DHBW-WE/MeetUp
5
0
Fork 0
Code Issues 7 Pull requests 10 Projects 1 Releases 5 Packages 1 Wiki Activity Actions

feat(api): add user info GET endpoint and blocklist usernames

Browse source
This commit is contained in:
Dominik 2025-06-12 19:00:57 +02:00
parent a6b2eae785
commit cc1120355a
Signed by: dominik
GPG key ID: 06A4003FC5049644
5 changed files with 110 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

21
src/app/api/user/me/route.ts
View file

@ -6,6 +6,7 @@ import {
userFirstNameSchema,
userNameSchema,
userLastNameSchema,
disallowedUsernames,
} from '@/lib/validation/user';
/**
@ -155,6 +156,16 @@ export const PUT = auth(async function PUT(req) {
{ status: 400 },
);
}
// Check if the name already exists for another user
const existingUser = await prisma.user.findUnique({
where: { name },
});
if ((existingUser && existingUser.id !== req.auth.user.id) || disallowedUsernames.includes(name.toLowerCase())) {
return NextResponse.json(
{ message: 'Username in use by another account' },
{ status: 400 },
);
}
updateData.name = name;
}
if (first_name) {
@ -185,6 +196,16 @@ export const PUT = auth(async function PUT(req) {
{ status: 400 },
);
}
// Check if the email already exists for another user
const existingUser = await prisma.user.findUnique({
where: { email },
});
if (existingUser && existingUser.id !== req.auth.user.id) {
return NextResponse.json(
{ message: 'Email in use by another account' },
{ status: 400 },
);
}
updateData.email = email;
}
if (image) {