(request: Request, { params }: { params: Promise<{ userId: string }> })
| 25 | } |
| 26 | |
| 27 | export async function POST(request: Request, { params }: { params: Promise<{ userId: string }> }) { |
| 28 | const schema = z.object({ |
| 29 | username: z.string().max(255).optional(), |
| 30 | password: z.string().min(8).max(255).optional(), |
| 31 | role: userRoleParam.optional(), |
| 32 | }); |
| 33 | |
| 34 | const { auth, body, error } = await parseRequest(request, schema); |
| 35 | |
| 36 | if (error) { |
| 37 | return error(); |
| 38 | } |
| 39 | |
| 40 | const { userId } = await params; |
| 41 | |
| 42 | if (!(await canUpdateUser(auth, userId))) { |
| 43 | return unauthorized(); |
| 44 | } |
| 45 | |
| 46 | const { username, password, role } = body; |
| 47 | |
| 48 | const user = await getUser(userId); |
| 49 | |
| 50 | if (!user) { |
| 51 | return notFound(); |
| 52 | } |
| 53 | |
| 54 | const data: any = {}; |
| 55 | |
| 56 | if (password) { |
| 57 | data.password = hashPassword(password); |
| 58 | } |
| 59 | |
| 60 | // Only admin can change these fields |
| 61 | if (role && auth.user.isAdmin) { |
| 62 | data.role = role; |
| 63 | } |
| 64 | |
| 65 | if (username && auth.user.isAdmin) { |
| 66 | data.username = username.toLowerCase(); |
| 67 | } |
| 68 | |
| 69 | // Check when username changes |
| 70 | if (data.username && user.username !== data.username) { |
| 71 | const existingUser = await getUserByUsername(data.username); |
| 72 | |
| 73 | if (existingUser && existingUser.id !== userId) { |
| 74 | return badRequest({ message: 'User already exists' }); |
| 75 | } |
| 76 | } |
| 77 | |
| 78 | const updated = await updateUser(userId, data); |
| 79 | |
| 80 | return json(updated); |
| 81 | } |
| 82 | |
| 83 | export async function DELETE( |
| 84 | request: Request, |
nothing calls this directly
no test coverage detected