basic user accounts +

app/api/account/avatar/route.ts

@@ -0,0 +1,60 @@
+// app/api/account/avatar/route.ts
+export const runtime = "nodejs";
+
+import { NextResponse } from "next/server";
+import { requireBearer } from "@/app/api/_lib/auth";
+
+const API = (process.env.NEXT_PUBLIC_API_BASE_URL || "").replace(/\/$/, "");
+const AVATAR_FOLDER_ID = process.env.DIRECTUS_AVATAR_FOLDER_ID || "";
+
+function bad(msg: string, code = 400) {
+    return NextResponse.json({ error: msg }, { status: code });
+}
+
+export async function POST(req: Request) {
+    try {
+        if (!AVATAR_FOLDER_ID) {
+            return bad("Server misconfiguration: DIRECTUS_AVATAR_FOLDER_ID is not set", 500);
+        }
+
+        const bearer = requireBearer(req);
+
+        const form = await req.formData();
+        const file = form.get("file");
+        if (!(file instanceof Blob)) return bad("Missing file");
+
+        // Upload directly into the configured avatars folder
+        const up = new FormData();
+        up.set("file", file, (file as any).name || "avatar.bin");
+        up.set("folder", AVATAR_FOLDER_ID);
+
+        const r1 = await fetch(`${API}/files`, {
+            method: "POST",
+            headers: { Authorization: bearer },
+            body: up,
+        });
+        const j1 = await r1.json().catch(() => ({}));
+        if (!r1.ok) {
+            const msg = j1?.errors?.[0]?.message || "Upload failed";
+            return bad(msg, r1.status);
+        }
+        const fileId: string = j1?.data?.id ?? j1?.id;
+
+        // Link file to the current user
+        const r2 = await fetch(`${API}/users/me`, {
+            method: "PATCH",
+            headers: { Authorization: bearer, "Content-Type": "application/json" },
+            body: JSON.stringify({ avatar: fileId }),
+        });
+        const j2 = await r2.json().catch(() => ({}));
+        if (!r2.ok) {
+            const msg = j2?.errors?.[0]?.message || "Link avatar failed";
+            return bad(msg, r2.status);
+        }
+
+        // Respond with the updated avatar reference
+        return NextResponse.json({ ok: true, avatar: j2?.data?.avatar ?? { id: fileId } });
+    } catch (e: any) {
+        return bad(e?.message || "Upload error", e?.status || 500);
+    }
+}

app/api/account/password/route.ts

@@ -0,0 +1,41 @@
+// app/api/account/password/route.ts
+import { NextResponse } from "next/server";
+import { requireBearer } from "@/app/api/_lib/auth";
+
+const API = (process.env.NEXT_PUBLIC_API_BASE_URL || "").replace(/\/$/, "");
+
+function bad(msg: string, code = 400) {
+    return NextResponse.json({ error: msg }, { status: code });
+}
+
+/**
+ * This uses the simplest approach: PATCH /users/me { password: NEW }.
+ * It requires your role to have Update permission on `directus_users` with
+ * filter id = $CURRENT_USER and field permission for `password`.
+ * If your Directus is configured to use a dedicated password endpoint instead,
+ * swap the implementation accordingly.
+ */
+export async function POST(req: Request) {
+    try {
+        const bearer = requireBearer(req);
+        const { current_password, new_password } = await req.json().catch(() => ({}));
+        if (!new_password) return bad("Missing new_password");
+
+        // Optional: you can verify current_password server-side by attempting a login
+        // to your auth endpoint; omitted here to keep it simple.
+
+        const r = await fetch(`${API}/users/me`, {
+            method: "PATCH",
+            headers: { Authorization: bearer, "Content-Type": "application/json" },
+            body: JSON.stringify({ password: new_password }),
+        });
+        const j = await r.json().catch(() => ({}));
+        if (!r.ok) {
+            const msg = j?.errors?.[0]?.message || "Password update failed";
+            return bad(msg, r.status);
+        }
+        return NextResponse.json({ ok: true });
+    } catch (e: any) {
+        return bad(e?.message || "Failed to change password", e?.status || 500);
+    }
+}

app/api/account/route.ts

@@ -0,0 +1,48 @@
+// app/api/account/route.ts
+import { NextResponse } from "next/server";
+import { dxGET } from "@/lib/directus";
+import { requireBearer } from "@/app/api/_lib/auth";
+
+const API = (process.env.NEXT_PUBLIC_API_BASE_URL || "").replace(/\/$/, "");
+
+function bad(msg: string, code = 400) {
+    return NextResponse.json({ error: msg }, { status: code });
+}
+
+export async function GET(req: Request) {
+    try {
+        const bearer = requireBearer(req);
+        const fields = encodeURIComponent([
+            "id","username","first_name","last_name","email","location","avatar.id","avatar.filename_download","avatar.title"
+        ].join(","));
+        const me = await dxGET<any>(`/users/me?fields=${fields}`, bearer);
+        return NextResponse.json(me?.data ?? me ?? {});
+    } catch (e: any) {
+        return bad(e?.message || "Failed to load account", e?.status || 500);
+    }
+}
+
+export async function PATCH(req: Request) {
+    try {
+        const bearer = requireBearer(req);
+        const body = await req.json().catch(() => ({}));
+
+        const payload: Record<string, any> = {};
+        for (const k of ["first_name","last_name","email","location"]) {
+            if (k in body) payload[k] = body[k] ?? null;
+        }
+        if (!Object.keys(payload).length) return bad("No changes");
+
+        const res = await fetch(`${API}/users/me`, {
+            method: "PATCH",
+            headers: { "Content-Type": "application/json", Authorization: bearer },
+            body: JSON.stringify(payload),
+        });
+        const j = await res.json().catch(() => ({}));
+        if (!res.ok) return bad(j?.errors?.[0]?.message || "Update failed", res.status);
+
+        return NextResponse.json(j?.data ?? j ?? {});
+    } catch (e: any) {
+        return bad(e?.message || "Failed to update account", e?.status || 500);
+    }
+}