Add member profile page with editable fields and password change

2025-10-21 14:29:52 +02:00
parent 463418c6e2
commit 32ba9e2760
15 changed files with 947 additions and 511 deletions
--- a/server/api/profile.get.js
+++ b/server/api/profile.get.js
@@ -0,0 +1,48 @@
+import { verifyToken, getUserById } from '../utils/auth.js'
+
+export default defineEventHandler(async (event) => {
+  try {
+    const token = getCookie(event, 'auth_token')
+
+    if (!token) {
+      throw createError({
+        statusCode: 401,
+        message: 'Nicht authentifiziert.'
+      })
+    }
+
+    const decoded = verifyToken(token)
+
+    if (!decoded) {
+      throw createError({
+        statusCode: 401,
+        message: 'Ungültiges Token.'
+      })
+    }
+
+    const user = await getUserById(decoded.id)
+
+    if (!user || user.active === false) {
+      throw createError({
+        statusCode: 403,
+        message: 'Benutzer nicht gefunden oder inaktiv.'
+      })
+    }
+
+    // Return user data (without password)
+    return {
+      success: true,
+      user: {
+        id: user.id,
+        email: user.email,
+        name: user.name,
+        phone: user.phone || '',
+        role: user.role
+      }
+    }
+  } catch (error) {
+    console.error('Profil-Abruf-Fehler:', error)
+    throw error
+  }
+})
+
--- a/server/api/profile.put.js
+++ b/server/api/profile.put.js
@@ -0,0 +1,99 @@
+import { verifyToken, getUserById, readUsers, writeUsers, verifyPassword, hashPassword } from '../utils/auth.js'
+
+export default defineEventHandler(async (event) => {
+  try {
+    const token = getCookie(event, 'auth_token')
+
+    if (!token) {
+      throw createError({
+        statusCode: 401,
+        message: 'Nicht authentifiziert.'
+      })
+    }
+
+    const decoded = verifyToken(token)
+
+    if (!decoded) {
+      throw createError({
+        statusCode: 401,
+        message: 'Ungültiges Token.'
+      })
+    }
+
+    const body = await readBody(event)
+    const { name, email, phone, currentPassword, newPassword } = body
+
+    if (!name || !email) {
+      throw createError({
+        statusCode: 400,
+        message: 'Name und E-Mail sind erforderlich.'
+      })
+    }
+
+    const users = await readUsers()
+    const userIndex = users.findIndex(u => u.id === decoded.id)
+
+    if (userIndex === -1) {
+      throw createError({
+        statusCode: 404,
+        message: 'Benutzer nicht gefunden.'
+      })
+    }
+
+    const user = users[userIndex]
+
+    // Check if email is already taken by another user
+    if (email !== user.email) {
+      const emailExists = users.some(u => u.email === email && u.id !== user.id)
+      if (emailExists) {
+        throw createError({
+          statusCode: 409,
+          message: 'Diese E-Mail-Adresse wird bereits verwendet.'
+        })
+      }
+    }
+
+    // Update basic info
+    user.name = name
+    user.email = email
+    user.phone = phone || ''
+
+    // Handle password change
+    if (currentPassword && newPassword) {
+      const isValid = await verifyPassword(currentPassword, user.password)
+      if (!isValid) {
+        throw createError({
+          statusCode: 401,
+          message: 'Aktuelles Passwort ist falsch.'
+        })
+      }
+
+      if (newPassword.length < 6) {
+        throw createError({
+          statusCode: 400,
+          message: 'Das neue Passwort muss mindestens 6 Zeichen lang sein.'
+        })
+      }
+
+      user.password = await hashPassword(newPassword)
+    }
+
+    await writeUsers(users)
+
+    return {
+      success: true,
+      message: 'Profil erfolgreich aktualisiert.',
+      user: {
+        id: user.id,
+        email: user.email,
+        name: user.name,
+        phone: user.phone,
+        role: user.role
+      }
+    }
+  } catch (error) {
+    console.error('Profil-Update-Fehler:', error)
+    throw error
+  }
+})
+