boha_admin/app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 26 Wiki Activity
Files
3bc7fb6800512926521f40e2c862fcee6ec1ac3a
app/src/routes/admin/profile.ts
BOHA d2b22e9399 feat: add Zod validation schemas for all domain routes 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-23 08:57:38 +01:00

58 lines
2.6 KiB
TypeScript
Raw Blame History

import { FastifyInstance } from 'fastify';
import prisma from '../../config/database';
import { requireAuth } from '../../middleware/auth';
import { success, error } from '../../utils/response';
import bcrypt from 'bcryptjs';
import { config } from '../../config/env';
import { logAudit } from '../../services/audit';
import { parseBody } from '../../schemas/common';
import { UpdateProfileSchema } from '../../schemas/profile.schema';
export default async function profileRoutes(fastify: FastifyInstance): Promise<void> {
fastify.get('/', { preHandler: requireAuth }, async (request, reply) => {
const user = await prisma.users.findUnique({
where: { id: request.authData!.userId },
select: {
id: true, username: true, email: true, first_name: true, last_name: true,
totp_enabled: true, last_login: true, password_changed_at: true,
roles: { select: { id: true, name: true, display_name: true } },
},
});
if (!user) return error(reply, 'Uživatel nenalezen', 404);
return success(reply, user);
});
fastify.put('/', { preHandler: requireAuth }, async (request, reply) => {
const parsed = parseBody(UpdateProfileSchema, request.body);
if ('error' in parsed) return error(reply, parsed.error, 400);
const body = parsed.data;
const userId = request.authData!.userId;
const data: Record<string, unknown> = {};
if (body.email) {
const newEmail = String(body.email).trim();
const existing = await prisma.users.findFirst({ where: { email: newEmail, id: { not: userId } } });
if (existing) return error(reply, 'E-mail již existuje', 409);
data.email = newEmail;
}
if (body.first_name) data.first_name = String(body.first_name);
if (body.last_name) data.last_name = String(body.last_name);
if (body.current_password && body.new_password) {
const user = await prisma.users.findUnique({ where: { id: userId } });
if (!user) return error(reply, 'Uživatel nenalezen', 404);
const valid = await bcrypt.compare(String(body.current_password), user.password_hash);
if (!valid) return error(reply, 'Nesprávné aktuální heslo', 400);
data.password_hash = await bcrypt.hash(String(body.new_password), config.security.bcryptCost);
data.password_changed_at = new Date();
await logAudit({ request, authData: request.authData, action: 'password_change', entityType: 'user', entityId: userId, description: 'Změna hesla' });
}
await prisma.users.update({ where: { id: userId }, data });
return success(reply, null, 200, 'Profil aktualizován');
});
}
Reference in New Issue View Git Blame Copy Permalink