import { AuthenticationError, NotFoundError, resolver, SecurePassword } from "blitz"; import { z } from "zod"; import db from "../../../db"; import { authenticateUser } from "../../auth/mutations/login"; import { password } from "../../auth/validations"; const Body = z.object({ currentPassword: z.string(), newPassword: password, }); export default resolver.pipe( resolver.zod(Body), resolver.authorize(), async ({ currentPassword, newPassword }, ctx) => { const user = await db.user.findFirst({ where: { id: ctx.session.userId! } }); if (!user) throw new NotFoundError(); try { await authenticateUser(user.email, currentPassword); } catch (error) { if (error instanceof AuthenticationError) { throw new Error("Current password is incorrect"); } throw error; } const hashedPassword = await SecurePassword.hash(newPassword.trim()); await db.user.update({ where: { id: user.id }, data: { hashedPassword }, }); }, );