CoreControl/app/api/user/change/profile/route.ts

import { NextRequest, NextResponse } from "next/server";
import prisma from "@/app/prisma";
import jwt from "jsonwebtoken";
import { z } from "zod/v4";

const schema = z.object({
    token: z.string(),
    username: z.string().min(3, "Username must be at least 3 characters long").max(32, "Username must be at most 32 characters long"),
    name: z.string().min(3, "Name must be at least 3 characters long").max(32, "Name must be at most 32 characters long"),
    email: z.string().email("Invalid email address"),
});

export async function POST(request: NextRequest) {
    try {
        const body = schema.parse(await request.json());

        if(!process.env.JWT_SECRET) {
            return NextResponse.json({ error: "No JWT secret found" }, { status: 500 });
        }

        const decoded = jwt.verify(body.token, process.env.JWT_SECRET) as { id: string };

        const user = await prisma.user.findUnique({
            where: {
                id: decoded.id,
            },
        });

        if (!user) {
            return NextResponse.json({ error: "User not found" }, { status: 404 });
        }

        await prisma.user.update({
            where: {
                id: decoded.id,
            },
            data: {
                username: body.username,
                name: body.name,
                email: body.email,
            },
        });

        return NextResponse.json({ message: "Profile updated successfully" }, { status: 200 });
    } catch (error: any) {
        if(error instanceof z.ZodError) {
            return NextResponse.json({ error: error.issues[0].message }, { status: 400 });
        }
        return NextResponse.json({ error: "Internal Server Error" }, { status: 500 });
    }
}