password auth fix for accounts
This commit is contained in:
parent
1f342042c9
commit
3e4c6241f6
1 changed files with 33 additions and 27 deletions
|
|
@ -1,40 +1,46 @@
|
||||||
// app/api/account/password/route.ts
|
// app/api/account/password/route.ts
|
||||||
export const runtime = "nodejs";
|
|
||||||
|
|
||||||
import { NextResponse } from "next/server";
|
import { NextResponse } from "next/server";
|
||||||
import { requireBearer } from "@/app/api/_lib/auth";
|
import { requireBearer } from "@/app/api/_lib/auth";
|
||||||
|
|
||||||
|
export const runtime = "nodejs";
|
||||||
|
|
||||||
const API = (process.env.NEXT_PUBLIC_API_BASE_URL || "").replace(/\/$/, "");
|
const API = (process.env.NEXT_PUBLIC_API_BASE_URL || "").replace(/\/$/, "");
|
||||||
|
const bad = (m: string, c = 400) => NextResponse.json({ error: m }, { status: c });
|
||||||
|
|
||||||
function bad(msg: string, code = 400) {
|
async function handle(req: Request) {
|
||||||
return NextResponse.json({ error: msg }, { status: code });
|
const bearer = requireBearer(req);
|
||||||
}
|
|
||||||
|
|
||||||
export async function POST(req: Request) {
|
const body = await req.json().catch(() => ({}));
|
||||||
try {
|
const current =
|
||||||
const bearer = requireBearer(req);
|
String(body?.current ?? body?.current_password ?? "").trim();
|
||||||
const body = await req.json().catch(() => ({}));
|
const next =
|
||||||
|
String(body?.next ?? body?.new_password ?? "").trim();
|
||||||
|
|
||||||
// accept various shapes: {next}, {new_password}, {password}
|
if (!current || !next) return bad("Missing current and/or new password");
|
||||||
const nextPwd =
|
if (next.length < 8) return bad("Password must be at least 8 characters");
|
||||||
String(body?.next ?? body?.new_password ?? body?.password ?? "").trim();
|
|
||||||
|
|
||||||
if (nextPwd.length < 8) return bad("Password must be at least 8 characters");
|
const res = await fetch(`${API}/users/me`, {
|
||||||
|
method: "PATCH",
|
||||||
|
headers: {
|
||||||
|
Authorization: bearer,
|
||||||
|
"Content-Type": "application/json",
|
||||||
|
},
|
||||||
|
body: JSON.stringify({ password: next, old_password: current }),
|
||||||
|
});
|
||||||
|
|
||||||
const res = await fetch(`${API}/users/me`, {
|
const j = await res.json().catch(() => ({}));
|
||||||
method: "PATCH",
|
|
||||||
headers: { Authorization: bearer, "Content-Type": "application/json" },
|
|
||||||
body: JSON.stringify({ password: nextPwd }),
|
|
||||||
});
|
|
||||||
|
|
||||||
const j = await res.json().catch(() => ({}));
|
if (!res.ok) {
|
||||||
if (!res.ok) {
|
const reason = j?.errors?.[0]?.message || "Password change failed";
|
||||||
return bad(j?.errors?.[0]?.message || "Password update failed", res.status);
|
const friendly = /invalid|credential|old_password|incorrect/i.test(reason)
|
||||||
}
|
? "Current password is incorrect"
|
||||||
|
: reason;
|
||||||
// tell the client to re-auth so their token reflects the password change
|
// Propagate upstream status (401/403/400…) so the UI can react.
|
||||||
return NextResponse.json({ ok: true, requireReauth: true });
|
return NextResponse.json({ error: friendly }, { status: res.status });
|
||||||
} catch (e: any) {
|
|
||||||
return bad(e?.message || "Unexpected error", e?.status || 500);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
return NextResponse.json({ ok: true });
|
||||||
}
|
}
|
||||||
|
|
||||||
|
export async function POST(req: Request) { return handle(req); }
|
||||||
|
export async function PATCH(req: Request) { return handle(req); }
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue