@studious-lms/server 1.2.53 → 1.4.0

package/src/routers/auth.ts

@@ -1,460 +1,97 @@
 import { z } from "zod";
-import { createTRPCRouter, protectedProcedure, publicProcedure } from "../trpc.js";
 import { TRPCError } from "@trpc/server";
-import { prisma } from "../lib/prisma.js";
-import { v4 as uuidv4 } from 'uuid';
-import { compare, hash } from "bcryptjs";
-import { sendMail } from "../utils/email.js";
-import { prismaWrapper } from "../utils/prismaWrapper.js";
-import { env } from "../lib/config/env.js";
-import { logger } from "../utils/logger.js";
+import {
+  createTRPCRouter,
+  protectedProcedure,
+  publicProcedure,
+} from "../trpc.js";
+import {
+  register,
+  login,
+  logout,
+  check,
+  resendVerificationEmail,
+  verify,
+  requestPasswordReset,
+  resetPassword,
+} from "../services/auth.js";
 
 const loginSchema = z.object({
   username: z.string(),
   password: z.string(),
 });
 
-const registerSchema = z.object({
-  username: z.string().min(3, "Username must be at least 3 characters"),
-  email: z.string().email("Invalid email address"),
-  password: z.string().min(6, "Password must be at least 6 characters"),
-  confirmPassword: z.string(),
-}).refine((data) => data.password === data.confirmPassword, {
-  message: "Passwords don't match",
-  path: ["confirmPassword"],
-});
+const registerSchema = z
+  .object({
+    username: z.string().min(3, "Username must be at least 3 characters"),
+    email: z.string().email("Invalid email address"),
+    password: z.string().min(6, "Password must be at least 6 characters"),
+    confirmPassword: z.string(),
+  })
+  .refine((data) => data.password === data.confirmPassword, {
+    message: "Passwords don't match",
+    path: ["confirmPassword"],
+  });
 
 export const authRouter = createTRPCRouter({
   register: publicProcedure
     .input(registerSchema)
-    .mutation(async ({ input }) => {
-      const { username, email, password } = input;
-
-      // Check if username already exists
-      const existingUser = await prismaWrapper.findFirst(
-        () => prisma.user.findFirst({
-          where: { 
-            OR: [
-              { username },
-              { email }
-            ]
-          },
-          select: {
-            id: true,
-            username: true,
-            email: true,
-            verified: true,
-          }
-        }),
-        'checking for existing user during registration'
-      );
-
-      if (existingUser && existingUser.verified) {
-        if (existingUser.username === username) {
-          throw new TRPCError({
-            code: "CONFLICT",
-            message: "Username already exists",
-          });
-        }
-        if (existingUser.email === email) {
-          throw new TRPCError({
-            code: "CONFLICT",
-            message: "Email already exists",
-          });
-        }
-      } else if (existingUser && !existingUser.verified) {
-        await prismaWrapper.deleteMany(
-          () => prisma.session.deleteMany({
-            where: { userId: existingUser.id },
-          }),
-          'deleting existing sessions for unverified user'
-        );
-
-        await prismaWrapper.delete(
-          () => prisma.user.delete({
-            where: { id: existingUser.id },
-          }),
-          'deleting unverified user'
-        );
-      }
-
-      // Create new user
-      const user = await prismaWrapper.create(
-        async () => await prisma.user.create({
-          data: {
-            username,
-            email,
-            password: await hash(password, 10),
-            profile: {},
-            verified: true, // temporary
-          },
-          select: {
-            id: true,
-            username: true,
-            email: true,
-          }
-        }),
-        'creating new user during registration'
-      );
-
-      const verificationToken = await prismaWrapper.create(
-        () => prisma.session.create({
-          data: {
-            id: uuidv4(),
-            userId: user.id,
-            expiresAt: new Date(Date.now() + 1000 * 60 * 60 * 24 * 30),
-          },
-        }),
-        'creating verification token'
-      );
-
-      try {
-        await sendMail({
-        from: 'noreply@studious.sh',
-        to: user.email,
-        subject: 'Verify your email',
-          text: `Click the link to verify your email: ${env.NEXT_PUBLIC_APP_URL}/verify/${verificationToken.id}`,
-        });
-      } catch (err) {
-        logger.error('Failed to send verification email', { email: user.email, err });
-      }
-
-      // logger.info(`Password verification email sent to ${user.email} at ${env.NEXT_PUBLIC_APP_URL}/verify/${verificationToken.id}`);
-
-      return {
-        user: {
-          id: user.id,
-          username: user.username,
-        },
-      };
-    }),
+    .mutation(({ input }) =>
+      register({
+        username: input.username,
+        email: input.email,
+        password: input.password,
+      })
+    ),
 
   login: publicProcedure
     .input(loginSchema)
-    .mutation(async ({ input }) => {
-      const { username, password } = input;
-
-      const user = await prisma.user.findFirst({
-        where: { username },
-        select: {
-          id: true,
-          username: true,
-          password: true,
-          email: true,
-          verified: true,
-        }
-      });
-
-      if (!user) {
-        throw new TRPCError({
-          code: "UNAUTHORIZED",
-          message: "Invalid username or password",
-        });
-      }
-
-      if (!(await compare(password, user.password))) {
-        throw new TRPCError({
-          code: "UNAUTHORIZED",
-          message: "Invalid username or password",
-        });
-      }
+    .mutation(({ input }) => login(input)),
 
