export default defineEventHandler(async (event) => { try { const { token } = getQuery(event); if (!token || typeof token !== 'string') { throw createError({ statusCode: 400, statusMessage: 'Verification token is required' }); } console.log('[verify-email] Processing verification token...'); // Verify the token const { verifyEmailToken } = await import('~/server/utils/email-tokens'); const { userId, email } = await verifyEmailToken(token); // Update user verification status in Keycloak const { createKeycloakAdminClient } = await import('~/server/utils/keycloak-admin'); const keycloak = createKeycloakAdminClient(); let partialSuccess = false; try { await keycloak.updateUserProfile(userId, { emailVerified: true, attributes: { lastLoginDate: new Date().toISOString() } }); console.log('[verify-email] Successfully verified user:', userId, 'email:', email); } catch (keycloakError: any) { console.error('[verify-email] Keycloak update failed:', keycloakError.message); // Even if Keycloak update fails, consider verification successful if token was valid // This prevents user frustration due to backend issues partialSuccess = true; } // Return JSON response for client-side navigation return { success: true, data: { userId, email, partialSuccess } }; } catch (error: any) { console.error('[verify-email] Verification failed:', error.message); // Return error response if (error.message?.includes('expired')) { throw createError({ statusCode: 410, statusMessage: 'Verification link has expired. Please request a new one.' }); } else if (error.message?.includes('already used') || error.message?.includes('not found')) { throw createError({ statusCode: 409, statusMessage: 'This verification link has already been used or is invalid.' }); } else { throw createError({ statusCode: 400, statusMessage: error.message || 'Invalid verification link' }); } } });