first commit

2025-11-24 16:30:37 +00:00
commit 843e93a274
114 changed files with 25585 additions and 0 deletions
--- a/app/api/auth/reset-password/route.ts
+++ b/app/api/auth/reset-password/route.ts
@@ -0,0 +1,106 @@
+import { NextResponse } from 'next/server';
+import { userDb } from '@/lib/db';
+import { passwordResetDb } from '@/lib/password-reset-db';
+import bcrypt from 'bcryptjs';
+
+/**
+ * POST /api/auth/reset-password
+ * Reset password with token
+ */
+export async function POST(request: Request) {
+  try {
+    const body = await request.json();
+    const { token, newPassword } = body;
+
+    if (!token || !newPassword) {
+      return NextResponse.json(
+        { error: 'Token and new password are required' },
+        { status: 400 }
+      );
+    }
+
+    // Password validation
+    if (newPassword.length < 6) {
+      return NextResponse.json(
+        { error: 'Password must be at least 6 characters' },
+        { status: 400 }
+      );
+    }
+
+    // Validate token
+    if (!passwordResetDb.isValid(token)) {
+      return NextResponse.json(
+        { error: 'Invalid or expired reset token' },
+        { status: 400 }
+      );
+    }
+
+    // Get token details
+    const resetToken = passwordResetDb.findByToken(token);
+    if (!resetToken) {
+      return NextResponse.json(
+        { error: 'Invalid reset token' },
+        { status: 400 }
+      );
+    }
+
+    // Get user
+    const user = userDb.findById(resetToken.user_id);
+    if (!user) {
+      return NextResponse.json(
+        { error: 'User not found' },
+        { status: 404 }
+      );
+    }
+
+    // Hash new password
+    const passwordHash = await bcrypt.hash(newPassword, 10);
+
+    // Update user password
+    userDb.update(user.id, { passwordHash });
+
+    // Mark token as used
+    passwordResetDb.markUsed(token);
+
+    console.log('[ResetPassword] Password reset successful for user:', user.username);
+
+    return NextResponse.json({
+      success: true,
+      message: 'Password has been reset successfully',
+    });
+  } catch (error) {
+    console.error('[ResetPassword] Error:', error);
+    return NextResponse.json(
+      { error: 'Failed to reset password' },
+      { status: 500 }
+    );
+  }
+}
+
+/**
+ * GET /api/auth/reset-password?token=xxx
+ * Validate reset token (for checking if link is still valid)
+ */
+export async function GET(request: Request) {
+  try {
+    const { searchParams } = new URL(request.url);
+    const token = searchParams.get('token');
+
+    if (!token) {
+      return NextResponse.json(
+        { error: 'Token is required' },
+        { status: 400 }
+      );
+    }
+
+    const isValid = passwordResetDb.isValid(token);
+
+    return NextResponse.json({ valid: isValid });
+  } catch (error) {
+    console.error('[ResetPassword] Validation error:', error);
+    return NextResponse.json(
+      { error: 'Failed to validate token' },
+      { status: 500 }
+    );
+  }
+}