-      if (!user.verified) {
-        return {
-          verified: false,
-          user: {
-            email: user.email,
-          },
-        }
-      }
-
-      // Create a new session
-      const session = await prisma.session.create({
-        data: {
-          id: uuidv4(),
-          userId: user.id,
-          expiresAt: new Date(Date.now() + 1000 * 60 * 60 * 24 * 30),
-        },
+  logout: protectedProcedure.mutation(({ ctx }) => {
+    if (!ctx.user) {
+      throw new TRPCError({
+        code: "UNAUTHORIZED",
+        message: "Not authenticated",
       });
-
-      return {
-        token: session.id,
-        user: {
-          id: user.id,
-          username: user.username,
-        },
-      };
-    }),
-
-  logout: protectedProcedure
-    .mutation(async ({ ctx }) => {
-      if (!ctx.user) {
-        throw new TRPCError({
-          code: "UNAUTHORIZED",
-          message: "Not authenticated",
-        });
-      }
-
-      // Delete the current session
-      await prisma.session.deleteMany({
-        where: { userId: ctx.user.id },
+    }
+    return logout(ctx.user.id);
+  }),
+
+  check: protectedProcedure.query(({ ctx }) => {
+    if (!ctx.user) {
+      throw new TRPCError({
+        code: "UNAUTHORIZED",
+        message: "Not authenticated",
       });
-
-      return { success: true };
-    }),
-
-
-  check: protectedProcedure
-    .query(async ({ ctx }) => {
-      if (!ctx.user) {
-        throw new TRPCError({
-          code: "UNAUTHORIZED",
-          message: "Not authenticated",
-        });
-      }
-
-      const user = await prisma.user.findUnique({
-        where: { id: ctx.user.id },
-        select: {
-          id: true,
-          username: true,
-          profile: {
-            select: {
-              displayName: true,
-              bio: true,
-              location: true,
-              website: true,
-              profilePicture: true,
-              profilePictureThumbnail: true,
-            },
-          },
-        }
-      });
-
-      if (!user) {
-        throw new TRPCError({
-          code: "NOT_FOUND",
-          message: "User not found",
-        });
-      }
-
-      return {user};
-    }),
-    resendVerificationEmail: publicProcedure
-      .input(z.object({
-        email: z.string().email(),
-      }))
-      .mutation(async ({ input }) => {
-        const { email } = input;
-
-        const user = await prisma.user.findFirst({
-          where: { 
-            email,
-           },
-          select: {
-            id: true,
-            email: true,
-            role: true,
-            profile: {
-              select: {
-                displayName: true,
-                bio: true,
-                location: true,
-                website: true,
-                profilePicture: true,
-            },
-            },
-          },
-        });
-
-        if (!user) {
-          throw new TRPCError({
-            code: "NOT_FOUND",
-            message: "User not found",
-          });
-        }
-
-        await prisma.session.deleteMany({
-          where: { userId: user?.id },
-        });
-
-        const verificationToken = await prisma.session.create({
-          data: {
-            id: uuidv4(),
-            userId: user.id,
-            expiresAt: new Date(Date.now() + 1000 * 60 * 60 * 24 * 30),
-          },
-        });
-        
-        try {
-          await sendMail({
-          from: 'noreply@studious.sh',
-          to: user.email,
-            subject: 'Verify your email',
-            text: `Click the link to verify your email: ${env.NEXT_PUBLIC_APP_URL}/verify/${verificationToken.id}`,
-          });
-        } catch (err) {
-          logger.error('Failed to send verification email', { email: user.email, err });
-        }
-
-        // logger.info(`Password verification email sent to ${user.email} at ${env.NEXT_PUBLIC_APP_URL}/verify/${verificationToken.id}`);
-
-        return { success: true };
-      }),
-    verify: publicProcedure
-      .input(z.object({
-        token: z.string(),
-      }))
-      .mutation(async ({ input }) => {
-        const { token } = input;
-
-        const session = await prisma.session.findUnique({
-          where: { id: token },
-        });
-
-        if (!session) {
-          throw new TRPCError({
-            code: "NOT_FOUND",
-            message: "Session not found",
-          });
-        }
-
-        if (session.expiresAt && session.expiresAt < new Date()) {
-          throw new TRPCError({
-            code: "UNAUTHORIZED",
-            message: "Session expired",
-          });
-        }
-
-        await prisma.user.update({
-          where: { id: session.userId! },
-          data: {
-            verified: true,
-          },
-        });
-
