added password change to account page

2 years ago · b179404057
parent 7f481feb71
commit b179404057
3 changed files with 50 additions and 0 deletions
--- a/frontend/src/lib/server/types.ts
+++ b/frontend/src/lib/server/types.ts
@ -2,4 +2,7 @@ import { z } from 'zod'

 export const userUpdateSchema = z.object({
 	username: z.string(),
+	old_password: z.string(),
+	new_password: z.string(),
+	confirm_password: z.string(),
 })
--- a/frontend/src/routes/(app)/settings/account/+page.svelte
+++ b/frontend/src/routes/(app)/settings/account/+page.svelte
@ -14,6 +14,7 @@
 		email: data.user.email,
 		old_password: '',
 		new_password: '',
+		confirm_password: '',
 	}

 	let isLoading = false
@ -86,6 +87,17 @@
 		<p class="text-muted-foreground text-sm">Change your password.</p>
 	</div>

+	<div class="flex w-full max-w-sm flex-col gap-2">
+		<Label for="old_password">Confirm Password</Label>
+		<Input
+			type="password"
+			id="new_password"
+			bind:value={account_data.confirm_password} />
+		<p class="text-muted-foreground text-sm">
+			Confirm your new password.
+		</p>
+	</div>
+
 	<Button disabled={isLoading} on:click={submit} class="flex gap-2">
 		{#if isLoading}
 			<Loader2 class="animate-spin" />
--- a/frontend/src/routes/api/account/+server.ts
+++ b/frontend/src/routes/api/account/+server.ts
@ -3,6 +3,7 @@ import { user } from '$lib/db/schema'
 import { userUpdateSchema } from '$lib/server/types'
 import { eq } from 'drizzle-orm'
 import type { RequestHandler } from './$types'
+import * as argon2 from 'argon2'

 export const GET: RequestHandler = async () => {
 	return new Response()
@ -25,5 +26,39 @@ export const PUT: RequestHandler = async (event) => {
 		})
 		.where(eq(user.id, userId))

+	if (userUpdateData.data.old_password.length > 0) {
+		const userData = await db.query.user.findFirst({
+			where: (user, { eq }) => eq(user.id, userId),
+		})
+
+		if (!userData) {
+			return new Response(JSON.stringify({ success: false }))
+		}
+
+		const passwordMatch = await argon2.verify(
+			userData.password,
+			userUpdateData.data.old_password,
+		)
+
+		if (
+			!passwordMatch ||
+			userUpdateData.data.new_password !==
+				userUpdateData.data.confirm_password
+		) {
+			return new Response(JSON.stringify({ success: false }))
+		}
+
+		const newPassword = await argon2.hash(
+			userUpdateData.data.new_password,
+		)
+
+		await db
+			.update(user)
+			.set({
+				password: newPassword,
+			})
+			.where(eq(user.id, userId))
+	}
+
 	return new Response(JSON.stringify({ success: true }))
 }