Merge branch 'transactions-in-procedure'

apps/api-server/src/procedures/auth/forgot-password.ts

@@ -30,26 +30,29 @@ export const forgotPassword = os.auth.forgotPassword.handler(
 
     // If user exists, create password reset token and send email
     if (user) {
-      // Delete any existing password reset tokens for this user (security measure)
-      await context.db
-        .deleteFrom("password_resets")
-        .where("user_id", "=", user.id)
-        .execute();
-
       // Generate secure base58 token
       const token = generateSecureBase58Token();
 
       // Create password reset record with 1 hour expiry
       const expiresAt = generateExpiry(TOKEN_DURATIONS.PASSWORD_RESET);
 
-      await context.db
-        .insertInto("password_resets")
-        .values({
-          user_id: user.id,
-          token,
-          expires_at: expiresAt,
-        })
-        .execute();
+      // Delete old tokens and insert new one in transaction
+      await context.db.transaction().execute(async (trx) => {
+        // Delete any existing password reset tokens for this user (security measure)
+        await trx
+          .deleteFrom("password_resets")
+          .where("user_id", "=", user.id)
+          .execute();
+
+        await trx
+          .insertInto("password_resets")
+          .values({
+            user_id: user.id,
+            token,
+            expires_at: expiresAt,
+          })
+          .execute();
+      });
 
       // Send password reset email
       await sendPasswordResetEmail({