makearmy/makearmy-app
1
0
Fork 0
Code Issues 11 Pull requests Projects Releases Packages Wiki Activity Actions

profile editor bug fixes

Browse source
This commit is contained in:
makearmy 2025-09-30 20:36:26 -04:00
parent 0cbeca833f
commit 16ae6d9c1c
4 changed files with 194 additions and 122 deletions
Download patch file Download diff file Expand all files Collapse all files

12
app/api/account/password/route.ts
View file

@ -33,12 +33,16 @@ async function handle(req: Request) {
const friendly = /invalid|credential|old_password|incorrect/i.test(reason)
? "Current password is incorrect"
: reason;
// Propagate upstream status (401/403/400…) so the UI can react.
return NextResponse.json({ error: friendly }, { status: res.status });
// Include upstream reason for debugging on the client
return NextResponse.json({ error: friendly, debug: reason }, { status: res.status });
}
return NextResponse.json({ ok: true });
}
export async function POST(req: Request) { return handle(req); }
export async function PATCH(req: Request) { return handle(req); }
export async function POST(req: Request) {
return handle(req);
}
export async function PATCH(req: Request) {
return handle(req);
}

30
app/api/account/profile/route.ts
View file

@ -8,10 +8,7 @@ const API = (process.env.NEXT_PUBLIC_API_BASE_URL || "").replace(/\/$/, "");
const bad = (m: string, c = 400) => NextResponse.json({ error: m }, { status: c });
export async function GET() {
// show username (read-only) + editable fields
// allow missing email
try {
// caller is already gated by middleware; no token needed for GET here
return NextResponse.json({ ok: true });
} catch (e: any) {
return bad(e?.message || "Failed to load profile", e?.status || 500);
@ -30,14 +27,11 @@ export async function PATCH(req: Request) {
const cookie = req.headers.get("cookie") || "";
const hasRecentAuth = /(?:^|;\s*)ma_ra=1(?:;|$)/.test(cookie);
if (!hasRecentAuth) {
return NextResponse.json(
{ error: "Re-authentication required" },
{ status: 428 } // Precondition Required
);
return NextResponse.json({ error: "Re-authentication required" }, { status: 428 });
}
}
const payload: any = {};
const payload: Record<string, any> = {};
if (typeof (body as any).first_name === "string")
payload.first_name = (body as any).first_name.trim();
if (typeof (body as any).last_name === "string")
@ -46,9 +40,10 @@ export async function PATCH(req: Request) {
payload.location = (body as any).location.trim();
if ("email" in body) {
const e = String((body as any).email ?? "").trim();
payload.email = e ? e : null; // ← optional! blank clears it
payload.email = e ? e : null; // optional; blank clears it
}
// (password handled by /api/account/password)
if (!Object.keys(payload).length) return bad("No changes");
const r = await fetch(`${API}/users/me`, {
method: "PATCH",
@ -58,6 +53,21 @@ export async function PATCH(req: Request) {
const j = await r.json().catch(() => ({}));
if (!r.ok) return bad(j?.errors?.[0]?.message || "Update failed", r.status);
// Single-use recent-auth: clear ma_ra after sensitive success
if (wantsSensitive) {
const resp = NextResponse.json({ ok: true });
resp.cookies.set({
name: "ma_ra",
value: "",
httpOnly: false,
sameSite: "lax",
secure: process.env.NODE_ENV === "production",
path: "/",
maxAge: 0,
});
return resp;
}
return NextResponse.json({ ok: true });
} catch (e: any) {
return bad(e?.message || "Unexpected error", e?.status || 500);