watson/umami
1
0
Fork 0
mirror of https://github.com/umami-software/umami.git synced 2026-02-04 04:37:11 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
umami/src/app/api/users/route.ts
Francis Cao 8f55ed9da9 security advisory fixes opened by kolega-ai-dev
2026-01-22 09:24:08 -08:00

45 lines
1.2 KiB
TypeScript
Raw Blame History

import { z } from 'zod';
import { ROLES } from '@/lib/constants';
import { uuid } from '@/lib/crypto';
import { hashPassword } from '@/lib/password';
import { parseRequest } from '@/lib/request';
import { badRequest, json, unauthorized } from '@/lib/response';
import { userRoleParam } from '@/lib/schema';
import { canCreateUser } from '@/permissions';
import { createUser, getUserByUsername } from '@/queries/prisma';
export async function POST(request: Request) {
const schema = z.object({
id: z.uuid().optional(),
username: z.string().max(255),
password: z.string().min(8).max(255),
role: userRoleParam,
});
const { auth, body, error } = await parseRequest(request, schema);
if (error) {
return error();
}
if (!(await canCreateUser(auth))) {
return unauthorized();
}
const { id, username, password, role } = body;
const existingUser = await getUserByUsername(username, { showDeleted: true });
if (existingUser) {
return badRequest({ message: 'User already exists' });
}
const user = await createUser({
id: id || uuid(),
username,
password: hashPassword(password),
role: role ?? ROLES.user,
});
return json(user);
}
Reference in a new issue View git blame Copy permalink