74 lines
2.4 KiB
TypeScript
74 lines
2.4 KiB
TypeScript
import { NextResponse } from "next/server"
|
|
|
|
import { hashPassword } from "better-auth/crypto"
|
|
|
|
import { prisma } from "@/lib/prisma"
|
|
import { assertStaffSession } from "@/lib/auth-server"
|
|
import { isAdmin } from "@/lib/authz"
|
|
|
|
function generatePassword(length = 12) {
|
|
const alphabet = "abcdefghijklmnopqrstuvwxyz0123456789"
|
|
let result = ""
|
|
for (let index = 0; index < length; index += 1) {
|
|
const randomIndex = Math.floor(Math.random() * alphabet.length)
|
|
result += alphabet[randomIndex]
|
|
}
|
|
return result
|
|
}
|
|
|
|
export const runtime = "nodejs"
|
|
|
|
export async function POST(request: Request, { params }: { params: Promise<{ id: string }> }) {
|
|
const { id } = await params
|
|
const session = await assertStaffSession()
|
|
if (!session) {
|
|
return NextResponse.json({ error: "Não autorizado" }, { status: 401 })
|
|
}
|
|
const sessionIsAdmin = isAdmin(session.user.role)
|
|
|
|
const user = await prisma.authUser.findUnique({
|
|
where: { id },
|
|
select: { id: true, role: true },
|
|
})
|
|
|
|
if (!user) {
|
|
return NextResponse.json({ error: "Usuário não encontrado" }, { status: 404 })
|
|
}
|
|
|
|
const targetRole = (user.role ?? "").toLowerCase()
|
|
if (!sessionIsAdmin && (targetRole === "admin" || targetRole === "agent")) {
|
|
return NextResponse.json({ error: "Você não pode redefinir a senha desse usuário" }, { status: 403 })
|
|
}
|
|
|
|
if (targetRole === "machine") {
|
|
return NextResponse.json({ error: "Contas de dispositivo não possuem senha web" }, { status: 400 })
|
|
}
|
|
|
|
const body = (await request.json().catch(() => null)) as { password?: string } | null
|
|
const temporaryPassword = body?.password?.trim() || generatePassword()
|
|
const hashedPassword = await hashPassword(temporaryPassword)
|
|
|
|
const credentialAccount = await prisma.authAccount.findFirst({
|
|
where: { userId: user.id, providerId: "credential" },
|
|
})
|
|
|
|
if (credentialAccount) {
|
|
await prisma.authAccount.update({ where: { id: credentialAccount.id }, data: { password: hashedPassword } })
|
|
} else {
|
|
// se a conta não existir, cria automaticamente
|
|
const authUser = await prisma.authUser.findUnique({ where: { id: user.id } })
|
|
if (!authUser) {
|
|
return NextResponse.json({ error: "Usuário não encontrado" }, { status: 404 })
|
|
}
|
|
await prisma.authAccount.create({
|
|
data: {
|
|
userId: user.id,
|
|
providerId: "credential",
|
|
accountId: authUser.email,
|
|
password: hashedPassword,
|
|
},
|
|
})
|
|
}
|
|
|
|
return NextResponse.json({ temporaryPassword })
|
|
}
|