gpatti/MediaLore
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add auth

Browse Source
This commit is contained in:
Garret Patti
2026-04-05 17:44:24 -04:00
parent f0666c0649
commit eecee9bc5f
41 changed files with 1405 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

59
src/app/api/auth/register/route.ts Normal file
View File

@@ -0,0 +1,59 @@
import { NextRequest, NextResponse } from 'next/server'
import { getSessionOptions, hashPassword, type SessionData } from '@/lib/auth'
import { getIronSession } from 'iron-session'
import { getUserCount, createUser } from '@/lib/users'
export async function POST(request: NextRequest) {
let body: { username?: string; password?: string; role?: string }
try {
body = await request.json()
} catch {
return NextResponse.json({ error: 'Invalid JSON body' }, { status: 400 })
}
const { username, password } = body
let { role } = body
if (!username || !password) {
return NextResponse.json({ error: 'username and password are required' }, { status: 400 })
}
if (username.trim().length < 2) {
return NextResponse.json({ error: 'Username must be at least 2 characters' }, { status: 400 })
}
if (password.length < 8) {
return NextResponse.json({ error: 'Password must be at least 8 characters' }, { status: 400 })
}
const userCount = getUserCount()
if (userCount === 0) {
// First user always becomes admin
role = 'admin'
} else {
// Subsequent users require an admin session
const res = new NextResponse()
const session = await getIronSession<SessionData>(request, res, getSessionOptions())
if (!session.userId) {
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
}
if (session.role !== 'admin') {
return NextResponse.json({ error: 'Forbidden' }, { status: 403 })
}
if (role !== 'admin' && role !== 'user') {
role = 'user'
}
}
const passwordHash = await hashPassword(password)
try {
const user = createUser(username.trim(), passwordHash, role as 'admin' | 'user')
return NextResponse.json({ id: user.id, username: user.username, role: user.role }, { status: 201 })
} catch (err) {
const message = err instanceof Error ? err.message : 'Failed to create user'
if (message.includes('UNIQUE constraint failed')) {
return NextResponse.json({ error: 'Username already taken' }, { status: 409 })
}
return NextResponse.json({ error: message }, { status: 400 })
}
}