All checks were successful
Build and Push App / build (push) Successful in 5m59s
112 lines
4.0 KiB
TypeScript
112 lines
4.0 KiB
TypeScript
import { NextRequest, NextResponse } from 'next/server';
|
|
import prisma from '@/lib/prisma';
|
|
import crypto from 'crypto';
|
|
|
|
import { verifyCsrfToken, verifyOrigin } from '@/lib/csrf';
|
|
|
|
export async function POST(request: NextRequest) {
|
|
// CSRF Protection
|
|
const isOriginValid = verifyOrigin(request);
|
|
const isCsrfValid = await verifyCsrfToken(request);
|
|
|
|
if (!isOriginValid || !isCsrfValid) {
|
|
return NextResponse.json(
|
|
{ error: 'Protection CSRF : Requête invalide' },
|
|
{ status: 403 }
|
|
);
|
|
}
|
|
|
|
try {
|
|
const { email } = await request.json();
|
|
|
|
if (!email) {
|
|
return NextResponse.json(
|
|
{ error: 'Email requis' },
|
|
{ status: 400 }
|
|
);
|
|
}
|
|
|
|
// Find user
|
|
const user = await prisma.user.findUnique({
|
|
where: { email }
|
|
});
|
|
|
|
if (!user) {
|
|
// For security, same message even if user doesn't exist
|
|
return NextResponse.json(
|
|
{ message: 'Si un compte existe pour cet email et n\'est pas encore vérifié, un nouvel email de vérification a été envoyé.' },
|
|
{ status: 200 }
|
|
);
|
|
}
|
|
|
|
if (user.emailVerified) {
|
|
return NextResponse.json(
|
|
{ error: 'Ce compte est déjà vérifié.' },
|
|
{ status: 400 }
|
|
);
|
|
}
|
|
|
|
// Generate new verification token
|
|
const verificationToken = crypto.randomBytes(32).toString('hex');
|
|
|
|
// Update user with new token
|
|
await prisma.user.update({
|
|
where: { id: user.id },
|
|
data: { verificationToken }
|
|
});
|
|
|
|
// Send verification email
|
|
try {
|
|
const settings = await prisma.siteSetting.findUnique({
|
|
where: { id: 'singleton' }
|
|
});
|
|
|
|
const siteName = settings?.siteName || 'Afrohub';
|
|
const subject = settings?.verifyEmailSubject || 'Vérification de votre compte - Afrohub';
|
|
const verifyUrl = `${process.env.NEXT_PUBLIC_APP_URL || 'http://localhost:3000'}/api/auth/verify?token=${verificationToken}`;
|
|
|
|
let html = settings?.verifyEmailTemplate || `
|
|
<div style="font-family: sans-serif; max-width: 600px; margin: 0 auto; padding: 20px; border: 1px solid #e5e7eb; border-radius: 8px;">
|
|
<h2 style="color: #0d9488; text-align: center;">{siteName}</h2>
|
|
<p>Bonjour {name},</p>
|
|
<p>Vous avez demandé le renvoi de l'email de vérification pour votre compte sur {siteName}. Veuillez vérifier votre adresse email en cliquant sur le bouton ci-dessous :</p>
|
|
<div style="text-align: center; margin: 30px 0;">
|
|
<a href="{verifyUrl}" style="background-color: #0d9488; color: white; padding: 12px 24px; text-decoration: none; border-radius: 6px; font-weight: bold;">Vérifier mon compte</a>
|
|
</div>
|
|
</div>
|
|
`;
|
|
|
|
// Replace placeholders
|
|
html = html
|
|
.replace(/{name}/g, user.name)
|
|
.replace(/{verifyUrl}/g, verifyUrl)
|
|
.replace(/{siteName}/g, siteName);
|
|
|
|
const { sendEmail } = await import('@/lib/mail');
|
|
await sendEmail({
|
|
to: email,
|
|
subject,
|
|
html,
|
|
});
|
|
} catch (mailError) {
|
|
console.error('Failed to resend verification email:', mailError);
|
|
return NextResponse.json(
|
|
{ error: 'Erreur lors de l\'envoi de l\'email' },
|
|
{ status: 500 }
|
|
);
|
|
}
|
|
|
|
return NextResponse.json(
|
|
{ message: 'Un nouvel email de vérification a été envoyé.' },
|
|
{ status: 200 }
|
|
);
|
|
|
|
} catch (error) {
|
|
console.error('Resend verification error:', error);
|
|
return NextResponse.json(
|
|
{ error: 'Une erreur est survenue' },
|
|
{ status: 500 }
|
|
);
|
|
}
|
|
}
|