some small changes for auth scripts

com/Auth/GetAccess.lua

@@ -1,3 +1,5 @@
+-- com/GetAccess
+
 ---@diagnostic disable: redefined-local
 local db = require("internal.database-sqlite").connect("db/user-database.db", {log = true})
 local log = require("internal.log")
@@ -13,7 +15,7 @@ end
 
 local function error_response(message, code, data)
   session.response.error = {
-    code = code or -32600,
+    code = code or nil,
     message = message,
     data = data or nil
   }
@@ -25,13 +27,24 @@ if not params then
   return error_response("No params provided")
 end
 
+if not session.request.params.token then
+  return error_response("access denied")
+end
+
+if session.request.params.token ~= require("_config").token() then
+  return error_response("access denied")
+end
+
 if not (params.username and params.email and params.password) then
-  return error_response("Missing username, email or password", -32602)
+  return error_response("Missing username, email or password")
 end
 
 local unit, err = db:query(
-  "SELECT id, username, email, password, created_at FROM users WHERE email = ? AND username = ? LIMIT 1",
-  {params.email, params.username}
+  "SELECT id, username, email, password, created_at FROM users WHERE email = ? AND username = ? AND deleted = 0 LIMIT 1",
+  {
+    params.email,
+    params.username
+  }
 )
 
 if err then
@@ -40,7 +53,7 @@ if err then
 end
 
 if not unit or #unit == 0 then
-  return error_response("Unit not found", -32604)
+  return error_response("Unit not found")
 end
 
 unit = unit[1]
@@ -48,7 +61,7 @@ unit = unit[1]
 local ok = crypt.compare(unit.password, params.password)
 if not ok then
   log.warn("Login failed: wrong password for " .. params.username)
-  return error_response("Invalid password", -32605)
+  return error_response("Invalid password")
 end
 
 session.response.result = {