37 lines
965 B
TypeScript
37 lines
965 B
TypeScript
|
import { AuthenticationError, NotFoundError, resolver, SecurePassword } from "blitz";
|
||
|
import { z } from "zod";
|
||
|
|
||
|
import db from "../../../db";
|
||
|
import { authenticateUser } from "../../auth/mutations/login";
|
||
|
import { password } from "../../auth/validations";
|
||
|
|
||
|
const Body = z.object({
|
||
|
currentPassword: z.string(),
|
||
|
newPassword: password,
|
||
|
});
|
||
|
|
||
|
export default resolver.pipe(
|
||
|
resolver.zod(Body),
|
||
|
resolver.authorize(),
|
||
|
async ({ currentPassword, newPassword }, ctx) => {
|
||
|
const user = await db.user.findFirst({ where: { id: ctx.session.userId! } });
|
||
|
if (!user) throw new NotFoundError();
|
||
|
|
||
|
try {
|
||
|
await authenticateUser(user.email, currentPassword);
|
||
|
} catch (error) {
|
||
|
if (error instanceof AuthenticationError) {
|
||
|
throw new Error("Current password is incorrect");
|
||
|
}
|
||
|
|
||
|
throw error;
|
||
|
}
|
||
|
|
||
|
const hashedPassword = await SecurePassword.hash(newPassword.trim());
|
||
|
await db.user.update({
|
||
|
where: { id: user.id },
|
||
|
data: { hashedPassword },
|
||
|
});
|
||
|
},
|
||
|
);
|