blob: 9972fb5b16ce84aeae2736cd3fbe8d914d874dc5 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
|
import { NextRequest, NextResponse } from "next/server"
import { getServerSession } from "next-auth/next"
import bcrypt from "bcryptjs"
import dbConnect from "@/lib/mongodb"
import User from "@/model/User"
import { authOptions } from "@/lib/auth"
import { updatePasswordSchema } from "@/lib/validation"
export async function PATCH(request: NextRequest) {
try {
const session = await getServerSession(authOptions)
if (!session?.user?.id) {
return NextResponse.json(
{ error: "Unauthorized" },
{ status: 401 }
)
}
const body = await request.json()
const result = updatePasswordSchema.safeParse(body)
if (!result.success) {
return NextResponse.json(
{ error: "Validation failed", details: result.error.errors },
{ status: 400 }
)
}
const { currentPassword, newPassword } = result.data
await dbConnect()
// Get user with current password
const user = await User.findById(session.user.id)
if (!user) {
return NextResponse.json(
{ error: "User not found" },
{ status: 404 }
)
}
// Verify current password
const isCurrentPasswordValid = await bcrypt.compare(currentPassword, user.password)
if (!isCurrentPasswordValid) {
return NextResponse.json(
{ error: "Current password is incorrect" },
{ status: 400 }
)
}
// Hash new password
const hashedNewPassword = await bcrypt.hash(newPassword, 12)
// Update password
await User.findByIdAndUpdate(
session.user.id,
{ password: hashedNewPassword }
)
return NextResponse.json({
message: "Password updated successfully"
})
} catch (error) {
console.error("Password update error:", error)
return NextResponse.json(
{ error: "Internal server error" },
{ status: 500 }
)
}
}
|
