(request: Request)
| 9 | import { createUser, getUserByUsername } from '@/queries/prisma'; |
| 10 | |
| 11 | export async function POST(request: Request) { |
| 12 | const schema = z.object({ |
| 13 | id: z.uuid().optional(), |
| 14 | username: z.string().max(255), |
| 15 | password: z.string().min(8).max(255), |
| 16 | role: userRoleParam, |
| 17 | }); |
| 18 | |
| 19 | const { auth, body, error } = await parseRequest(request, schema); |
| 20 | |
| 21 | if (error) { |
| 22 | return error(); |
| 23 | } |
| 24 | |
| 25 | if (!(await canCreateUser(auth))) { |
| 26 | return unauthorized(); |
| 27 | } |
| 28 | |
| 29 | const { id, username, password, role } = body; |
| 30 | |
| 31 | const existingUser = await getUserByUsername(username, { showDeleted: true }); |
| 32 | |
| 33 | if (existingUser) { |
| 34 | return badRequest({ message: 'User already exists' }); |
| 35 | } |
| 36 | |
| 37 | const user = await createUser({ |
| 38 | id: id || uuid(), |
| 39 | username: username.toLowerCase(), |
| 40 | password: hashPassword(password), |
| 41 | role: role ?? ROLES.user, |
| 42 | }); |
| 43 | |
| 44 | return json(user); |
| 45 | } |
nothing calls this directly
no test coverage detected