74 lines
2.8 KiB
TypeScript
74 lines
2.8 KiB
TypeScript
// app/api/account/password/route.ts
|
|
import { NextResponse } from "next/server";
|
|
import { requireBearer } from "@/app/api/_lib/auth";
|
|
|
|
export const runtime = "nodejs";
|
|
|
|
const API = (process.env.NEXT_PUBLIC_API_BASE_URL || "").replace(/\/$/, "");
|
|
const bad = (m: string, c = 400) => NextResponse.json({ error: m }, { status: c });
|
|
|
|
async function handle(req: Request) {
|
|
const bearer = requireBearer(req);
|
|
|
|
const body = await req.json().catch(() => ({}));
|
|
const current = String(body?.current ?? body?.current_password ?? "").trim();
|
|
const next = String(body?.next ?? body?.new_password ?? "").trim();
|
|
|
|
if (!current || !next) return bad("Missing current and/or new password");
|
|
if (next.length < 8) return bad("Password must be at least 8 characters");
|
|
|
|
// 1) Fetch user provider; block with clear message if not local
|
|
const who = await fetch(`${API}/users/me?fields=id,provider,email`, {
|
|
headers: { Authorization: `Bearer ${bearer}`, Accept: "application/json" },
|
|
cache: "no-store",
|
|
});
|
|
const whoJson = await who.json().catch(() => ({}));
|
|
if (!who.ok) {
|
|
return NextResponse.json(
|
|
{ error: "Could not verify user", debug: whoJson?.errors?.[0]?.message || who.statusText },
|
|
{ status: who.status }
|
|
);
|
|
}
|
|
const provider = whoJson?.data?.provider ?? whoJson?.provider ?? "local";
|
|
if (provider !== "local") {
|
|
return NextResponse.json(
|
|
{ error: "Password managed by external provider", debug: `provider=${provider}` },
|
|
{ status: 400 }
|
|
);
|
|
}
|
|
|
|
// 2) Send both "old_password" and "current_password" for cross-version compatibility
|
|
const payload = { password: next, old_password: current, current_password: current };
|
|
|
|
const res = await fetch(`${API}/users/me`, {
|
|
method: "PATCH",
|
|
headers: {
|
|
Authorization: `Bearer ${bearer}`,
|
|
"Content-Type": "application/json",
|
|
Accept: "application/json",
|
|
},
|
|
body: JSON.stringify(payload),
|
|
});
|
|
|
|
const j = await res.json().catch(() => ({}));
|
|
|
|
if (!res.ok) {
|
|
const reason =
|
|
j?.errors?.[0]?.message ||
|
|
j?.error ||
|
|
(typeof j === "string" ? j : "") ||
|
|
"Password change failed";
|
|
|
|
// Only show the friendly message when it truly looks like a wrong-current-password case.
|
|
const friendly = res.status === 401 && /old_password|current_password|credential|invalid/i.test(reason)
|
|
? "Current password is incorrect"
|
|
: reason;
|
|
|
|
return NextResponse.json({ error: friendly, debug: reason }, { status: res.status });
|
|
}
|
|
|
|
return NextResponse.json({ ok: true });
|
|
}
|
|
|
|
export async function POST(req: Request) { return handle(req); }
|
|
export async function PATCH(req: Request) { return handle(req); }
|