torsten/harheimertc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
49e72550627a3fef5d4f157a4cb9058f1a263033
harheimertc/server/api/auth/register.post.js
Torsten Schulz (local) 3d3e22bb1b
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 48s
Details
Implementiere zentralen E-Mail-Service für Registrierungsbenachrichtigungen und entferne veralteten Code
2026-02-11 15:41:03 +01:00

75 lines
2.1 KiB
JavaScript
Raw Blame History

import { readUsers, writeUsers, hashPassword } from '../../utils/auth.js'
import { sendRegistrationNotification } from '../../utils/email-service.js'
import { assertPasswordNotPwned } from '../../utils/hibp.js'
export default defineEventHandler(async (event) => {
try {
const body = await readBody(event)
const { name, email, phone, password } = body
if (!name || !email || !password) {
throw createError({
statusCode: 400,
message: 'Name, E-Mail und Passwort sind erforderlich'
})
}
// Validate password length
if (password.length < 8) {
throw createError({
statusCode: 400,
message: 'Das Passwort muss mindestens 8 Zeichen lang sein'
})
}
// Optional: Passwort gegen HIBP (k-Anonymity) prüfen
await assertPasswordNotPwned(password)
// Check if user already exists
const users = await readUsers()
const existingUser = users.find(u => u.email.toLowerCase() === email.toLowerCase())
if (existingUser) {
throw createError({
statusCode: 409,
message: 'Ein Benutzer mit dieser E-Mail-Adresse existiert bereits'
})
}
// Hash password
const hashedPassword = await hashPassword(password)
// Create new user (inactive until approved)
const newUser = {
id: Date.now().toString(),
email: email.toLowerCase(),
password: hashedPassword,
name,
phone: phone || '',
role: 'mitglied',
active: false, // Requires admin approval
created: new Date().toISOString(),
lastLogin: null
}
users.push(newUser)
await writeUsers(users)
// Send notification to Vorstand/admin via central email service
try {
await sendRegistrationNotification({ name, email, phone })
} catch (emailError) {
console.error('Registrierungs-Benachrichtigung fehlgeschlagen:', emailError)
}
return {
success: true,
message: 'Registrierung erfolgreich. Sie erhalten eine E-Mail, sobald Ihr Zugang freigeschaltet wurde.'
}
} catch (error) {
console.error('Registrierungs-Fehler:', error)
throw error
}
})
Reference in New Issue View Git Blame Copy Permalink