Add Playwright testing framework and implement initial tests; update .gitignore and package files

2026-01-16 11:32:13 +01:00 · 2025-05-22 19:46:04 +02:00
parent f005b2ec0a
commit 8dcb892ae9
9 changed files with 749 additions and 37 deletions
--- a/pages/api/reset-password.ts
+++ b/pages/api/reset-password.ts
@ -1,43 +1,68 @@
 import { prisma } from "../../lib/prisma";
 import bcrypt from "bcryptjs";
-import type { IncomingMessage, ServerResponse } from "http";
-
-type NextApiRequest = IncomingMessage & {
-  body: {
-    token: string;
-    password: string;
-    [key: string]: unknown;
-  };
-};
-
-type NextApiResponse = ServerResponse & {
-  status: (code: number) => NextApiResponse;
-  json: (data: Record<string, unknown>) => void;
-  end: () => void;
-};
+import type { NextApiRequest, NextApiResponse } from "next"; // Import official Next.js types

 export default async function handler(
-  req: NextApiRequest,
-  res: NextApiResponse
+  req: NextApiRequest, // Use official NextApiRequest
+  res: NextApiResponse // Use official NextApiResponse
 ) {
-  if (req.method !== "POST") return res.status(405).end();
-  const { token, password } = req.body;
-  const user = await prisma.user.findFirst({
-    where: {
-      resetToken: token,
-      resetTokenExpiry: { gte: new Date() },
-    },
-  });
-  if (!user) return res.status(400).json({ error: "Invalid or expired token" });
+  if (req.method !== "POST") {
+    res.setHeader("Allow", ["POST"]); // Good practice to set Allow header for 405
+    return res.status(405).end(`Method ${req.method} Not Allowed`);
+  }

-  const hash = await bcrypt.hash(password, 10);
-  await prisma.user.update({
-    where: { id: user.id },
-    data: {
-      password: hash,
-      resetToken: null,
-      resetTokenExpiry: null,
-    },
-  });
-  res.status(200).end();
+  // It's good practice to explicitly type the expected body for clarity and safety
+  const { token, password } = req.body as { token?: string; password?: string };
+
+  if (!token || !password) {
+    return res.status(400).json({ error: "Token and password are required." });
+  }
+
+  if (password.length < 8) {
+    // Example: Add password complexity rule
+    return res
+      .status(400)
+      .json({ error: "Password must be at least 8 characters long." });
+  }
+
+  try {
+    const user = await prisma.user.findFirst({
+      where: {
+        resetToken: token,
+        resetTokenExpiry: { gte: new Date() },
+      },
+    });
+
+    if (!user) {
+      return res
+        .status(400)
+        .json({
+          error:
+            "Invalid or expired token. Please request a new password reset.",
+        });
+    }
+
+    const hash = await bcrypt.hash(password, 10);
+    await prisma.user.update({
+      where: { id: user.id },
+      data: {
+        password: hash,
+        resetToken: null,
+        resetTokenExpiry: null,
+      },
+    });
+
+    // Instead of just res.status(200).end(), send a success message
+    return res
+      .status(200)
+      .json({ message: "Password has been reset successfully." });
+  } catch (error) {
+    console.error("Reset password error:", error); // Log the error for server-side debugging
+    // Provide a generic error message to the client
+    return res
+      .status(500)
+      .json({
+        error: "An internal server error occurred. Please try again later.",
+      });
+  }
 }