password auth fix for accounts
This commit is contained in:
parent
1f342042c9
commit
3e4c6241f6
1 changed files with 33 additions and 27 deletions
|
|
@ -1,40 +1,46 @@
|
|||
// app/api/account/password/route.ts
|
||||
export const runtime = "nodejs";
|
||||
|
||||
import { NextResponse } from "next/server";
|
||||
import { requireBearer } from "@/app/api/_lib/auth";
|
||||
|
||||
export const runtime = "nodejs";
|
||||
|
||||
const API = (process.env.NEXT_PUBLIC_API_BASE_URL || "").replace(/\/$/, "");
|
||||
const bad = (m: string, c = 400) => NextResponse.json({ error: m }, { status: c });
|
||||
|
||||
function bad(msg: string, code = 400) {
|
||||
return NextResponse.json({ error: msg }, { status: code });
|
||||
}
|
||||
async function handle(req: Request) {
|
||||
const bearer = requireBearer(req);
|
||||
|
||||
export async function POST(req: Request) {
|
||||
try {
|
||||
const bearer = requireBearer(req);
|
||||
const body = await req.json().catch(() => ({}));
|
||||
const body = await req.json().catch(() => ({}));
|
||||
const current =
|
||||
String(body?.current ?? body?.current_password ?? "").trim();
|
||||
const next =
|
||||
String(body?.next ?? body?.new_password ?? "").trim();
|
||||
|
||||
// accept various shapes: {next}, {new_password}, {password}
|
||||
const nextPwd =
|
||||
String(body?.next ?? body?.new_password ?? body?.password ?? "").trim();
|
||||
if (!current || !next) return bad("Missing current and/or new password");
|
||||
if (next.length < 8) return bad("Password must be at least 8 characters");
|
||||
|
||||
if (nextPwd.length < 8) return bad("Password must be at least 8 characters");
|
||||
const res = await fetch(`${API}/users/me`, {
|
||||
method: "PATCH",
|
||||
headers: {
|
||||
Authorization: bearer,
|
||||
"Content-Type": "application/json",
|
||||
},
|
||||
body: JSON.stringify({ password: next, old_password: current }),
|
||||
});
|
||||
|
||||
const res = await fetch(`${API}/users/me`, {
|
||||
method: "PATCH",
|
||||
headers: { Authorization: bearer, "Content-Type": "application/json" },
|
||||
body: JSON.stringify({ password: nextPwd }),
|
||||
});
|
||||
const j = await res.json().catch(() => ({}));
|
||||
|
||||
const j = await res.json().catch(() => ({}));
|
||||
if (!res.ok) {
|
||||
return bad(j?.errors?.[0]?.message || "Password update failed", res.status);
|
||||
}
|
||||
|
||||
// tell the client to re-auth so their token reflects the password change
|
||||
return NextResponse.json({ ok: true, requireReauth: true });
|
||||
} catch (e: any) {
|
||||
return bad(e?.message || "Unexpected error", e?.status || 500);
|
||||
if (!res.ok) {
|
||||
const reason = j?.errors?.[0]?.message || "Password change failed";
|
||||
const friendly = /invalid|credential|old_password|incorrect/i.test(reason)
|
||||
? "Current password is incorrect"
|
||||
: reason;
|
||||
// Propagate upstream status (401/403/400…) so the UI can react.
|
||||
return NextResponse.json({ error: friendly }, { status: res.status });
|
||||
}
|
||||
|
||||
return NextResponse.json({ ok: true });
|
||||
}
|
||||
|
||||
export async function POST(req: Request) { return handle(req); }
|
||||
export async function PATCH(req: Request) { return handle(req); }
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue