Initial commit

routes/api/profile/+server.ts

@@ -0,0 +1,117 @@
+import { json } from '@sveltejs/kit';
+import type { RequestHandler } from '@sveltejs/kit';
+import { getUser, updateUser as dbUpdateUser, deleteUserSessions, userHasAdminRole } from '$lib/server/db';
+import { validateSession, hashPassword, isAuthEnabled } from '$lib/server/auth';
+
+// GET /api/profile - Get current user's profile
+export const GET: RequestHandler = async ({ cookies }) => {
+	if (!(await isAuthEnabled())) {
+		return json({ error: 'Authentication is not enabled' }, { status: 400 });
+	}
+
+	const currentUser = await validateSession(cookies);
+	if (!currentUser) {
+		return json({ error: 'Not authenticated' }, { status: 401 });
+	}
+
+	try {
+		const user = await getUser(currentUser.id);
+		if (!user) {
+			return json({ error: 'User not found' }, { status: 404 });
+		}
+
+		// Derive isAdmin from role assignment
+		const isAdmin = await userHasAdminRole(user.id);
+
+		return json({
+			id: user.id,
+			username: user.username,
+			email: user.email,
+			displayName: user.displayName,
+			avatar: user.avatar,
+			mfaEnabled: user.mfaEnabled,
+			isAdmin,
+			provider: currentUser.provider || 'local',
+			lastLogin: user.lastLogin,
+			createdAt: user.createdAt,
+			updatedAt: user.updatedAt
+		});
+	} catch (error) {
+		console.error('Failed to get profile:', error);
+		return json({ error: 'Failed to get profile' }, { status: 500 });
+	}
+};
+
+// PUT /api/profile - Update current user's profile
+export const PUT: RequestHandler = async ({ request, cookies }) => {
+	if (!(await isAuthEnabled())) {
+		return json({ error: 'Authentication is not enabled' }, { status: 400 });
+	}
+
+	const currentUser = await validateSession(cookies);
+	if (!currentUser) {
+		return json({ error: 'Not authenticated' }, { status: 401 });
+	}
+
+	try {
+		const data = await request.json();
+		const existingUser = await getUser(currentUser.id);
+
+		if (!existingUser) {
+			return json({ error: 'User not found' }, { status: 404 });
+		}
+
+		// Build update object - users can only update certain fields
+		const updateData: any = {};
+
+		if (data.email !== undefined) updateData.email = data.email;
+		if (data.displayName !== undefined) updateData.displayName = data.displayName;
+
+		// Handle password change - require current password
+		if (data.newPassword) {
+			if (!data.currentPassword) {
+				return json({ error: 'Current password is required' }, { status: 400 });
+			}
+
+			if (data.newPassword.length < 8) {
+				return json({ error: 'Password must be at least 8 characters' }, { status: 400 });
+			}
+
+			// Verify current password
+			const { verifyPassword } = await import('$lib/server/auth');
+			const isValid = await verifyPassword(data.currentPassword, existingUser.passwordHash);
+			if (!isValid) {
+				return json({ error: 'Current password is incorrect' }, { status: 400 });
+			}
+
+			updateData.passwordHash = await hashPassword(data.newPassword);
+			// Invalidate other sessions on password change
+			deleteUserSessions(currentUser.id);
+		}
+
+		const user = await dbUpdateUser(currentUser.id, updateData);
+
+		if (!user) {
+			return json({ error: 'Failed to update profile' }, { status: 500 });
+		}
+
+		// Derive isAdmin from role assignment
+		const isAdmin = await userHasAdminRole(user.id);
+
+		return json({
+			id: user.id,
+			username: user.username,
+			email: user.email,
+			displayName: user.displayName,
+			avatar: user.avatar,
+			mfaEnabled: user.mfaEnabled,
+			isAdmin,
+			lastLogin: user.lastLogin,
+			createdAt: user.createdAt,
+			updatedAt: user.updatedAt
+		});
+	} catch (error: any) {
+		console.error('Failed to update profile:', error);
+		return json({ error: 'Failed to update profile' }, { status: 500 });
+	}
+};

