56 lines
1.5 KiB
TypeScript
56 lines
1.5 KiB
TypeScript
import { NextRequest, NextResponse } from 'next/server'
|
|
import { prisma } from '@/lib/prisma'
|
|
import { generateResetToken } from '@/lib/auth'
|
|
|
|
export async function POST(request: NextRequest) {
|
|
try {
|
|
const body = await request.json()
|
|
const { email } = body
|
|
|
|
if (!email) {
|
|
return NextResponse.json(
|
|
{ error: 'Email is required' },
|
|
{ status: 400 }
|
|
)
|
|
}
|
|
|
|
const user = await prisma.user.findUnique({
|
|
where: { email },
|
|
})
|
|
|
|
// Always return success to prevent email enumeration
|
|
if (!user) {
|
|
return NextResponse.json({
|
|
message: 'If an account exists with this email, a reset link has been sent',
|
|
})
|
|
}
|
|
|
|
const resetToken = generateResetToken()
|
|
const resetExpires = new Date(Date.now() + 60 * 60 * 1000) // 1 hour
|
|
|
|
await prisma.user.update({
|
|
where: { id: user.id },
|
|
data: {
|
|
resetToken,
|
|
resetExpires,
|
|
},
|
|
})
|
|
|
|
// In production, send email with reset link
|
|
// For development, log the token
|
|
console.log(`Password reset token for ${email}: ${resetToken}`)
|
|
|
|
return NextResponse.json({
|
|
message: 'If an account exists with this email, a reset link has been sent',
|
|
// Only include token in development for testing
|
|
...(process.env.NODE_ENV === 'development' && { resetToken }),
|
|
})
|
|
} catch (error) {
|
|
console.error('Forgot password error:', error)
|
|
return NextResponse.json(
|
|
{ error: 'Failed to process request' },
|
|
{ status: 500 }
|
|
)
|
|
}
|
|
}
|