monacousa-portal/server/api/auth/verify-email.get.ts

export default defineEventHandler(async (event) => {
  try {
    const { token } = getQuery(event);

    if (!token || typeof token !== 'string') {
      throw createError({
        statusCode: 400,
        statusMessage: 'Verification token is required'
      });
    }

    console.log('[verify-email] Processing verification token...');

    // Verify the token
    const { verifyEmailToken } = await import('~/server/utils/email-tokens');
    const { userId, email } = await verifyEmailToken(token);

    // Update user verification status in Keycloak
    const { createKeycloakAdminClient } = await import('~/server/utils/keycloak-admin');
    const keycloak = createKeycloakAdminClient();
    
    let partialSuccess = false;

    try {
      await keycloak.updateUserProfile(userId, {
        emailVerified: true,
        attributes: {
          lastLoginDate: new Date().toISOString()
        }
      });

      console.log('[verify-email] Successfully verified user:', userId, 'email:', email);
      
    } catch (keycloakError: any) {
      console.error('[verify-email] Keycloak update failed:', keycloakError.message);
      // Even if Keycloak update fails, consider verification successful if token was valid
      // This prevents user frustration due to backend issues
      partialSuccess = true;
    }

    // Return JSON response for client-side navigation
    return {
      success: true,
      data: {
        userId,
        email,
        partialSuccess
      }
    };

  } catch (error: any) {
    console.error('[verify-email] Verification failed:', error.message);

    // Return error response
    if (error.message?.includes('expired')) {
      throw createError({
        statusCode: 410,
        statusMessage: 'Verification link has expired. Please request a new one.'
      });
    } else if (error.message?.includes('already used') || error.message?.includes('not found')) {
      throw createError({
        statusCode: 409,
        statusMessage: 'This verification link has already been used or is invalid.'
      });
    } else {
      throw createError({
        statusCode: 400,
        statusMessage: error.message || 'Invalid verification link'
      });
    }
  }
});