user creation and invites

2025-06-24 16:31:13 -04:00
parent 23c8f468fe
commit a659401bde
32 changed files with 667 additions and 30 deletions
--- a/app/api/admin/create-user/route.ts
+++ b/app/api/admin/create-user/route.ts
@@ -0,0 +1,19 @@
+import { mutations } from '@/lib/mutations'
+import { NextRequest, NextResponse } from 'next/server'
+
+export async function POST(req: NextRequest) {
+    const body = await req.json()
+
+    if (!body.username || !body.password || !body.role) {
+        return new NextResponse('Missing fields', { status: 400 })
+    }
+
+    const user = await mutations.createUser({
+        username: body.username,
+        password: body.password,
+        role: body.role,
+        email: '',
+    })
+
+    return NextResponse.json({ id: user.id })
+}
--- a/app/api/auth/[...nextauth]/route.ts
+++ b/app/api/auth/[...nextauth]/route.ts
@@ -15,7 +15,6 @@ export const authOptions: NextAuthOptions = {
      },
      async authorize(credentials) {
        if (!credentials?.email || !credentials?.password) {
-          console.log('[AUTH] Missing credentials')
          return null
        }

@@ -24,28 +23,24 @@ export const authOptions: NextAuthOptions = {
        })

        if (!user) {
-          console.log('[AUTH] User not found')
          return null
        }

        if (!user.password) {
-          console.log('[AUTH] User has no password set')
          return null
        }

        const isValid = await bcrypt.compare(credentials.password, user.password)
        if (!isValid) {
-          console.log('[AUTH] Invalid password')
          return null
        }

-        console.log('[AUTH] Successful login', user.email)
-
        return {
          id: user.id,
          email: user.email,
          name: user.name,
          role: user.role,
+          username: user.username!,
        }
      },
    }),
@@ -58,6 +53,7 @@ export const authOptions: NextAuthOptions = {
      if (user) {
        token.id = user.id
        token.role = user.role
+        token.username = user.username
      }
      return token
    },
@@ -65,6 +61,7 @@ export const authOptions: NextAuthOptions = {
      if (session.user) {
        session.user.id = token.id as string
        session.user.role = token.role as "COUPLE" | "PLANNER" | "GUEST"
+        session.user.username = token.username as string
      }
      return session
    },
--- a/app/api/invite/send/route.ts
+++ b/app/api/invite/send/route.ts
@@ -0,0 +1,52 @@
+import { NextRequest, NextResponse } from 'next/server'
+import { getServerSession } from 'next-auth'
+import { authOptions } from '../../auth/[...nextauth]/route'
+import { sendInviteEmail } from '@/lib/email'
+import { createInvite } from '@/lib/invite'
+import { prisma } from '@/lib/prisma'
+
+export async function POST(req: NextRequest) {
+  try {
+        const session = await getServerSession(authOptions)
+
+        if (!session?.user || !['COUPLE', 'PLANNER'].includes(session.user.role)) {
+            return new NextResponse('Unauthorized', { status: 403 })
+        }
+
+        const { email, role } = await req.json()
+        if (!email || !role) {
+            return NextResponse.json({ message: 'Missing email or role' }, { status: 400 })
+        }
+
+        const existingUser = await prisma.user.findUnique({ where: { email } })
+        if (existingUser) {
+            return NextResponse.json({ message: 'User with this email already exists' }, { status: 400 })
+        }
+
+        const existingInvite = await prisma.inviteToken.findFirst({
+            where: {
+                email,
+                accepted: false,
+            },
+        })
+
+        if (existingInvite) {
+            return NextResponse.json({ message: 'An invite already exists for this email' }, { status: 400 })
+        }
+
+        const invite = await createInvite({ email, role })
+        const inviteUrl = `${process.env.NEXT_PUBLIC_BASE_URL}/invite/accept?token=${invite.token}`
+
+        await sendInviteEmail({
+            to: email,
+            inviterName: session.user.email || 'A wedding planner',
+            inviteUrl,
+            role,
+        })
+
+        return NextResponse.json({ success: true })
+    } catch (error) {
+        console.error('[INVITE SEND ERROR]', error)
+        return NextResponse.json({ message: 'Internal Server Error' }, { status: 500 })
+    }
+}
--- a/app/api/invite/validate/route.ts
+++ b/app/api/invite/validate/route.ts
@@ -0,0 +1,20 @@
+// app/api/invite/validate/route.ts
+import { prisma } from '@/lib/prisma'
+import { NextRequest, NextResponse } from 'next/server'
+
+export async function POST(req: NextRequest) {
+    const { token } = await req.json()
+
+    const invite = await prisma.inviteToken.findUnique({
+        where: { token },
+    })
+
+    if (!invite || invite.accepted) {
+        return new NextResponse('Invalid or expired invite', { status: 400 })
+    }
+
+    return NextResponse.json({
+        email: invite.email,
+        role: invite.role,
+    })
+}
--- a/app/api/setup/route.ts
+++ b/app/api/setup/route.ts
@@ -3,7 +3,14 @@ import { prisma } from '@/lib/prisma';
 import bcrypt from 'bcrypt';

