mirror of
https://github.com/Litlyx/litlyx
synced 2025-12-10 15:58:38 +01:00
33 lines
1.2 KiB
TypeScript
33 lines
1.2 KiB
TypeScript
import z from 'zod';
|
|
import { PasswordModel } from '~/shared/schema/PasswordSchema';
|
|
import { UserModel } from '~/shared/schema/UserSchema';
|
|
import crypto from 'crypto';
|
|
|
|
const ZResetPasswordBody = z.object({
|
|
email: z.string().email()
|
|
})
|
|
|
|
export default defineEventHandler(async event => {
|
|
|
|
const ctx = await getRequestContext(event, 'flag:allowAnon');
|
|
|
|
const { email } = await readValidatedBody(event, ZResetPasswordBody.parse);
|
|
const user = await UserModel.findOne({ email });
|
|
if (!user) return { ok: true };
|
|
|
|
const pass = await PasswordModel.findOne({ email });
|
|
if (!pass) throw createError({ status: 400, message: 'The account is associated to a Social Login. You cannot reset the password.' });
|
|
|
|
const { BASE_URL, RESET_PASSWORD_SECRET } = useRuntimeConfig();
|
|
|
|
const hash = crypto.createHash('sha256');
|
|
const authenticationCode = hash.update(`${RESET_PASSWORD_SECRET}:${email}`).digest('hex');
|
|
|
|
const link = `${BASE_URL}/reset_password?code=${authenticationCode}&mail=${Buffer.from(email).toString('base64')}`;
|
|
|
|
const tRpc = useTRPC();
|
|
await tRpc.emails.email.sendResetPasswordEmail.mutate({ email, link })
|
|
|
|
return { ok: true }
|
|
|
|
}); |