xiaomai
377a9617be
Add PostgreSQL and Redis integration for users and sessions Implement password and WebAuthn passkey login flows Add Docker stack, super-admin seeding, and protected routes
79 lines
1.7 KiB
TypeScript
79 lines
1.7 KiB
TypeScript
import {
|
|
isValidPhoneNumber,
|
|
normalizePhoneNumber,
|
|
type UserRole
|
|
} from '~~/shared/auth'
|
|
|
|
import { requireRole } from '../../../utils/auth'
|
|
import { getUserById, updateUserProfile } from '../../../utils/user-repository'
|
|
|
|
export default defineEventHandler(async (event) => {
|
|
const auth = await requireRole(event, 'super_admin')
|
|
const userId = getRouterParam(event, 'id')
|
|
|
|
if (!userId) {
|
|
throw createError({
|
|
statusCode: 400,
|
|
statusMessage: 'User id is required'
|
|
})
|
|
}
|
|
|
|
const body = await readBody<{
|
|
fullName?: string
|
|
phoneNumber?: string
|
|
role?: UserRole
|
|
}>(event)
|
|
|
|
const fullName = body.fullName?.trim() || ''
|
|
const phoneNumber = normalizePhoneNumber(body.phoneNumber || '')
|
|
const role = body.role
|
|
|
|
if (fullName.length < 2) {
|
|
throw createError({
|
|
statusCode: 400,
|
|
statusMessage: 'Display name must be at least 2 characters'
|
|
})
|
|
}
|
|
|
|
if (!isValidPhoneNumber(phoneNumber)) {
|
|
throw createError({
|
|
statusCode: 400,
|
|
statusMessage: 'Phone number must contain 8 to 15 digits'
|
|
})
|
|
}
|
|
|
|
if (role !== 'super_admin' && role !== 'staff') {
|
|
throw createError({
|
|
statusCode: 400,
|
|
statusMessage: 'Role is invalid'
|
|
})
|
|
}
|
|
|
|
const user = await getUserById(userId)
|
|
|
|
if (!user) {
|
|
throw createError({
|
|
statusCode: 404,
|
|
statusMessage: 'User not found'
|
|
})
|
|
}
|
|
|
|
if (auth.user.id === userId && role !== 'super_admin') {
|
|
throw createError({
|
|
statusCode: 400,
|
|
statusMessage: 'You cannot remove your own super admin access'
|
|
})
|
|
}
|
|
|
|
const updatedUser = await updateUserProfile({
|
|
userId,
|
|
fullName,
|
|
phoneNumber,
|
|
role
|
|
})
|
|
|
|
return {
|
|
user: updatedUser
|
|
}
|
|
})
|