From bcd0e2c0ecf208bb8a831f660faf1ae6fc74bb96 Mon Sep 17 00:00:00 2001
From: olcxja <olcxja@olcxja.ovh>
Date: Sat, 30 May 2026 11:01:51 +0200
Subject: [PATCH] prevent user keys override, will add this later with password
 change

---
 LarpixServer/Account/Requests.cs | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/LarpixServer/Account/Requests.cs b/LarpixServer/Account/Requests.cs
index de9be00..1d17b6e 100644
--- a/LarpixServer/Account/Requests.cs
+++ b/LarpixServer/Account/Requests.cs
@@ -488,8 +488,20 @@ public static async Task Auth(HttpContext context, Func<Task> next, IQueryCollec
             body,
             AppJsonSerializerContext.Default.Universal2String
         );
-        //string publicKey = serializedBody.string1;
-        //string privateEncryptedKey = serializedBody.string2;
+        string existingRaw = await Utils.GetUserKeys(id);
+        if (!string.IsNullOrWhiteSpace(existingRaw))
+        {
+            Universal2String existing = JsonSerializer.Deserialize(
+                existingRaw,
+                AppJsonSerializerContext.Default.Universal2String
+            );
+            string existingPub = existing.string2?.Trim() ?? "";
+            string newPub = serializedBody.string2?.Trim() ?? "";
+            if (!string.IsNullOrEmpty(existingPub) && !string.IsNullOrEmpty(newPub) && existingPub != newPub)
+            {
+                return "error:keys.public.mismatch";
+            }
+        }
         await Utils.UpdateUserKeys(id, body);
         return "success:keys.updated";
     }