torsten/harheimertc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8bd7ed76cd800704177fef01875a18e5e5d9502b
harheimertc/server/api/profile.put.js
Torsten Schulz (local) 6fda6ebad0
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 4m10s
Details
Enhance security and error handling in various components by refining error catch blocks to ignore specific errors, improving code clarity and consistency across the application.
2025-12-20 15:05:49 +01:00

104 lines
2.6 KiB
JavaScript
Raw Blame History

import { verifyToken, readUsers, writeUsers, verifyPassword, hashPassword, migrateUserRoles } from '../utils/auth.js'
export default defineEventHandler(async (event) => {
try {
const token = getCookie(event, 'auth_token')
if (!token) {
throw createError({
statusCode: 401,
message: 'Nicht authentifiziert.'
})
}
const decoded = verifyToken(token)
if (!decoded) {
throw createError({
statusCode: 401,
message: 'Ungültiges Token.'
})
}
const body = await readBody(event)
const { name, email, phone, currentPassword, newPassword } = body
if (!name || !email) {
throw createError({
statusCode: 400,
message: 'Name und E-Mail sind erforderlich.'
})
}
const users = await readUsers()
const userIndex = users.findIndex(u => u.id === decoded.id)
if (userIndex === -1) {
throw createError({
statusCode: 404,
message: 'Benutzer nicht gefunden.'
})
}
const user = users[userIndex]
// Check if email is already taken by another user
if (email !== user.email) {
const emailExists = users.some(u => u.email === email && u.id !== user.id)
if (emailExists) {
throw createError({
statusCode: 409,
message: 'Diese E-Mail-Adresse wird bereits verwendet.'
})
}
}
// Update basic info
user.name = name
user.email = email
user.phone = phone || ''
// Handle password change
if (currentPassword && newPassword) {
const isValid = await verifyPassword(currentPassword, user.password)
if (!isValid) {
throw createError({
statusCode: 401,
message: 'Aktuelles Passwort ist falsch.'
})
}
if (newPassword.length < 6) {
throw createError({
statusCode: 400,
message: 'Das neue Passwort muss mindestens 6 Zeichen lang sein.'
})
}
user.password = await hashPassword(newPassword)
}
await writeUsers(users)
const migratedUser = migrateUserRoles({ ...user })
const roles = Array.isArray(migratedUser.roles) ? migratedUser.roles : (migratedUser.role ? [migratedUser.role] : ['mitglied'])
return {
success: true,
message: 'Profil erfolgreich aktualisiert.',
user: {
id: user.id,
email: user.email,
name: user.name,
phone: user.phone,
roles: roles,
role: roles[0] || 'mitglied' // Rückwärtskompatibilität
}
}
} catch (error) {
console.error('Profil-Update-Fehler:', error)
throw error
}
})
Reference in New Issue View Git Blame Copy Permalink