directus permissions fixes and rig_type addition

app/api/auth/login/route.ts

@@ -3,68 +3,71 @@ import { NextRequest, NextResponse } from "next/server";
 import { setAuthCookies } from "@/lib/auth-cookies";
 
 const BASE = process.env.DIRECTUS_URL!;
-if (!BASE) console.warn("[auth/login] Missing DIRECTUS_URL");
+const ADMIN_TOKEN = process.env.DIRECTUS_TOKEN_ADMIN_REGISTER || "";
 
-async function jsonSafe(res: Response) {
-    const text = await res.text();
-    try { return { json: text ? JSON.parse(text) : null, text }; }
-    catch { return { json: null as any, text }; }
+async function findEmailForIdentifier(identifier: string): Promise<string | null> {
+    const id = (identifier || "").trim();
+    if (!id) return null;
+
+    // If it's an email, we're done.
+    if (id.includes("@")) return id;
+
+    // Otherwise look up by username using the admin/registration token.
+    if (!ADMIN_TOKEN) return null;
+
+    const res = await fetch(
+        `${BASE}/users?filter[username][_eq]=${encodeURIComponent(id)}&fields=id,email,username&limit=1`,
+                            { headers: { Authorization: `Bearer ${ADMIN_TOKEN}`, Accept: "application/json" } }
+    );
+
+    const json: any = await res.json().catch(() => null);
+    return json?.data?.[0]?.email ?? null;
 }
 
 export async function POST(req: NextRequest) {
     try {
-        const body = await req.json().catch(() => ({}));
-        const identity: string = (body.identity || body.usernameOrEmail || "").trim();
-        const password: string = String(body.password || "");
+        const body = await req.json();
+        const identifier = (body?.identifier ?? body?.email ?? "").trim();
+        const password = body?.password ?? "";
 
-        if (!identity || !password) {
-            return NextResponse.json({ error: "Missing identity or password" }, { status: 400 });
+        if (!identifier || !password) {
+            return NextResponse.json({ error: "Missing credentials" }, { status: 400 });
         }
 
-        // Directus login (username OR email works via "email" field for both)
+        const email = await findEmailForIdentifier(identifier);
+        if (!email) {
+            return NextResponse.json({ error: "Account not found" }, { status: 401 });
+        }
+
+        // Login to Directus
         const loginRes = await fetch(`${BASE}/auth/login`, {
             method: "POST",
             headers: { "Content-Type": "application/json", Accept: "application/json" },
-            body: JSON.stringify({ email: identity, password }),
+            body: JSON.stringify({ email, password }),
         });
-        const { json: loginJson, text: loginText } = await jsonSafe(loginRes);
+        const loginJson: any = await loginRes.json().catch(() => null);
         if (!loginRes.ok) {
-            const msg =
-            loginJson?.errors?.[0]?.message ||
-            loginJson?.message ||
-            `Directus login failed: ${loginRes.status} ${loginRes.statusText}`;
-            return NextResponse.json({ error: msg }, { status: 401 });
+            const msg = loginJson?.errors?.[0]?.message || loginRes.statusText;
+            return NextResponse.json({ error: msg }, { status: loginRes.status });
         }
 
-        const access = loginJson?.data?.access_token || loginJson?.access_token;
-        const refresh = loginJson?.data?.refresh_token || loginJson?.refresh_token;
-        if (!access || !refresh) {
-            return NextResponse.json(
-                { error: `No tokens returned from Directus: ${loginText?.slice(0, 200) || "<empty>"}` },
-                                     { status: 500 }
-            );
+        const tokens = loginJson?.data ?? loginJson ?? {};
+        const access = tokens.access_token;
+        const refresh = tokens.refresh_token;
+        if (!access) {
+            return NextResponse.json({ error: "Login failed (no token)" }, { status: 500 });
         }
 
-        // Fetch user profile
-        const meRes = await fetch(`${BASE}/users/me`, {
+        // Fetch user profile for the client
+        const meRes = await fetch(`${BASE}/users/me?fields=id,email,username`, {
             headers: { Authorization: `Bearer ${access}`, Accept: "application/json" },
-            cache: "no-store",
         });
-        const { json: meJson } = await jsonSafe(meRes);
-        if (!meRes.ok) {
-            return NextResponse.json(
-                { error: meJson?.errors?.[0]?.message || "Failed to fetch user" },
-                { status: 500 }
-            );
-        }
-        const user = {
-            id: String(meJson?.data?.id ?? ""),
-            email: String(meJson?.data?.email ?? ""),
-            username: String(meJson?.data?.username ?? ""),
-        };
+        const meJson: any = await meRes.json().catch(() => null);
+        const user = (meJson?.data ?? meJson) || {};
 
         let res = NextResponse.json({ ok: true, user });
-        res = setAuthCookies(res, { access_token: access, refresh_token: refresh }, user);
+        // Persist auth cookies expected by the rest of the app
+        res = setAuthCookies(res as any, { access_token: access, refresh_token: refresh } as any, user);
         return res;
     } catch (err: any) {
         return NextResponse.json({ error: err?.message || "Login error" }, { status: 500 });