 Server : Apache/2 System : Linux server-15-235-50-60 5.15.0-164-generic #174-Ubuntu SMP Fri Nov 14 20:25:16 UTC 2025 x86_64 User : gositeme ( 1004) PHP Version : 8.2.29 Disable Function : exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname Directory : /home/gositeme/backups/lavocat.quebec/backup-20250730-021618/src/pages/api/auth/ |
import type { NextApiRequest, NextApiResponse } from 'next';
import { prisma } from '@/lib/prisma';
import bcrypt from 'bcryptjs';
export default async function handler(req: NextApiRequest, res: NextApiResponse) {
if (req.method !== 'POST') {
return res.status(405).json({ message: 'Method Not Allowed' });
}
const { token, password } = req.body;
if (!token || typeof token !== 'string' || !password || typeof password !== 'string') {
return res.status(400).json({ message: 'Invalid request' });
}
// Find user by reset token and check expiry
const user = await prisma.user.findFirst({
where: {
resetPasswordToken: token,
resetPasswordTokenExpiry: { gte: new Date() },
},
});
if (!user) {
return res.status(400).json({ message: 'Invalid or expired token' });
}
// Hash new password
const hashed = await bcrypt.hash(password, 10);
await prisma.user.update({
where: { id: user.id },
data: {
password: hashed,
resetPasswordToken: null,
resetPasswordTokenExpiry: null,
},
});
return res.status(200).json({ message: 'Password reset successful' });
}