From 7b1df7bce1475c37b012b73b0d2370eaee9a1e6c Mon Sep 17 00:00:00 2001
From: Cipher Vance <hello@ciphervance.com>
Date: Fri, 19 Sep 2025 11:33:45 -0500
Subject: [PATCH] feat: more  validation on username, email

---
 services/user_service.go | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/services/user_service.go b/services/user_service.go
index c34d8a4..80c270e 100644
--- a/services/user_service.go
+++ b/services/user_service.go
@@ -19,6 +19,8 @@ func NewUserService(db *gorm.DB) *UserService {
 }
 
 func (s *UserService) CreateUser(username, email, password string) (*models.User, error) {
+	username = strings.TrimSpace(username)
+	email = strings.ToLower(strings.TrimSpace(email))
 	if username == "" || email == "" || password == "" {
 		return nil, errors.New("username, email, and password are required")
 	}
@@ -36,12 +38,15 @@ func (s *UserService) CreateUser(username, email, password string) (*models.User
 	var existingUser models.User
 	if err := s.db.Where("username = ? OR email = ?", username, email).First(&existingUser).Error; err == nil {
 		return nil, errors.New("user with this username or email already exists")
+	} else if !errors.Is(err, gorm.ErrRecordNotFound) {
+		log.Printf("Error checking existing users: %v", err)
+		return nil, errors.New("could not create user")
 	}
 
 	// Create new user
 	user := models.User{
 		Username: username,
-		Email:    email,
+		Email:    strings.ToLower(email),
 	}
 	if err := user.SetPassword(password); err != nil {
 		log.Printf("Error hashing password: %v", err)
@@ -59,7 +64,8 @@ func (s *UserService) CreateUser(username, email, password string) (*models.User
 func (s *UserService) VerifyUser(username, password string) (*models.User, error) {
 	var user models.User
 	identifier := strings.TrimSpace(username)
-	if err := s.db.Where("username = ? OR email = ?", identifier, strings.ToLower(identifier)).First(&user).Error; err != nil {
+	lid := strings.ToLower(identifier)
+	if err := s.db.Where("username = ? OR LOWER(email) = ?", identifier, lid).First(&user).Error; err != nil {
 		if errors.Is(err, gorm.ErrRecordNotFound) {
 			return nil, errors.New("invalid username or password")
 		}