fixes

server/api/auth/verify-email.get.ts

@@ -3,8 +3,11 @@ export default defineEventHandler(async (event) => {
     const { token } = getQuery(event);
 
     if (!token || typeof token !== 'string') {
-      console.log('[verify-email] Missing or invalid token, redirecting to expired page');
-      return sendRedirect(event, '/auth/verify-expired?reason=invalid', 302);
+      console.log('[verify-email] Missing or invalid token');
+      throw createError({
+        statusCode: 400,
+        statusMessage: 'Invalid or missing verification token'
+      });
     }
 
     console.log('[verify-email] Processing verification token...');
@@ -51,36 +54,50 @@ export default defineEventHandler(async (event) => {
       }
     }
 
-    // Build success redirect URL with query parameters
-    const successUrl = new URL('/auth/verify-success', 'https://portal.monacousa.org');
-    successUrl.searchParams.set('email', email);
+    // Return JSON response with email and success status
+    const responseData = {
+      success: true,
+      message: partialSuccess 
+        ? 'Email verified with partial success. You may experience minor account access issues.'
+        : 'Email verified successfully',
+      data: {
+        email,
+        partialSuccess,
+        keycloakError: partialSuccess ? keycloakError : null
+      }
+    };
 
-    if (partialSuccess && keycloakError) {
-      successUrl.searchParams.set('warning', 'partial');
-      console.log('[verify-email] Redirecting to success page with partial warning');
-    } else {
-      console.log('[verify-email] Redirecting to success page - verification complete');
-    }
-
-    // Redirect to success page instead of returning JSON
-    return sendRedirect(event, successUrl.pathname + successUrl.search, 302);
+    console.log('[verify-email] Returning JSON response:', responseData);
+    return responseData;
 
   } catch (error: any) {
     console.error('[verify-email] Verification failed:', error.message);
 
-    // Redirect to appropriate error page instead of throwing errors
+    // Return appropriate error responses as JSON
     if (error.message?.includes('expired')) {
-      console.log('[verify-email] Token expired, redirecting to expired page');
-      return sendRedirect(event, '/auth/verify-expired?reason=expired', 302);
+      console.log('[verify-email] Token expired');
+      throw createError({
+        statusCode: 410,
+        statusMessage: 'Verification token has expired'
+      });
     } else if (error.message?.includes('already used')) {
-      console.log('[verify-email] Token already used, redirecting to expired page');
-      return sendRedirect(event, '/auth/verify-expired?reason=used', 302);
+      console.log('[verify-email] Token already used');
+      throw createError({
+        statusCode: 409,
+        statusMessage: 'Verification token has already been used'
+      });
     } else if (error.message?.includes('not found')) {
-      console.log('[verify-email] Token not found, redirecting to expired page');
-      return sendRedirect(event, '/auth/verify-expired?reason=invalid', 302);
+      console.log('[verify-email] Token not found');
+      throw createError({
+        statusCode: 404,
+        statusMessage: 'Verification token not found or invalid'
+      });
     } else {
-      console.log('[verify-email] Generic verification error, redirecting to expired page');
-      return sendRedirect(event, '/auth/verify-expired?reason=invalid', 302);
+      console.log('[verify-email] Generic verification error');
+      throw createError({
+        statusCode: 400,
+        statusMessage: error.message || 'Email verification failed'
+      });
     }
   }
 });