From 3fec9d794d54552807fc2de00fcaadd8aa97f0d3 Mon Sep 17 00:00:00 2001
From: Cipher Vance <hello@ciphervance.com>
Date: Fri, 19 Sep 2025 11:33:20 -0500
Subject: [PATCH 1/3] feat: add cors_origins

---
 main.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/main.go b/main.go
index 215c2a6..08341e5 100644
--- a/main.go
+++ b/main.go
@@ -50,7 +50,12 @@ func main() {
 		MaxAge:   60 * 80 * 24 * 7, // 7 days
 		HttpOnly: true,
 		Secure:   os.Getenv("ENV") == "production",
-		SameSite: http.SameSiteLaxMode,
+		SameSite: func() http.SameSite {
+			if os.Getenv("CORS_ORIGINS") != "" {
+				return http.SameSiteNoneMode
+			}
+			return http.SameSiteLaxMode
+		}(),
 	})
 	r.Use(sessions.Sessions("rideaware-session", store))
 

From 7b1df7bce1475c37b012b73b0d2370eaee9a1e6c Mon Sep 17 00:00:00 2001
From: Cipher Vance <hello@ciphervance.com>
Date: Fri, 19 Sep 2025 11:33:45 -0500
Subject: [PATCH 2/3] feat: more  validation on username, email

---
 services/user_service.go | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/services/user_service.go b/services/user_service.go
index c34d8a4..80c270e 100644
--- a/services/user_service.go
+++ b/services/user_service.go
@@ -19,6 +19,8 @@ func NewUserService(db *gorm.DB) *UserService {
 }
 
 func (s *UserService) CreateUser(username, email, password string) (*models.User, error) {
+	username = strings.TrimSpace(username)
+	email = strings.ToLower(strings.TrimSpace(email))
 	if username == "" || email == "" || password == "" {
 		return nil, errors.New("username, email, and password are required")
 	}
@@ -36,12 +38,15 @@ func (s *UserService) CreateUser(username, email, password string) (*models.User
 	var existingUser models.User
 	if err := s.db.Where("username = ? OR email = ?", username, email).First(&existingUser).Error; err == nil {
 		return nil, errors.New("user with this username or email already exists")
+	} else if !errors.Is(err, gorm.ErrRecordNotFound) {
+		log.Printf("Error checking existing users: %v", err)
+		return nil, errors.New("could not create user")
 	}
 
 	// Create new user
 	user := models.User{
 		Username: username,
-		Email:    email,
+		Email:    strings.ToLower(email),
 	}
 	if err := user.SetPassword(password); err != nil {
 		log.Printf("Error hashing password: %v", err)
@@ -59,7 +64,8 @@ func (s *UserService) CreateUser(username, email, password string) (*models.User
 func (s *UserService) VerifyUser(username, password string) (*models.User, error) {
 	var user models.User
 	identifier := strings.TrimSpace(username)
-	if err := s.db.Where("username = ? OR email = ?", identifier, strings.ToLower(identifier)).First(&user).Error; err != nil {
+	lid := strings.ToLower(identifier)
+	if err := s.db.Where("username = ? OR LOWER(email) = ?", identifier, lid).First(&user).Error; err != nil {
 		if errors.Is(err, gorm.ErrRecordNotFound) {
 			return nil, errors.New("invalid username or password")
 		}

From e65b56028e1c66dcf1b46d37851804192cf5492a Mon Sep 17 00:00:00 2001
From: Cipher Vance <hello@ciphervance.com>
Date: Fri, 19 Sep 2025 11:33:51 -0500
Subject: [PATCH 3/3] readd .env

---
 .dockerignore | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.dockerignore b/.dockerignore
index 36ad821..6138399 100644
--- a/.dockerignore
+++ b/.dockerignore
@@ -1,3 +1,4 @@
+.env
 .git
 .gitignore
 README.md