-        // Clean up the verification token
-        await prisma.session.delete({
-          where: { id: token },
-        });
-
-        return { success: true };
-      }),
-
-    requestPasswordReset: publicProcedure
-      .input(z.object({
-        email: z.string().email(),
-      }))
-      .mutation(async ({ input }) => {
-        const { email } = input;
-
-        const user = await prisma.user.findFirst({
-          where: { email },
-          select: {
-            id: true,
-            email: true,
-            username: true,
-          },
-        });
-
-        // Don't reveal if user exists or not for security
-        if (!user) {
-          return { success: true };
-        }
-
-        // Delete any existing password reset tokens for this user
-        // Only delete tokens that expire within 2 hours (likely password reset tokens)
-        const twoHoursFromNow = new Date(Date.now() + 1000 * 60 * 60 * 2);
-        await prisma.session.deleteMany({
-          where: { 
-            userId: user.id,
-            classId: null,
-            expiresAt: {
-              lte: twoHoursFromNow, // Only delete short-lived tokens (password reset tokens)
-            },
-          },
-        });
-
-        // Create a new password reset token (expires in 1 hour)
-        const resetToken = await prisma.session.create({
-          data: {
-            id: uuidv4(),
-            userId: user.id,
-            expiresAt: new Date(Date.now() + 1000 * 60 * 60), // 1 hour
-          },
-        });
-
-        // Send password reset email
-        try {
-          await sendMail({
-            from: 'noreply@studious.sh',
-            to: user.email,
-            subject: 'Reset your password',
-            text: `Click the link to reset your password: ${env.NEXT_PUBLIC_APP_URL}/reset-password/${resetToken.id}`,
-          });
-        } catch (err) {
-          logger.error('Failed to send password reset email', { email: user.email, err });
-        }
-
-        // logger.info(`Password reset email sent to ${user.email} at ${env.NEXT_PUBLIC_APP_URL}/reset-password/${resetToken.id}`);
-
-        return { success: true };
-      }),
-
-    resetPassword: publicProcedure
-      .input(z.object({
-        token: z.string(),
-        password: z.string().min(6, "Password must be at least 6 characters"),
-        confirmPassword: z.string(),
-      }).refine((data) => data.password === data.confirmPassword, {
-        message: "Passwords don't match",
-        path: ["confirmPassword"],
-      }))
-      .mutation(async ({ input }) => {
-        const { token, password } = input;
-
-        const session = await prisma.session.findUnique({
-          where: { id: token },
-          include: {
-            user: {
-              select: {
-                id: true,
-              },
-            },
-          },
-        });
-
-        if (!session || !session.userId) {
-          throw new TRPCError({
-            code: "NOT_FOUND",
-            message: "Invalid or expired reset token",
-          });
-        }
-
-        if (session.expiresAt && session.expiresAt < new Date()) {
-          // Clean up expired token
-          await prisma.session.delete({
-            where: { id: token },
-          });
-          throw new TRPCError({
-            code: "UNAUTHORIZED",
-            message: "Reset token has expired",
-          });
-        }
-
-        // Update the user's password
-        await prisma.user.update({
-          where: { id: session.userId },
-          data: {
-            password: await hash(password, 10),
-          },
-        });
-
-        // Clean up the reset token
-        await prisma.session.delete({
-          where: { id: token },
-        });
-
-        return { success: true };
-      }),
-}); 
+    }
+    return check(ctx.user.id);
+  }),
+
+  resendVerificationEmail: publicProcedure
+    .input(z.object({ email: z.string().email() }))
+    .mutation(({ input }) => resendVerificationEmail(input.email)),
+
+  verify: publicProcedure
+    .input(z.object({ token: z.string() }))
+    .mutation(({ input }) => verify(input.token)),
+
+  requestPasswordReset: publicProcedure
+    .input(z.object({ email: z.string().email() }))
+    .mutation(({ input }) => requestPasswordReset(input.email)),
+
+  resetPassword: publicProcedure
+    .input(
+      z
+        .object({
+          token: z.string(),
+          password: z.string().min(6, "Password must be at least 6 characters"),
+          confirmPassword: z.string(),
+        })
+        .refine((data) => data.password === data.confirmPassword, {
+          message: "Passwords don't match",
+          path: ["confirmPassword"],
+        })
+    )
+    .mutation(({ input }) => resetPassword(input.token, input.password)),
+});