Matt
221ae5784e
Bundles the prior autonomous-session output that was sitting unstaged: - Em-dash sweep across src/ + tests/ (en-dash/em-dash to hyphen, ~2280 instances) - country-flag-icons rollout (CountryFlag component, replaces emoji glyphs that never rendered on Windows; lazy-loads the 3x2 SVG index as a single chunk after the per-subpath dynamic-import approach silently failed in webpack) - Admin IA Phase 1+2: 7-domain regroup, 41 to 38 pages, /admin/berths index, redirects (ocr to ai, reports to dashboard, invitations to users), docs/admin-ia-proposal.md - Per-template email tester (registry + endpoint + UI on Email admin page) - Cancel-document mode picker (delete-from-Documenso vs keep-for-audit) - Dashboard PDF report: 25 widgets, SVG charts, date-range picker, 11 resolvers - Customize-widgets per-region sortables at xl+ (charts/rails/feed); single flat sortable below xl when the layout stacks; per-viewport saved orders - Audit doc updates capturing each shipped item - Lint fixes: react-compiler immutability in DonutChart (reduce instead of let-reassign), set-state-in-effect disables in CountryFlag and UploadForSigning preview-bytes effect, unused 'confirm' destructures in interest contract + reservation tabs, unescaped apostrophe in test-template card copy
59 lines
2.1 KiB
TypeScript
59 lines
2.1 KiB
TypeScript
import { NextRequest, NextResponse } from 'next/server';
|
|
import { z } from 'zod';
|
|
|
|
import { auth } from '@/lib/auth';
|
|
import { errorResponse, NotFoundError } from '@/lib/errors';
|
|
import { consumeCrmInvite } from '@/lib/services/crm-invite.service';
|
|
import { enforcePublicRateLimit, parseBody } from '@/lib/api/route-helpers';
|
|
|
|
const bodySchema = z.object({
|
|
token: z.string().min(1),
|
|
password: z.string().min(9),
|
|
});
|
|
|
|
export async function POST(req: NextRequest): Promise<NextResponse> {
|
|
// 10/hour/IP - bounds brute-force against either token store.
|
|
const limited = await enforcePublicRateLimit(req, 'portalToken');
|
|
if (limited) return limited;
|
|
|
|
try {
|
|
const { token, password } = await parseBody(req, bodySchema);
|
|
|
|
// Two distinct token issuers can land users on /set-password:
|
|
// 1. CRM admin invite → `crm_user_invites` row, consumed via
|
|
// `consumeCrmInvite` (creates the better-auth user + profile).
|
|
// 2. Forgot-password → better-auth verification row, consumed via
|
|
// `auth.api.resetPassword` (rotates the password on an existing
|
|
// user).
|
|
// Try the CRM-invite path first. If the token isn't in that table
|
|
// (NotFoundError), fall through to better-auth - these are mutually
|
|
// exclusive token spaces, so at most one will accept it.
|
|
try {
|
|
const result = await consumeCrmInvite({ token, password });
|
|
return NextResponse.json({ data: { email: result.email } });
|
|
} catch (err) {
|
|
if (!(err instanceof NotFoundError)) throw err;
|
|
}
|
|
|
|
try {
|
|
await auth.api.resetPassword({
|
|
body: { newPassword: password, token },
|
|
});
|
|
return NextResponse.json({ data: { email: null } });
|
|
} catch {
|
|
// Both stores rejected the token; surface a clean unified error
|
|
// (matches the `{ error: string }` shape the page consumes via
|
|
// `body.error`).
|
|
return NextResponse.json(
|
|
{
|
|
error: 'This link is invalid or has expired. Request a new one.',
|
|
code: 'INVITE_OR_RESET_INVALID',
|
|
},
|
|
{ status: 400 },
|
|
);
|
|
}
|
|
} catch (err) {
|
|
return errorResponse(err);
|
|
}
|
|
}
|