chore: add additional guard clause for email validation

opengovsg · Nov 7, 2024 · 805eebf · 805eebf
1 parent 0dfe78c
commit 805eebf
Showing 1 changed file with 10 additions and 1 deletion.
diff --git a/apps/studio/src/server/modules/whitelist/whitelist.service.ts b/apps/studio/src/server/modules/whitelist/whitelist.service.ts
@@ -1,10 +1,19 @@
 import { TRPCError } from "@trpc/server"
 
+import { isValidEmail } from "~/utils/email"
 import { db } from "../database"
 
 export const isEmailWhitelisted = async (email: string) => {
   const lowercaseEmail = email.toLowerCase()
 
+  // Extra guard even if Zod validation has already checked
+  if (!isValidEmail(lowercaseEmail)) {
+    throw new TRPCError({
+      code: "BAD_REQUEST",
+      message: "Please sign in with a valid email address.",
+    })
+  }
+
   // Step 1: Check if the exact email address is whitelisted
   const exactMatch = await db
     .selectFrom("Whitelist")
@@ -24,7 +33,7 @@ export const isEmailWhitelisted = async (email: string) => {
   if (emailParts.length !== 2 && !emailParts[1]) {
     throw new TRPCError({
       code: "BAD_REQUEST",
-      message: "An invalid email was provided",
+      message: "Please sign in with a valid email address.",
     })
   }