139 lines
3.6 KiB
TypeScript
139 lines
3.6 KiB
TypeScript
import { NextRequest, NextResponse } from 'next/server'
|
|
import pool from '@/lib/db'
|
|
import bcrypt from 'bcrypt'
|
|
|
|
// POST /api/auth/register - Register a new buyer
|
|
export async function POST(request: NextRequest) {
|
|
try {
|
|
const body = await request.json()
|
|
const { username, password, email, referral_id } = body
|
|
|
|
// Validate required fields
|
|
if (!username || !password || !email) {
|
|
return NextResponse.json(
|
|
{ error: 'Username, password, and email are required' },
|
|
{ status: 400 }
|
|
)
|
|
}
|
|
|
|
// Validate username length
|
|
if (username.length < 3) {
|
|
return NextResponse.json(
|
|
{ error: 'Username must be at least 3 characters' },
|
|
{ status: 400 }
|
|
)
|
|
}
|
|
|
|
// Validate password length
|
|
if (password.length < 6) {
|
|
return NextResponse.json(
|
|
{ error: 'Password must be at least 6 characters' },
|
|
{ status: 400 }
|
|
)
|
|
}
|
|
|
|
// Validate email format
|
|
const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/
|
|
if (!emailRegex.test(email)) {
|
|
return NextResponse.json(
|
|
{ error: 'Invalid email format' },
|
|
{ status: 400 }
|
|
)
|
|
}
|
|
|
|
// Check if username already exists
|
|
const [existingUsername] = await pool.execute(
|
|
'SELECT id FROM buyers WHERE username = ?',
|
|
[username]
|
|
)
|
|
if ((existingUsername as any[]).length > 0) {
|
|
return NextResponse.json(
|
|
{ error: 'Username already exists' },
|
|
{ status: 400 }
|
|
)
|
|
}
|
|
|
|
// Check if email already exists
|
|
const [existingEmail] = await pool.execute(
|
|
'SELECT id FROM buyers WHERE email = ?',
|
|
[email]
|
|
)
|
|
if ((existingEmail as any[]).length > 0) {
|
|
return NextResponse.json(
|
|
{ error: 'Email already exists' },
|
|
{ status: 400 }
|
|
)
|
|
}
|
|
|
|
// Hash password
|
|
const hashedPassword = await bcrypt.hash(password, 10)
|
|
|
|
// Insert new buyer
|
|
const [result] = await pool.execute(
|
|
'INSERT INTO buyers (username, password, email) VALUES (?, ?, ?)',
|
|
[username, hashedPassword, email]
|
|
)
|
|
|
|
const insertId = (result as any).insertId
|
|
|
|
// Fetch the created buyer (without password)
|
|
const [rows] = await pool.execute(
|
|
'SELECT id, username, email FROM buyers WHERE id = ?',
|
|
[insertId]
|
|
)
|
|
|
|
const buyer = (rows as any[])[0]
|
|
|
|
// Handle referral if provided
|
|
if (referral_id) {
|
|
const referrerId = parseInt(referral_id, 10)
|
|
|
|
// Validate that referrer exists and is not the same as the new user
|
|
if (referrerId && referrerId !== buyer.id) {
|
|
const [referrerRows] = await pool.execute(
|
|
'SELECT id FROM buyers WHERE id = ?',
|
|
[referrerId]
|
|
)
|
|
|
|
if ((referrerRows as any[]).length > 0) {
|
|
// Create referral record
|
|
await pool.execute(
|
|
'INSERT INTO referrals (referrer, referree) VALUES (?, ?)',
|
|
[referrerId, buyer.id]
|
|
)
|
|
}
|
|
}
|
|
}
|
|
|
|
// Create session cookie
|
|
const response = NextResponse.json(
|
|
{
|
|
user: {
|
|
id: buyer.id,
|
|
username: buyer.username,
|
|
email: buyer.email,
|
|
},
|
|
},
|
|
{ status: 201 }
|
|
)
|
|
|
|
// Set secure cookie with buyer_id
|
|
response.cookies.set('buyer_id', buyer.id.toString(), {
|
|
httpOnly: true,
|
|
secure: process.env.NODE_ENV === 'production',
|
|
sameSite: 'lax',
|
|
maxAge: 60 * 60 * 24 * 7, // 7 days
|
|
path: '/',
|
|
})
|
|
|
|
return response
|
|
} catch (error) {
|
|
console.error('Error during registration:', error)
|
|
return NextResponse.json(
|
|
{ error: 'Failed to register' },
|
|
{ status: 500 }
|
|
)
|
|
}
|
|
}
|
|
|