feat: do not allow linking non existent subscriptions

Signed-off-by: Alexander Alemayhu <alexander@alemayhu.com>

Author: aalemayhu

src/controllers/UsersControllers.ts

@@ -211,6 +211,13 @@ class UsersController {
     }
 
     try {
+      const emailExists =
+        await this.userService.checkSubscriptionEmailExists(email);
+      if (!emailExists) {
+        console.warn('Linking attempted with non-existent email');
+        return res.status(400).json({ message: 'Failed to link email.' });
+      }
+
       await this.userService.updateSubscriptionLinkedEmail(owner, email);
       return res.status(200).json({});
     } catch (error) {

src/data_layer/UsersRepository.ts

@@ -106,6 +106,13 @@ class UsersRepository {
   updatePatreonByEmail(email: string, patreon: boolean) {
     return this.database(this.table).where({ email }).update({ patreon });
   }
+
+  async checkSubscriptionEmailExists(email: string): Promise<boolean> {
+    const subscription = await this.database('subscriptions')
+      .where({ email: email.toLowerCase() })
+      .first();
+    return !!subscription;
+  }
 }
 
 export default UsersRepository;

src/services/UsersService.ts

@@ -69,6 +69,12 @@ class UsersService {
     return this.repository.getSubscriptionLinkedEmail(owner);
   }
 
+  async checkSubscriptionEmailExists(email: string): Promise<boolean> {
+    const subscription =
+      await this.repository.checkSubscriptionEmailExists(email);
+    return !!subscription;
+  }
+
   getUserById(owner: string): Promise<Users> {
     return this.repository.getById(owner);
   }