80 lines
1.8 KiB
TypeScript
80 lines
1.8 KiB
TypeScript
import { resetUserPassword, getUserByUsername } from '~/server/utils/database'
|
|
import { getSessionUsername } from '~/server/utils/auth'
|
|
|
|
export default defineEventHandler(async (event) => {
|
|
const username = await getSessionUsername(event)
|
|
|
|
if (!username) {
|
|
throw createError({
|
|
statusCode: 401,
|
|
message: 'Unauthorized'
|
|
})
|
|
}
|
|
|
|
const user = getUserByUsername(username)
|
|
|
|
if (!user || user.is_admin !== 1) {
|
|
throw createError({
|
|
statusCode: 403,
|
|
message: 'Forbidden - Admin access required'
|
|
})
|
|
}
|
|
|
|
const id = parseInt(event.context.params?.id || '')
|
|
const body = await readBody(event)
|
|
const { newPassword } = body
|
|
|
|
if (isNaN(id)) {
|
|
throw createError({
|
|
statusCode: 400,
|
|
message: 'Invalid user ID'
|
|
})
|
|
}
|
|
|
|
if (!newPassword || typeof newPassword !== 'string') {
|
|
throw createError({
|
|
statusCode: 400,
|
|
message: 'New password is required'
|
|
})
|
|
}
|
|
|
|
// Validate password strength
|
|
if (newPassword.length < 8) {
|
|
throw createError({
|
|
statusCode: 400,
|
|
message: 'Password must be at least 8 characters long'
|
|
})
|
|
}
|
|
|
|
if (!/[A-Z]/.test(newPassword)) {
|
|
throw createError({
|
|
statusCode: 400,
|
|
message: 'Password must contain at least one uppercase letter'
|
|
})
|
|
}
|
|
|
|
if (!/[a-z]/.test(newPassword)) {
|
|
throw createError({
|
|
statusCode: 400,
|
|
message: 'Password must contain at least one lowercase letter'
|
|
})
|
|
}
|
|
|
|
if (!/[0-9!@#$%^&*()_+\-=\[\]{};':"\\|,.<>\/?]/.test(newPassword)) {
|
|
throw createError({
|
|
statusCode: 400,
|
|
message: 'Password must contain at least one number or symbol'
|
|
})
|
|
}
|
|
|
|
try {
|
|
resetUserPassword(id, newPassword)
|
|
return { success: true }
|
|
} catch (error) {
|
|
throw createError({
|
|
statusCode: 500,
|
|
message: 'Failed to reset password'
|
|
})
|
|
}
|
|
})
|