From f8d0dc6787772740cb298b2fbad5a2201e018f27 Mon Sep 17 00:00:00 2001
From: Derrick Hammer <derrick@derrickhammer.com>
Date: Tue, 16 Jan 2024 15:48:45 -0500
Subject: [PATCH] fix: delete challenges after they have been used

---
 api/s5/http.go | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/api/s5/http.go b/api/s5/http.go
index ef3d685..c377a46 100644
--- a/api/s5/http.go
+++ b/api/s5/http.go
@@ -352,6 +352,13 @@ func (h *HttpHandler) AccountRegister(jc jape.Context) {
 		return
 	}
 
+	result = h.portal.Database().Delete(&challenge)
+
+	if result.Error != nil {
+		errored(errAccountRegisterErr)
+		return
+	}
+
 	setAuthCookie(jwt, jc)
 }
 
@@ -482,6 +489,13 @@ func (h *HttpHandler) AccountLogin(jc jape.Context) {
 		return
 	}
 
+	result = h.portal.Database().Delete(&challenge)
+
+	if result.Error != nil {
+		errored(errAccountLoginErr)
+		return
+	}
+
 	setAuthCookie(jwt, jc)
 }