 export async function POST(req: NextRequest) {
-    const { email, password, role } = await req.json();
+    const { email, username, password, role } = await req.json();
+
+    const existingUsername = await prisma.user.findUnique({
+        where: { username },
+    })
+    if (existingUsername) {
+        return new NextResponse('Username already taken', { status: 400 })
+    }

    const existing = await prisma.user.findUnique({ where: { email }});
    if (existing) return new NextResponse('User already exists', { status: 400 });
@@ -12,6 +19,7 @@ export async function POST(req: NextRequest) {
    const user = await prisma.user.create({
        data: {
            email,
+            username,
            password: hashed,
            role
        }
--- a/app/api/signup/from-invite/route.ts
+++ b/app/api/signup/from-invite/route.ts
@@ -0,0 +1,55 @@
+import { prisma } from '@/lib/prisma'
+import { NextRequest, NextResponse } from 'next/server'
+import bcrypt from 'bcrypt'
+
+export async function POST(req: NextRequest) {
+    try {
+        const { token, username, password } = await req.json()
+
+        if (!token || !username || !password) {
+            return NextResponse.json({ message: 'Missing fields' }, { status: 400 })
+        }
+
+        const invite = await prisma.inviteToken.findUnique({
+        where: { token },
+        })
+
+        if (!invite || invite.accepted || new Date(invite.expiresAt) < new Date()) {
+            return NextResponse.json({ message: 'Invalid or expired invite' }, { status: 400 })
+        }
+
+        const existingUser = await prisma.user.findFirst({
+            where: {
+                OR: [
+                    { email: invite.email },
+                    { username },
+                ],
+            },
+        })
+
+        if (existingUser) {
+            return NextResponse.json({ message: 'A user with this email or username already exists' }, { status: 400 })
+        }
+
+        const hashedPassword = await bcrypt.hash(password, 10)
+
+        await prisma.user.create({
+            data: {
+                email: invite.email,
+                username,
+                role: invite.role,
+                password: hashedPassword,
+            },
+        })
+
+        await prisma.inviteToken.update({
+            where: { token },
+            data: { accepted: true },
+        })
+
+        return NextResponse.json({ success: true })
+    } catch (err) {
+        console.error('[SIGNUP ERROR]', err)
+        return new NextResponse('Internal Server Error', { status: 500 })
+    }
+}
--- a/app/api/test-email/route.ts
+++ b/app/api/test-email/route.ts
@@ -0,0 +1,12 @@
+import { sendInviteEmail } from '@/lib/email'
+import { NextResponse } from 'next/server'
+
+export async function GET() {
+    await sendInviteEmail({
+        to: 'brian@briannelson.dev',
+        token: 'testtoken123',
+        inviterName: 'Test Admin',
+    })
+
+    return NextResponse.json({ status: 'sent' })
+}