throw redirect(303, `${adminPrefix()}/arm`);
+		} catch (error) {
+			if (isUniqueConstraintError(error)) {
+				return;
+			}
+			throw error;
+		}
 	}
 };