feat(api): add user search endpoint and normalize response data and validation

This commit is contained in:
Dominik 2025-06-17 21:46:38 +02:00
parent 60c99e0650
commit df4e4e72c1
Signed by: dominik
GPG key ID: 06A4003FC5049644
14 changed files with 574 additions and 368 deletions

View file

@ -6,8 +6,17 @@ import {
userFirstNameSchema,
userNameSchema,
userLastNameSchema,
disallowedUsernames,
} from '@/lib/validation/user';
import { z } from 'zod/v4';
const patchUserMeSchema = z.object({
name: userNameSchema.optional(),
first_name: userFirstNameSchema.optional(),
last_name: userLastNameSchema.optional(),
email: userEmailSchema.optional(),
image: z.string().optional(),
timezone: z.string().optional(),
});
/**
* @swagger
@ -65,6 +74,17 @@ export const GET = auth(async function GET(req) {
where: {
id: req.auth.user.id,
},
select: {
id: true,
name: true,
first_name: true,
last_name: true,
email: true,
image: true,
timezone: true,
created_at: true,
updated_at: true,
},
});
if (!dbUser)
return NextResponse.json(
@ -77,8 +97,6 @@ export const GET = auth(async function GET(req) {
success: true,
user: {
...dbUser,
password_hash: undefined, // Exclude sensitive information
email_verified: undefined, // Exclude sensitive information
},
},
{ status: 200 },
@ -171,91 +189,42 @@ export const PATCH = auth(async function PATCH(req) {
{ status: 404 },
);
const body = await req.json();
const { name, first_name, last_name, email, image, timezone } = body;
if (!name && !first_name && !last_name && !email && !image && !timezone)
const dataRaw = await req.json();
const data = await patchUserMeSchema.safeParseAsync(dataRaw);
if (!data.success) {
return NextResponse.json(
{ success: false, message: 'No fields to update' },
{
success: false,
message: 'Invalid request data',
errors: data.error.issues,
},
{ status: 400 },
);
const updateData: Record<string, string> = {};
if (name) {
const nameValidation = userNameSchema.safeParse(name);
if (!nameValidation.success) {
return NextResponse.json(
{ success: false, message: nameValidation.error.errors[0].message },
{ status: 400 },
);
}
// Check if the name already exists for another user
const existingUser = await prisma.user.findUnique({
where: { name },
});
if (
(existingUser && existingUser.id !== req.auth.user.id) ||
disallowedUsernames.includes(name.toLowerCase())
) {
return NextResponse.json(
{ success: false, message: 'Username in use by another account' },
{ status: 400 },
);
}
updateData.name = name;
}
if (first_name) {
const firstNameValidation = userFirstNameSchema.safeParse(first_name);
if (!firstNameValidation.success) {
return NextResponse.json(
{
success: false,
message: firstNameValidation.error.errors[0].message,
},
{ status: 400 },
);
}
updateData.first_name = first_name;
}
if (last_name) {
const lastNameValidation = userLastNameSchema.safeParse(last_name);
if (!lastNameValidation.success) {
return NextResponse.json(
{ success: false, message: lastNameValidation.error.errors[0].message },
{ status: 400 },
);
}
updateData.last_name = last_name;
}
if (email) {
const emailValidation = userEmailSchema.safeParse(email);
if (!emailValidation.success) {
return NextResponse.json(
{ success: false, message: emailValidation.error.errors[0].message },
{ status: 400 },
);
}
// Check if the email already exists for another user
const existingUser = await prisma.user.findUnique({
where: { email },
});
if (existingUser && existingUser.id !== req.auth.user.id) {
return NextResponse.json(
{ success: false, message: 'Email in use by another account' },
{ status: 400 },
);
}
updateData.email = email;
}
if (image) {
updateData.image = image;
}
if (timezone) {
updateData.timezone = timezone;
}
const { name, first_name, last_name, email, image, timezone } = data.data;
const updatedUser = await prisma.user.update({
where: {
id: req.auth.user.id,
},
data: updateData,
data: {
name,
first_name,
last_name,
email,
image,
timezone,
},
select: {
id: true,
name: true,
first_name: true,
last_name: true,
email: true,
image: true,
timezone: true,
created_at: true,
updated_at: true,
},
});
if (!updatedUser)
return NextResponse.json(
@ -265,11 +234,7 @@ export const PATCH = auth(async function PATCH(req) {
return NextResponse.json(
{
success: true,
user: {
...updatedUser,
password_hash: undefined, // Exclude sensitive information
email_verified: undefined, // Exclude sensitive information
},
user: updatedUser,
},
{ status: 200 },
);