routes/api/profile/avatar/+server.ts

@@ -0,0 +1,70 @@
+import { json } from '@sveltejs/kit';
+import type { RequestHandler } from '@sveltejs/kit';
+import { updateUser as dbUpdateUser, getUser } from '$lib/server/db';
+import { validateSession, isAuthEnabled } from '$lib/server/auth';
+
+// POST /api/profile/avatar - Upload avatar (base64 data URL)
+export const POST: RequestHandler = async ({ request, cookies }) => {
+	if (!(await isAuthEnabled())) {
+		return json({ error: 'Authentication is not enabled' }, { status: 400 });
+	}
+
+	const currentUser = await validateSession(cookies);
+	if (!currentUser) {
+		return json({ error: 'Not authenticated' }, { status: 401 });
+	}
+
+	try {
+		const data = await request.json();
+
+		if (!data.avatar) {
+			return json({ error: 'Avatar data is required' }, { status: 400 });
+		}
+
+		// Validate it's a valid base64 data URL
+		if (!data.avatar.startsWith('data:image/')) {
+			return json({ error: 'Invalid image format' }, { status: 400 });
+		}
+
+		// Check size (limit to ~500KB base64 which is roughly 375KB image)
+		if (data.avatar.length > 500000) {
+			return json({ error: 'Image too large. Maximum size is 500KB.' }, { status: 400 });
+		}
+
+		const user = await dbUpdateUser(currentUser.id, { avatar: data.avatar });
+
+		if (!user) {
+			return json({ error: 'Failed to update avatar' }, { status: 500 });
+		}
+
+		return json({ success: true, avatar: user.avatar });
+	} catch (error) {
+		console.error('Failed to upload avatar:', error);
+		return json({ error: 'Failed to upload avatar' }, { status: 500 });
+	}
+};
+
+// DELETE /api/profile/avatar - Remove avatar
+export const DELETE: RequestHandler = async ({ cookies }) => {
+	if (!(await isAuthEnabled())) {
+		return json({ error: 'Authentication is not enabled' }, { status: 400 });
+	}
+
+	const currentUser = await validateSession(cookies);
+	if (!currentUser) {
+		return json({ error: 'Not authenticated' }, { status: 401 });
+	}
+
+	try {
+		const user = await dbUpdateUser(currentUser.id, { avatar: null });
+
+		if (!user) {
+			return json({ error: 'Failed to remove avatar' }, { status: 500 });
+		}
+
+		return json({ success: true });
+	} catch (error) {
+		console.error('Failed to remove avatar:', error);
+		return json({ error: 'Failed to remove avatar' }, { status: 500 });
+	}
+};

routes/api/profile/preferences/+server.ts

@@ -0,0 +1,101 @@
+import { json } from '@sveltejs/kit';
+import type { RequestHandler } from '@sveltejs/kit';
+import { getUserThemePreferences, setUserThemePreferences } from '$lib/server/db';
+import { validateSession, isAuthEnabled } from '$lib/server/auth';
+import { lightThemes, darkThemes, fonts, monospaceFonts } from '$lib/themes';
+
+// GET /api/profile/preferences - Get current user's theme preferences
+export const GET: RequestHandler = async ({ cookies }) => {
+	if (!(await isAuthEnabled())) {
+		return json({ error: 'Authentication is not enabled' }, { status: 400 });
+	}
+
+	const currentUser = await validateSession(cookies);
+	if (!currentUser) {
+		return json({ error: 'Not authenticated' }, { status: 401 });
+	}
+
+	try {
+		const prefs = await getUserThemePreferences(currentUser.id);
+		return json(prefs);
+	} catch (error) {
+		console.error('Failed to get preferences:', error);
+		return json({ error: 'Failed to get preferences' }, { status: 500 });
+	}
+};
+
+// PUT /api/profile/preferences - Update current user's theme preferences
+export const PUT: RequestHandler = async ({ request, cookies }) => {
+	if (!(await isAuthEnabled())) {
+		return json({ error: 'Authentication is not enabled' }, { status: 400 });
+	}
+
+	const currentUser = await validateSession(cookies);
+	if (!currentUser) {
+		return json({ error: 'Not authenticated' }, { status: 401 });
+	}
+
+	try {
+		const data = await request.json();
+
+		// Validate theme values using imported theme lists
+		const validLightThemeIds = lightThemes.map(t => t.id);
+		const validDarkThemeIds = darkThemes.map(t => t.id);
+		const validFontIds = fonts.map(f => f.id);
+		const validTerminalFontIds = monospaceFonts.map(f => f.id);
+		const validFontSizes = ['xsmall', 'small', 'normal', 'medium', 'large', 'xlarge'];
+
+		const updates: { lightTheme?: string; darkTheme?: string; font?: string; fontSize?: string; gridFontSize?: string; terminalFont?: string } = {};
+
+		if (data.lightTheme !== undefined) {
+			if (!validLightThemeIds.includes(data.lightTheme)) {
+				return json({ error: 'Invalid light theme' }, { status: 400 });
+			}
+			updates.lightTheme = data.lightTheme;
+		}
+
+		if (data.darkTheme !== undefined) {
+			if (!validDarkThemeIds.includes(data.darkTheme)) {
+				return json({ error: 'Invalid dark theme' }, { status: 400 });
+			}
+			updates.darkTheme = data.darkTheme;
+		}
+
+		if (data.font !== undefined) {
+			if (!validFontIds.includes(data.font)) {
+				return json({ error: 'Invalid font' }, { status: 400 });
+			}
+			updates.font = data.font;
+		}
+
+		if (data.fontSize !== undefined) {
+			if (!validFontSizes.includes(data.fontSize)) {
+				return json({ error: 'Invalid font size' }, { status: 400 });
+			}
+			updates.fontSize = data.fontSize;
+		}
+
+		if (data.gridFontSize !== undefined) {
+			if (!validFontSizes.includes(data.gridFontSize)) {
+				return json({ error: 'Invalid grid font size' }, { status: 400 });
+			}
+			updates.gridFontSize = data.gridFontSize;
+		}
+
+		if (data.terminalFont !== undefined) {
+			if (!validTerminalFontIds.includes(data.terminalFont)) {
+				return json({ error: 'Invalid terminal font' }, { status: 400 });
+			}
+			updates.terminalFont = data.terminalFont;
+		}
+
+		await setUserThemePreferences(currentUser.id, updates);
+
+		// Return updated preferences
+		const prefs = await getUserThemePreferences(currentUser.id);
+		return json(prefs);
+	} catch (error) {
+		console.error('Failed to update preferences:', error);
+		return json({ error: 'Failed to update preferences' }, { status: 500 });
+	}
+};