Initial commit

2026-03-06 21:29:05 +00:00 · 2025-12-28 21:16:03 +01:00
commit 62e3c6439e
552 changed files with 104858 additions and 0 deletions
--- a/routes/api/profile/+server.ts
+++ b/routes/api/profile/+server.ts
@@ -0,0 +1,117 @@
+import { json } from '@sveltejs/kit';
+import type { RequestHandler } from '@sveltejs/kit';
+import { getUser, updateUser as dbUpdateUser, deleteUserSessions, userHasAdminRole } from '$lib/server/db';
+import { validateSession, hashPassword, isAuthEnabled } from '$lib/server/auth';
+
+// GET /api/profile - Get current user's profile
+export const GET: RequestHandler = async ({ cookies }) => {
+	if (!(await isAuthEnabled())) {
+		return json({ error: 'Authentication is not enabled' }, { status: 400 });
+	}
+
+	const currentUser = await validateSession(cookies);
+	if (!currentUser) {
+		return json({ error: 'Not authenticated' }, { status: 401 });
+	}
+
+	try {
+		const user = await getUser(currentUser.id);
+		if (!user) {
+			return json({ error: 'User not found' }, { status: 404 });
+		}
+
+		// Derive isAdmin from role assignment
+		const isAdmin = await userHasAdminRole(user.id);
+
+		return json({
+			id: user.id,
+			username: user.username,
+			email: user.email,
+			displayName: user.displayName,
+			avatar: user.avatar,
+			mfaEnabled: user.mfaEnabled,
+			isAdmin,
+			provider: currentUser.provider || 'local',
+			lastLogin: user.lastLogin,
+			createdAt: user.createdAt,
+			updatedAt: user.updatedAt
+		});
+	} catch (error) {
+		console.error('Failed to get profile:', error);
+		return json({ error: 'Failed to get profile' }, { status: 500 });
+	}
+};
+
+// PUT /api/profile - Update current user's profile
+export const PUT: RequestHandler = async ({ request, cookies }) => {
+	if (!(await isAuthEnabled())) {
+		return json({ error: 'Authentication is not enabled' }, { status: 400 });
+	}
+
+	const currentUser = await validateSession(cookies);
+	if (!currentUser) {
+		return json({ error: 'Not authenticated' }, { status: 401 });
+	}
+
+	try {
+		const data = await request.json();
+		const existingUser = await getUser(currentUser.id);
+
+		if (!existingUser) {
+			return json({ error: 'User not found' }, { status: 404 });
+		}
+
+		// Build update object - users can only update certain fields
+		const updateData: any = {};
+
+		if (data.email !== undefined) updateData.email = data.email;
+		if (data.displayName !== undefined) updateData.displayName = data.displayName;
+
+		// Handle password change - require current password
+		if (data.newPassword) {
+			if (!data.currentPassword) {
+				return json({ error: 'Current password is required' }, { status: 400 });
+			}
+
+			if (data.newPassword.length < 8) {
+				return json({ error: 'Password must be at least 8 characters' }, { status: 400 });
+			}
+
+			// Verify current password
+			const { verifyPassword } = await import('$lib/server/auth');
+			const isValid = await verifyPassword(data.currentPassword, existingUser.passwordHash);
+			if (!isValid) {
+				return json({ error: 'Current password is incorrect' }, { status: 400 });
+			}
+
+			updateData.passwordHash = await hashPassword(data.newPassword);
+			// Invalidate other sessions on password change
+			deleteUserSessions(currentUser.id);
+		}
+
+		const user = await dbUpdateUser(currentUser.id, updateData);
+
+		if (!user) {
+			return json({ error: 'Failed to update profile' }, { status: 500 });
+		}
+
+		// Derive isAdmin from role assignment
+		const isAdmin = await userHasAdminRole(user.id);
+
+		return json({
+			id: user.id,
+			username: user.username,
+			email: user.email,
+			displayName: user.displayName,
+			avatar: user.avatar,
+			mfaEnabled: user.mfaEnabled,
+			isAdmin,
+			lastLogin: user.lastLogin,
+			createdAt: user.createdAt,
+			updatedAt: user.updatedAt
+		});
+	} catch (error: any) {
+		console.error('Failed to update profile:', error);
+		return json({ error: 'Failed to update profile' }, { status: 500 });
+	}
+};