diff --git a/app/api/account/route.ts b/app/api/account/route.ts index b97d7941..6543d119 100644 --- a/app/api/account/route.ts +++ b/app/api/account/route.ts @@ -1,48 +1,81 @@ // app/api/account/route.ts +export const runtime = "nodejs"; + import { NextResponse } from "next/server"; -import { dxGET } from "@/lib/directus"; import { requireBearer } from "@/app/api/_lib/auth"; const API = (process.env.NEXT_PUBLIC_API_BASE_URL || "").replace(/\/$/, ""); -function bad(msg: string, code = 400) { - return NextResponse.json({ error: msg }, { status: code }); +const bad = (m: string, c = 400) => NextResponse.json({ error: m }, { status: c }); + +/** + * GET: return current user's profile + * shape: { ok: true, user: {...} } or { error } + */ +export async function GET() { + try { + const bearer = requireBearer(); // reads cookie from NextRequest internally + const fields = + "id,username,first_name,last_name,email,location,avatar.id,avatar.filename_download"; + +const res = await fetch(`${API}/users/me?fields=${encodeURIComponent(fields)}`, { + headers: { Authorization: bearer }, + cache: "no-store", +}); + +const j = await res.json().catch(() => ({})); + +if (!res.ok) { + // propagate Directus status (401, 403, etc) instead of throwing + const msg = j?.errors?.[0]?.message || "Failed to load profile"; + return NextResponse.json({ error: msg }, { status: res.status }); } -export async function GET(req: Request) { - try { - const bearer = requireBearer(req); - const fields = encodeURIComponent([ - "id","username","first_name","last_name","email","location","avatar.id","avatar.filename_download","avatar.title" - ].join(",")); - const me = await dxGET(`/users/me?fields=${fields}`, bearer); - return NextResponse.json(me?.data ?? me ?? {}); +return NextResponse.json({ ok: true, user: j?.data ?? j }); } catch (e: any) { - return bad(e?.message || "Failed to load account", e?.status || 500); + // if requireBearer threw due to missing cookie, present 401 cleanly + const status = e?.status === 401 ? 401 : e?.status || 500; + return bad(e?.message || "Unexpected error", status); } } +/** + * PATCH: update current user's editable fields + * accepts any subset of: first_name, last_name, email (optional), location, avatar + */ export async function PATCH(req: Request) { try { const bearer = requireBearer(req); const body = await req.json().catch(() => ({})); const payload: Record = {}; - for (const k of ["first_name","last_name","email","location"]) { - if (k in body) payload[k] = body[k] ?? null; + if (typeof body.first_name === "string") payload.first_name = body.first_name.trim(); + if (typeof body.last_name === "string") payload.last_name = body.last_name.trim(); + if ("email" in body) { + const e = String(body.email ?? "").trim(); + payload.email = e ? e : null; // email optional; blank clears } + if (typeof body.location === "string") payload.location = body.location.trim(); + if (typeof body.avatar === "string") payload.avatar = body.avatar; // file id + if (!Object.keys(payload).length) return bad("No changes"); const res = await fetch(`${API}/users/me`, { method: "PATCH", - headers: { "Content-Type": "application/json", Authorization: bearer }, + headers: { Authorization: bearer, "Content-Type": "application/json" }, body: JSON.stringify(payload), }); - const j = await res.json().catch(() => ({})); - if (!res.ok) return bad(j?.errors?.[0]?.message || "Update failed", res.status); - return NextResponse.json(j?.data ?? j ?? {}); + const j = await res.json().catch(() => ({})); + + if (!res.ok) { + const msg = j?.errors?.[0]?.message || "Update failed"; + return NextResponse.json({ error: msg }, { status: res.status }); + } + + return NextResponse.json({ ok: true }); } catch (e: any) { - return bad(e?.message || "Failed to update account", e?.status || 500); + const status = e?.status === 401 ? 401 : e?.status || 500; + return bad(e?.message || "Unexpected error", status); } }