diff --git a/src/app/api/observatories/route.ts b/src/app/api/observatories/route.ts index d7c773c..6f5385d 100644 --- a/src/app/api/observatories/route.ts +++ b/src/app/api/observatories/route.ts @@ -4,7 +4,6 @@ import { prisma } from "@utils/prisma"; export async function GET(request: Request) { try { - // todo get earthquakes associated with observatories const observatories = await prisma.observatory.findMany(); if (observatories) { diff --git a/src/app/api/signup/route.ts b/src/app/api/signup/route.ts index a70c466..52ca7a1 100644 --- a/src/app/api/signup/route.ts +++ b/src/app/api/signup/route.ts @@ -5,26 +5,15 @@ import { NextResponse } from "next/server"; import { env } from "@utils/env"; import { prisma } from "@utils/prisma"; -import { findUserByEmail, passwordStrengthCheck, readUserCsv, User, writeUserCsv } from "../functions/csvReadWrite"; - -// todo check if orders contain email and link if order previously made with email +import { passwordStrengthCheck } from "@utils/validation"; export async function POST(req: Request) { try { - const { email, password, name } = await req.json(); // Parse incoming JSON data - const accessLevel = "basic"; - - const userData = await readUserCsv(); - - // todo remove console logs - console.log(userData); - console.log("Name:", name); // ! remove - console.log("Email:", email); // ! remove - console.log("Password:", password); // ! remove + const { email, password, name } = await req.json(); const foundUser = await prisma.user.findUnique({ where: { - email: email, // use the email to uniquely identify the user + email: email, }, }); @@ -50,25 +39,50 @@ export async function POST(req: Request) { return NextResponse.json({ message: "Password check script failure" }, { status: 500 }); } else { try { - const passwordHash = await bcryptjs.hash(password, 10); - // todo add sending back user - const user = await prisma.user.create({ + const newUser = await prisma.user.create({ data: { name, email, - passwordHash, + passwordHash: await bcryptjs.hash(password, 10), }, }); - await writeUserCsv(userData); + // Link orders with matching email to the new user + await prisma.order.updateMany({ + where: { + email: email, + userId: null, // Only update orders not already linked to a user + }, + data: { + userId: newUser.id, + }, + }); + + const user = await prisma.user.findUnique({ + where: { id: newUser.id }, + include: { + earthquakes: true, + observatories: true, + artefacts: true, + purchasedOrders: true, + requests: true, + scientist: { + include: { + superior: true, + subordinates: true, + }, + }, + }, + }); + const { passwordHash, ...userSansHash } = user!; const secret = new TextEncoder().encode(env.JWT_SECRET_KEY); - const token = await new SignJWT({ userId: user.id }) + const token = await new SignJWT({ userId: user!.id }) .setProtectedHeader({ alg: "HS256" }) .setExpirationTime("2w") .sign(secret); - const response = NextResponse.json({ message: "Account Created" }, { status: 201 }); + const response = NextResponse.json({ message: "Account Created", user: userSansHash }, { status: 201 }); response.cookies.set("jwt", token, { httpOnly: true, secure: process.env.NODE_ENV === "production", @@ -78,7 +92,7 @@ export async function POST(req: Request) { }); return response; } catch (error) { - console.error("Error in writting :", error); + console.error("Error creating user:", error); return NextResponse.json({ message: "Internal Server Error" }, { status: 500 }); } } diff --git a/src/utils/validation.ts b/src/utils/validation.ts new file mode 100644 index 0000000..4c8c9aa --- /dev/null +++ b/src/utils/validation.ts @@ -0,0 +1,23 @@ +export async function passwordStrengthCheck(password: string): Promise { + if (password.length < 8) { + return "short"; + } else if (password.length > 16) { + return "long"; + } + const lowercaseRegex = /[a-z]/; + const uppercaseRegex = /[A-Z]/; + const digitRegex = /\d/; + const specialCharRegex = /[!@#$%^&*]/; + if (!lowercaseRegex.test(password)) { + return "no lower"; + } else if (!uppercaseRegex.test(password)) { + return "no upper"; + } else if (!digitRegex.test(password)) { + return "no digit"; + } else if (!specialCharRegex.test(password)) { + return "no special"; + } else { + return "secure"; + } + return "end of function"; +}