added password change to account page

2 years ago · b179404057
parent 7f481feb71
commit b179404057
3 changed files with 50 additions and 0 deletions
--- a/frontend/src/lib/server/types.ts
+++ b/frontend/src/lib/server/types.ts
@ -2,4 +2,7 @@ import { z } from 'zod'
 export const userUpdateSchema = z.object({
 	username: z.string(),
 	old_password: z.string(),
 	new_password: z.string(),
 	confirm_password: z.string(),
 })
--- a/frontend/src/routes/(app)/settings/account/+page.svelte
+++ b/frontend/src/routes/(app)/settings/account/+page.svelte
@ -14,6 +14,7 @@
 		email: data.user.email,
 		old_password: '',
 		new_password: '',
 		confirm_password: '',
 	}
 	let isLoading = false
@ -86,6 +87,17 @@
 		<p class="text-muted-foreground text-sm">Change your password.</p>
 	</div>
 	<div class="flex w-full max-w-sm flex-col gap-2">
 		<Label for="old_password">Confirm Password</Label>
 		<Input
 			type="password"
 			id="new_password"
 			bind:value={account_data.confirm_password} />
 		<p class="text-muted-foreground text-sm">
 			Confirm your new password.
 		</p>
 	</div>
 	<Button disabled={isLoading} on:click={submit} class="flex gap-2">
 		{#if isLoading}
 			<Loader2 class="animate-spin" />
--- a/frontend/src/routes/api/account/+server.ts
+++ b/frontend/src/routes/api/account/+server.ts
@ -3,6 +3,7 @@ import { user } from '$lib/db/schema'
 import { userUpdateSchema } from '$lib/server/types'
 import { eq } from 'drizzle-orm'
 import type { RequestHandler } from './$types'
 import * as argon2 from 'argon2'
 export const GET: RequestHandler = async () => {
 	return new Response()
@ -25,5 +26,39 @@ export const PUT: RequestHandler = async (event) => {
 		})
 		.where(eq(user.id, userId))
 	if (userUpdateData.data.old_password.length > 0) {
 		const userData = await db.query.user.findFirst({
 			where: (user, { eq }) => eq(user.id, userId),
 		})
 		if (!userData) {
 			return new Response(JSON.stringify({ success: false }))
 		}
 		const passwordMatch = await argon2.verify(
 			userData.password,
 			userUpdateData.data.old_password,
 		)
 		if (
 			!passwordMatch ||
 			userUpdateData.data.new_password !==
 				userUpdateData.data.confirm_password
 		) {
 			return new Response(JSON.stringify({ success: false }))
 		}
 		const newPassword = await argon2.hash(
 			userUpdateData.data.new_password,
 		)
 		await db
 			.update(user)
 			.set({
 				password: newPassword,
 			})
 			.where(eq(user.id, userId))
 	}
 	return new Response(JSON.stringify({ success: true }))
 }