registration token update

app/api/auth/register/route.ts

@@ -6,8 +6,17 @@ export const runtime = "nodejs";
 
 // Base URL (no trailing slash)
 const API = (process.env.NEXT_PUBLIC_API_BASE_URL || process.env.DIRECTUS_URL || "").replace(/\/$/, "");
-// Service token to create users / read roles
-const SERVICE_TOKEN = process.env.DIRECTUS_SERVICE_TOKEN || process.env.DIRECTUS_STATIC_TOKEN || "";
+
+/**
+ * Accept either:
+ * - DIRECTUS_SERVICE_TOKEN (generic name), or
+ * - DIRECTUS_TOKEN_ADMIN_REGISTER (your current env)
+ */
+const SERVICE_TOKEN =
+process.env.DIRECTUS_SERVICE_TOKEN ||
+process.env.DIRECTUS_TOKEN_ADMIN_REGISTER ||
+"";
+
 // Auto login right after signup (default: true)
 const AUTO_LOGIN = (process.env.SIGNUP_AUTO_LOGIN ?? "1") !== "0";
 const secure = process.env.NODE_ENV === "production";
@@ -19,7 +28,7 @@ function bad(message: string, status = 400, extra: Record<string, any> = {}) {
 // Resolve the role id for the role named **Users**. No fallbacks.
 async function getUsersRoleId(): Promise<string> {
     if (!API) throw new Error("DIRECTUS_URL / NEXT_PUBLIC_API_BASE_URL is not set");
-    if (!SERVICE_TOKEN) throw new Error("DIRECTUS_SERVICE_TOKEN is not set");
+    if (!SERVICE_TOKEN) throw new Error("DIRECTUS_SERVICE_TOKEN / DIRECTUS_TOKEN_ADMIN_REGISTER is not set");
 
     const r = await fetch(`${API}/roles?filter[name][_eq]=Users&fields=id,name&limit=1`, {
         headers: { Authorization: `Bearer ${SERVICE_TOKEN}`, Accept: "application/json" },
@@ -32,19 +41,21 @@ async function getUsersRoleId(): Promise<string> {
     }
     const id = j?.data?.[0]?.id ?? j?.[0]?.id;
     if (!id) {
-        throw new Error('Role "Users" not found. Create it in Directus or set DIRECTUS_SERVICE_TOKEN correctly.');
+        throw new Error('Role "Users" not found. Create it in Directus or check the service token permissions.');
     }
     return String(id);
 }
 
 export async function POST(req: Request) {
     try {
-        if (!API) return bad("Server misconfiguration: DIRECTUS_URL / NEXT_PUBLIC_API_BASE_URL is not set", 500);
+        if (!API) {
+            return bad("Server misconfiguration: DIRECTUS_URL / NEXT_PUBLIC_API_BASE_URL is not set", 500);
+        }
         if (!SERVICE_TOKEN) {
             return bad(
-                "Server misconfiguration: DIRECTUS_SERVICE_TOKEN is not set",
+                "Server misconfiguration: DIRECTUS_SERVICE_TOKEN / DIRECTUS_TOKEN_ADMIN_REGISTER is not set",
                 500,
-                { hint: "Create a service/static token in Directus Admin and set DIRECTUS_SERVICE_TOKEN." }
+                { hint: "Set DIRECTUS_TOKEN_ADMIN_REGISTER=<token> (or DIRECTUS_SERVICE_TOKEN) and restart the server." }
             );
         }
 
@@ -63,7 +74,7 @@ export async function POST(req: Request) {
 
         // Create the user in Directus using service token
         const createPayload: Record<string, any> = {
-            status: "active",   // change to "pending" if you want a verification flow
+            status: "active",   // change to "pending" to require email verification
             role: roleId,
             username,
             password,
@@ -101,7 +112,6 @@ export async function POST(req: Request) {
         // Optional auto-login after signup
         if (AUTO_LOGIN && (email || username)) {
             try {
-                // Prefer email when available; otherwise attempt username if your Directus login allows it
                 const identifier = email || username;
                 const auth = await loginDirectus(identifier, password);
                 const access = auth?.access_token ?? auth?.data?.access_token;