27 lines
870 B
JavaScript
27 lines
870 B
JavaScript
import { getDb } from '../../utils/db.js'
|
|
import { requireAuth } from '../../utils/authHelpers.js'
|
|
import { hashPassword } from '../../utils/password.js'
|
|
|
|
export default defineEventHandler(async (event) => {
|
|
const currentUser = requireAuth(event)
|
|
const body = await readBody(event).catch(() => ({}))
|
|
const password = body?.password
|
|
|
|
if (typeof password !== 'string' || password.length < 1) {
|
|
throw createError({ statusCode: 400, message: 'Password is required' })
|
|
}
|
|
|
|
const { get, run } = await getDb()
|
|
const user = await get(
|
|
'SELECT id, auth_provider FROM users WHERE id = ?',
|
|
[currentUser.id],
|
|
)
|
|
if (!user) {
|
|
throw createError({ statusCode: 404, message: 'User not found' })
|
|
}
|
|
|
|
const hash = hashPassword(password)
|
|
await run('UPDATE users SET cot_password_hash = ? WHERE id = ?', [hash, currentUser.id])
|
|
return { ok: true }
|
|
})
|