import { readUsers, writeUsers, hashPassword } from '../../utils/auth.js' import { sendRegistrationNotification } from '../../utils/email-service.js' import { assertPasswordNotPwned } from '../../utils/hibp.js' export default defineEventHandler(async (event) => { try { const body = await readBody(event) const { name, email, phone, password } = body if (!name || !email || !password) { throw createError({ statusCode: 400, message: 'Name, E-Mail und Passwort sind erforderlich' }) } // Validate password length if (password.length < 8) { throw createError({ statusCode: 400, message: 'Das Passwort muss mindestens 8 Zeichen lang sein' }) } // Optional: Passwort gegen HIBP (k-Anonymity) prüfen await assertPasswordNotPwned(password) // Check if user already exists const users = await readUsers() const existingUser = users.find(u => u.email.toLowerCase() === email.toLowerCase()) if (existingUser) { throw createError({ statusCode: 409, message: 'Ein Benutzer mit dieser E-Mail-Adresse existiert bereits' }) } // Hash password const hashedPassword = await hashPassword(password) // Create new user (inactive until approved) const newUser = { id: Date.now().toString(), email: email.toLowerCase(), password: hashedPassword, name, phone: phone || '', role: 'mitglied', active: false, // Requires admin approval created: new Date().toISOString(), lastLogin: null } users.push(newUser) await writeUsers(users) // Send notification to Vorstand/admin via central email service try { await sendRegistrationNotification({ name, email, phone }) } catch (emailError) { console.error('Registrierungs-Benachrichtigung fehlgeschlagen:', emailError) } return { success: true, message: 'Registrierung erfolgreich. Sie erhalten eine E-Mail, sobald Ihr Zugang freigeschaltet wurde.' } } catch (error) { console.error('Registrierungs-Fehler:', error) throw error } })