register+api.ts

import crypto from 'node:crypto';
import bcrypt from 'bcryptjs';
import { createSessionInsecure } from '../../../database/sessions';
import {
  createUserInsecure,
  getUserInsecure,
} from '../../../database/users';
import { ExpoApiResponse } from '../../../ExpoApiResponse';
import {
  type User,
  userSchemaRegister,
} from '../../../migrations/00002-createTableUsers';
import { createSerializedSessionTokenCookie } from '../../../util/cookies';
import { getCombinedErrorMessage } from '../../../util/validation';

export type RegisterResponseBodyPost =
  | {
      user: User;
    }
  | {
      error: string;
    };

export async function POST(
  request: Request,
): Promise<ExpoApiResponse<RegisterResponseBodyPost>> {
  const requestBody = await request.json();
  const result = userSchemaRegister.safeParse(requestBody);

  if (!result.success) {
    return ExpoApiResponse.json(
      { error: getCombinedErrorMessage(result.error.issues) },
      { status: 400 },
    );
  }

  if (await getUserInsecure(result.data.user.username)) {
    return ExpoApiResponse.json(
      { error: 'Username already exists' },
      { status: 400 },
    );
  }

  const passwordHash = await bcrypt.hash(result.data.user.password, 12);
  const user = await createUserInsecure(result.data.user.username, passwordHash);

  if (!user) {
    return ExpoApiResponse.json(
      { error: 'Creating user failed' },
      { status: 500 },
    );
  }

  const sessionToken = crypto.randomBytes(100).toString('base64');
  const session = await createSessionInsecure(sessionToken, user.id);

  if (!session) {
    return ExpoApiResponse.json(
      { error: 'Session creation failed' },
      { status: 500 },
    );
  }

  return ExpoApiResponse.json(
    { user },
    {
      headers: {
        'Set-Cookie': createSerializedSessionTokenCookie(session.token),
      },
    },
  );
}