user creation and invites

app/api/signup/from-invite/route.ts

@@ -0,0 +1,55 @@
+import { prisma } from '@/lib/prisma'
+import { NextRequest, NextResponse } from 'next/server'
+import bcrypt from 'bcrypt'
+
+export async function POST(req: NextRequest) {
+    try {
+        const { token, username, password } = await req.json()
+
+        if (!token || !username || !password) {
+            return NextResponse.json({ message: 'Missing fields' }, { status: 400 })
+        }
+
+        const invite = await prisma.inviteToken.findUnique({
+        where: { token },
+        })
+
+        if (!invite || invite.accepted || new Date(invite.expiresAt) < new Date()) {
+            return NextResponse.json({ message: 'Invalid or expired invite' }, { status: 400 })
+        }
+
+        const existingUser = await prisma.user.findFirst({
+            where: {
+                OR: [
+                    { email: invite.email },
+                    { username },
+                ],
+            },
+        })
+
+        if (existingUser) {
+            return NextResponse.json({ message: 'A user with this email or username already exists' }, { status: 400 })
+        }
+
+        const hashedPassword = await bcrypt.hash(password, 10)
+
+        await prisma.user.create({
+            data: {
+                email: invite.email,
+                username,
+                role: invite.role,
+                password: hashedPassword,
+            },
+        })
+
+        await prisma.inviteToken.update({
+            where: { token },
+            data: { accepted: true },
+        })
+
+        return NextResponse.json({ success: true })
+    } catch (err) {
+        console.error('[SIGNUP ERROR]', err)
+        return new NextResponse('Internal Server Error', { status: 500 })
+    }
+}