2 files changed, 23 insertions, 14 deletions

diff --git a/api/src/middlewares/RateLimit.ts b/api/src/middlewares/RateLimit.ts
index ca6de98f..13f1602c 100644
--- a/api/src/middlewares/RateLimit.ts
+++ b/api/src/middlewares/RateLimit.ts
@@ -46,12 +46,14 @@ export default function rateLimit(opts: {
 }): any {
 	return async (req: Request, res: Response, next: NextFunction): Promise<any> => {
 		// exempt user? if so, immediately short circuit
-		const rights = await getRights(req.user_id);
-		if (rights.has("BYPASS_RATE_LIMITS")) return;
-		
+		if (req.user_id) {
+			const rights = await getRights(req.user_id);
+			if (rights.has("BYPASS_RATE_LIMITS")) return;
+		}
+
 		const bucket_id = opts.bucket || req.originalUrl.replace(API_PREFIX_TRAILING_SLASH, "");
 		var executor_id = getIpAdress(req);
-		if (!opts.onlyIp && req.user_id) executor_id = req.user_id;		
+		if (!opts.onlyIp && req.user_id) executor_id = req.user_id;
 
 		var max_hits = opts.count;
 		if (opts.bot && req.user_bot) max_hits = opts.bot;
@@ -161,7 +163,7 @@ export async function initRateLimits(app: Router) {
 	app.use("/auth/register", rateLimit({ onlyIp: true, success: true, ...routes.auth.register }));
 }
 
-async function hitRoute(opts: { executor_id: string; bucket_id: string; max_hits: number; window: number }) {
+async function hitRoute(opts: { executor_id: string; bucket_id: string; max_hits: number; window: number; }) {
 	const id = opts.executor_id + opts.bucket_id;
 	var limit = Cache.get(id);
 	if (!limit) {
diff --git a/api/src/routes/users/@me/index.ts b/api/src/routes/users/@me/index.ts
index 1af413c4..122080f2 100644
--- a/api/src/routes/users/@me/index.ts
+++ b/api/src/routes/users/@me/index.ts
@@ -1,5 +1,5 @@
 import { Router, Request, Response } from "express";
-import { User, PrivateUserProjection, emitEvent, UserUpdateEvent, handleFile, FieldErrors } from "@fosscord/util";
+import { User, PrivateUserProjection, emitEvent, UserUpdateEvent, handleFile, FieldErrors, adjustEmail } from "@fosscord/util";
 import { route } from "@fosscord/api";
 import bcrypt from "bcrypt";
 
@@ -21,6 +21,7 @@ export interface UserModifySchema {
 	password?: string;
 	new_password?: string;
 	code?: string;
+	email?: string;
 }
 
 router.get("/", route({}), async (req: Request, res: Response) => {
@@ -46,6 +47,12 @@ router.patch("/", route({ body: "UserModifySchema" }), async (req: Request, res:
 		}
 	}
 
+	if (body.email) {
+		body.email = adjustEmail(body.email);
+		if (!body.email)
+			throw FieldErrors({ email: { message: req.t("auth:register.EMAIL_INVALID"), code: "EMAIL_INVALID" } });
+	}
+
 	if (body.new_password) {
 		if (!body.password && !user.email) {
 			throw FieldErrors({
@@ -55,14 +62,14 @@ router.patch("/", route({ body: "UserModifySchema" }), async (req: Request, res:
 		user.data.hash = await bcrypt.hash(body.new_password, 12);
 	}
 
-    if(body.username){
-        var check_username = body?.username?.replace(/\s/g, '');
-        if(!check_username) {
-            throw FieldErrors({
-                username: { code: "BASE_TYPE_REQUIRED", message: req.t("common:field.BASE_TYPE_REQUIRED") }
-            });
-        }
-    }
+	if (body.username) {
+		var check_username = body?.username?.replace(/\s/g, '');
+		if (!check_username) {
+			throw FieldErrors({
+				username: { code: "BASE_TYPE_REQUIRED", message: req.t("common:field.BASE_TYPE_REQUIRED") }
+			});
+		}
+	}
 
 	user.assign(body);
 	await user.save();