Self-service password reset

server/api/auth/verify-reset-code.post.ts

@@ -0,0 +1,25 @@
+import { getPasswordResetCode } from '~/server/utils/database'
+
+export default defineEventHandler(async (event) => {
+  const body = await readBody(event)
+  const { email, code } = body
+
+  if (!email || !code) {
+    throw createError({
+      statusCode: 400,
+      message: 'Email and code are required',
+    })
+  }
+
+  // Verify code exists and hasn't expired
+  const resetCode = getPasswordResetCode(email, code)
+  
+  if (!resetCode) {
+    throw createError({
+      statusCode: 400,
+      message: 'Invalid or expired reset code',
+    })
+  }
+
+  return { success: true, message: 'Code verified successfully' }
+})