refactor: centralize validation, error handling, and formatting logic

Extract shared auth logic and validation rules to shared/auth.ts
Introduce utility functions for HTTP errors and user input parsing
Standardize error messages and date formatting across the app

server/api/admin/users/[id].patch.ts

@@ -1,22 +1,13 @@
-import {
-  isValidPhoneNumber,
-  normalizePhoneNumber,
-  type UserRole
-} from '~~/shared/auth'
+import type { UserRole } from '~~/shared/auth'
 
 import { requireRole } from '../../../utils/auth'
-import { getUserById, updateUserProfile } from '../../../utils/user-repository'
+import { updateUserProfile } from '../../../utils/user-repository'
+import { httpError } from '../../../utils/http'
+import { parseUserProfileInput, requireExistingUser, requireUserIdParam } from '../../../utils/users'
 
 export default defineEventHandler(async (event) => {
   const auth = await requireRole(event, 'super_admin')
-  const userId = getRouterParam(event, 'id')
-
-  if (!userId) {
-    throw createError({
-      statusCode: 400,
-      statusMessage: 'User id is required'
-    })
-  }
+  const userId = requireUserIdParam(event)
 
   const body = await readBody<{
     fullName?: string
@@ -24,45 +15,12 @@ export default defineEventHandler(async (event) => {
     role?: UserRole
   }>(event)
 
-  const fullName = body.fullName?.trim() || ''
-  const phoneNumber = normalizePhoneNumber(body.phoneNumber || '')
-  const role = body.role
+  const { fullName, phoneNumber, role } = parseUserProfileInput(body)
 
-  if (fullName.length < 2) {
-    throw createError({
-      statusCode: 400,
-      statusMessage: 'Display name must be at least 2 characters'
-    })
-  }
-
-  if (!isValidPhoneNumber(phoneNumber)) {
-    throw createError({
-      statusCode: 400,
-      statusMessage: 'Phone number must contain 8 to 15 digits'
-    })
-  }
-
-  if (role !== 'super_admin' && role !== 'staff') {
-    throw createError({
-      statusCode: 400,
-      statusMessage: 'Role is invalid'
-    })
-  }
-
-  const user = await getUserById(userId)
-
-  if (!user) {
-    throw createError({
-      statusCode: 404,
-      statusMessage: 'User not found'
-    })
-  }
+  await requireExistingUser(userId)
 
   if (auth.user.id === userId && role !== 'super_admin') {
-    throw createError({
-      statusCode: 400,
-      statusMessage: 'You cannot remove your own super admin access'
-    })
+    httpError(400, 'You cannot remove your own super admin access')
   }
 
   const updatedUser = await updateUserProfile({

server/api/admin/users/[id]/reset-password.post.ts

@@ -2,28 +2,15 @@ import { DEFAULT_USER_PASSWORD } from '~~/shared/auth'
 
 import { requireRole } from '../../../../utils/auth'
 import { hashPassword } from '../../../../utils/password'
-import { getUserById, updateUserPassword } from '../../../../utils/user-repository'
+import { updateUserPassword } from '../../../../utils/user-repository'
+import { requireExistingUser, requireUserIdParam } from '../../../../utils/users'
 
 export default defineEventHandler(async (event) => {
   await requireRole(event, 'super_admin')
 
-  const userId = getRouterParam(event, 'id')
+  const userId = requireUserIdParam(event)
 
-  if (!userId) {
-    throw createError({
-      statusCode: 400,
-      statusMessage: 'User id is required'
-    })
-  }
-
-  const user = await getUserById(userId)
-
-  if (!user) {
-    throw createError({
-      statusCode: 404,
-      statusMessage: 'User not found'
-    })
-  }
+  await requireExistingUser(userId)
 
   const passwordHash = await hashPassword(DEFAULT_USER_PASSWORD)
 
@@ -33,7 +20,7 @@ export default defineEventHandler(async (event) => {
     mustChangePassword: true
   })
 
-  const updatedUser = await getUserById(userId)
+  const updatedUser = await requireExistingUser(userId, 'Unable to load updated user')
 
   return {
     user: updatedUser,