60 lines
1.6 KiB
TypeScript
60 lines
1.6 KiB
TypeScript
import { NextRequest, NextResponse } from "next/server"
|
|
import { auth } from "@/lib/auth"
|
|
import { prisma } from "@/lib/prisma"
|
|
import { logger } from "@/lib/logger"
|
|
import bcrypt from "bcryptjs"
|
|
import { hashPassword } from "@/lib/utils"
|
|
|
|
// Mark this route as dynamic to prevent build-time data collection
|
|
export const dynamic = "force-dynamic"
|
|
|
|
export async function POST(req: NextRequest) {
|
|
try {
|
|
const session = await auth()
|
|
|
|
if (!session) {
|
|
return NextResponse.json({ error: "Unauthorized" }, { status: 401 })
|
|
}
|
|
|
|
const { currentPassword, newPassword } = await req.json()
|
|
|
|
if (!currentPassword || !newPassword) {
|
|
return NextResponse.json(
|
|
{ error: "Current password and new password are required" },
|
|
{ status: 400 }
|
|
)
|
|
}
|
|
|
|
const user = await prisma.user.findUnique({
|
|
where: { id: session.user.id },
|
|
})
|
|
|
|
if (!user) {
|
|
return NextResponse.json({ error: "User not found" }, { status: 404 })
|
|
}
|
|
|
|
const isValid = await bcrypt.compare(currentPassword, user.passwordHash)
|
|
|
|
if (!isValid) {
|
|
return NextResponse.json({ error: "Current password is incorrect" }, { status: 400 })
|
|
}
|
|
|
|
const newPasswordHash = await hashPassword(newPassword)
|
|
|
|
await prisma.user.update({
|
|
where: { id: session.user.id },
|
|
data: { passwordHash: newPasswordHash },
|
|
})
|
|
|
|
return NextResponse.json({ success: true })
|
|
} catch (error) {
|
|
logger.error("Error changing password", {
|
|
error: error instanceof Error ? error : new Error(String(error)),
|
|
})
|
|
return NextResponse.json(
|
|
{ error: "Internal server error" },
|
|
{ status: 500 }
|
|
)
|
|
}
|
|
}
|