feat(api): add user search endpoint and normalize response data and validation
This commit is contained in:
parent
60c99e0650
commit
df4e4e72c1
14 changed files with 574 additions and 368 deletions
|
@ -6,8 +6,17 @@ import {
|
|||
userFirstNameSchema,
|
||||
userNameSchema,
|
||||
userLastNameSchema,
|
||||
disallowedUsernames,
|
||||
} from '@/lib/validation/user';
|
||||
import { z } from 'zod/v4';
|
||||
|
||||
const patchUserMeSchema = z.object({
|
||||
name: userNameSchema.optional(),
|
||||
first_name: userFirstNameSchema.optional(),
|
||||
last_name: userLastNameSchema.optional(),
|
||||
email: userEmailSchema.optional(),
|
||||
image: z.string().optional(),
|
||||
timezone: z.string().optional(),
|
||||
});
|
||||
|
||||
/**
|
||||
* @swagger
|
||||
|
@ -65,6 +74,17 @@ export const GET = auth(async function GET(req) {
|
|||
where: {
|
||||
id: req.auth.user.id,
|
||||
},
|
||||
select: {
|
||||
id: true,
|
||||
name: true,
|
||||
first_name: true,
|
||||
last_name: true,
|
||||
email: true,
|
||||
image: true,
|
||||
timezone: true,
|
||||
created_at: true,
|
||||
updated_at: true,
|
||||
},
|
||||
});
|
||||
if (!dbUser)
|
||||
return NextResponse.json(
|
||||
|
@ -77,8 +97,6 @@ export const GET = auth(async function GET(req) {
|
|||
success: true,
|
||||
user: {
|
||||
...dbUser,
|
||||
password_hash: undefined, // Exclude sensitive information
|
||||
email_verified: undefined, // Exclude sensitive information
|
||||
},
|
||||
},
|
||||
{ status: 200 },
|
||||
|
@ -171,91 +189,42 @@ export const PATCH = auth(async function PATCH(req) {
|
|||
{ status: 404 },
|
||||
);
|
||||
|
||||
const body = await req.json();
|
||||
const { name, first_name, last_name, email, image, timezone } = body;
|
||||
if (!name && !first_name && !last_name && !email && !image && !timezone)
|
||||
const dataRaw = await req.json();
|
||||
const data = await patchUserMeSchema.safeParseAsync(dataRaw);
|
||||
if (!data.success) {
|
||||
return NextResponse.json(
|
||||
{ success: false, message: 'No fields to update' },
|
||||
{
|
||||
success: false,
|
||||
message: 'Invalid request data',
|
||||
errors: data.error.issues,
|
||||
},
|
||||
{ status: 400 },
|
||||
);
|
||||
const updateData: Record<string, string> = {};
|
||||
if (name) {
|
||||
const nameValidation = userNameSchema.safeParse(name);
|
||||
if (!nameValidation.success) {
|
||||
return NextResponse.json(
|
||||
{ success: false, message: nameValidation.error.errors[0].message },
|
||||
{ status: 400 },
|
||||
);
|
||||
}
|
||||
// Check if the name already exists for another user
|
||||
const existingUser = await prisma.user.findUnique({
|
||||
where: { name },
|
||||
});
|
||||
if (
|
||||
(existingUser && existingUser.id !== req.auth.user.id) ||
|
||||
disallowedUsernames.includes(name.toLowerCase())
|
||||
) {
|
||||
return NextResponse.json(
|
||||
{ success: false, message: 'Username in use by another account' },
|
||||
{ status: 400 },
|
||||
);
|
||||
}
|
||||
updateData.name = name;
|
||||
}
|
||||
if (first_name) {
|
||||
const firstNameValidation = userFirstNameSchema.safeParse(first_name);
|
||||
if (!firstNameValidation.success) {
|
||||
return NextResponse.json(
|
||||
{
|
||||
success: false,
|
||||
message: firstNameValidation.error.errors[0].message,
|
||||
},
|
||||
{ status: 400 },
|
||||
);
|
||||
}
|
||||
updateData.first_name = first_name;
|
||||
}
|
||||
if (last_name) {
|
||||
const lastNameValidation = userLastNameSchema.safeParse(last_name);
|
||||
if (!lastNameValidation.success) {
|
||||
return NextResponse.json(
|
||||
{ success: false, message: lastNameValidation.error.errors[0].message },
|
||||
{ status: 400 },
|
||||
);
|
||||
}
|
||||
updateData.last_name = last_name;
|
||||
}
|
||||
if (email) {
|
||||
const emailValidation = userEmailSchema.safeParse(email);
|
||||
if (!emailValidation.success) {
|
||||
return NextResponse.json(
|
||||
{ success: false, message: emailValidation.error.errors[0].message },
|
||||
{ status: 400 },
|
||||
);
|
||||
}
|
||||
// Check if the email already exists for another user
|
||||
const existingUser = await prisma.user.findUnique({
|
||||
where: { email },
|
||||
});
|
||||
if (existingUser && existingUser.id !== req.auth.user.id) {
|
||||
return NextResponse.json(
|
||||
{ success: false, message: 'Email in use by another account' },
|
||||
{ status: 400 },
|
||||
);
|
||||
}
|
||||
updateData.email = email;
|
||||
}
|
||||
if (image) {
|
||||
updateData.image = image;
|
||||
}
|
||||
if (timezone) {
|
||||
updateData.timezone = timezone;
|
||||
}
|
||||
const { name, first_name, last_name, email, image, timezone } = data.data;
|
||||
const updatedUser = await prisma.user.update({
|
||||
where: {
|
||||
id: req.auth.user.id,
|
||||
},
|
||||
data: updateData,
|
||||
data: {
|
||||
name,
|
||||
first_name,
|
||||
last_name,
|
||||
email,
|
||||
image,
|
||||
timezone,
|
||||
},
|
||||
select: {
|
||||
id: true,
|
||||
name: true,
|
||||
first_name: true,
|
||||
last_name: true,
|
||||
email: true,
|
||||
image: true,
|
||||
timezone: true,
|
||||
created_at: true,
|
||||
updated_at: true,
|
||||
},
|
||||
});
|
||||
if (!updatedUser)
|
||||
return NextResponse.json(
|
||||
|
@ -265,11 +234,7 @@ export const PATCH = auth(async function PATCH(req) {
|
|||
return NextResponse.json(
|
||||
{
|
||||
success: true,
|
||||
user: {
|
||||
...updatedUser,
|
||||
password_hash: undefined, // Exclude sensitive information
|
||||
email_verified: undefined, // Exclude sensitive information
|
||||
},
|
||||
user: updatedUser,
|
||||
},
|
||||
{ status: 200 },
|
||||
);
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue