// app/app/api/auth/register/route.ts import { NextRequest, NextResponse } from "next/server"; const BASE = process.env.DIRECTUS_URL!; const ADMIN_TOKEN = process.env.DIRECTUS_TOKEN_ADMIN_REGISTER!; const MEMBER_ROLE_ID = process.env.DIRECTUS_ROLE_MEMBER_ID || ""; // optional override if (!BASE) console.warn("[auth/register] Missing DIRECTUS_URL"); if (!ADMIN_TOKEN) console.warn("[auth/register] Missing DIRECTUS_TOKEN_ADMIN_REGISTER"); type DirectusList = { data: T[] }; type DirectusItem = { data: T }; async function dFetch(path: string, init?: RequestInit): Promise { const res = await fetch(`${BASE}${path}`, { ...init, headers: { "Accept": "application/json", "Content-Type": "application/json", "Authorization": `Bearer ${ADMIN_TOKEN}`, ...(init?.headers || {}), }, }); const text = await res.text(); const json = text ? JSON.parse(text) : null; if (!res.ok) { throw new Error(`Directus ${res.status}: ${text || res.statusText}`); } return (json ?? {}) as T; } async function getMemberRoleId(): Promise { if (MEMBER_ROLE_ID) return MEMBER_ROLE_ID; const q = `/roles?limit=1&filter[name][_in]=Member,member&fields=id,name`; const out = await dFetch>(q); const hit = out.data?.[0]; if (!hit?.id) throw new Error("Member role not found. Set DIRECTUS_ROLE_MEMBER_ID."); return String(hit.id); } async function usernameExists(username: string): Promise { const q = `/users?limit=1&filter[username][_eq]=${encodeURIComponent(username)}&fields=id`; const out = await dFetch>(q); return !!out.data?.length; } async function emailExists(email: string): Promise { const q = `/users?limit=1&filter[email][_eq]=${encodeURIComponent(email)}&fields=id`; const out = await dFetch>(q); return !!out.data?.length; } function isEmailLike(s: string) { return /^[^@\s]+@[^@\s]+\.[^@\s]+$/.test(s); } export async function POST(req: NextRequest) { try { const body = await req.json().catch(() => ({})); const rawUsername: string = (body?.username ?? "").trim(); const rawPassword: string = (body?.password ?? "").trim(); const rawEmail: string = String(body?.email ?? "").trim(); if (!rawUsername || rawUsername.length < 3) { return NextResponse.json({ error: "Username must be at least 3 characters." }, { status: 400 }); } if (!rawPassword || rawPassword.length < 8) { return NextResponse.json({ error: "Password must be at least 8 characters." }, { status: 400 }); } if (rawEmail && !isEmailLike(rawEmail)) { return NextResponse.json({ error: "Email format is invalid." }, { status: 400 }); } if (await usernameExists(rawUsername)) { return NextResponse.json({ error: "Username is already taken." }, { status: 409 }); } // If no email provided, synthesize a placeholder that’s unique. let email = rawEmail; if (!email) { const base = `${rawUsername.toLowerCase()}+noemail@users.makearmy.local`; let candidate = base; let i = 1; while (await emailExists(candidate)) { i += 1; candidate = `${rawUsername.toLowerCase()}+noemail${i}@users.makearmy.local`; } email = candidate; } else { if (await emailExists(email)) { return NextResponse.json({ error: "Email already in use." }, { status: 409 }); } } const role = await getMemberRoleId(); // Create the user (status active to allow immediate login) const create = await dFetch>(`/users`, { method: "POST", body: JSON.stringify({ email, password: rawPassword, role, status: "active", // Add custom field username on directus_users (unique) username: rawUsername, }), }); return NextResponse.json({ ok: true, id: create.data.id, warning: rawEmail ? null : "No email provided. You won't be able to reset your password until you add one." }); } catch (err: any) { return NextResponse.json({ error: err?.message || "Register failed" }, { status: 500 }); } }