Initial commitHEAD main

Created from https://vercel.com/new
author: Fuwn <[email protected]> 2026-01-24 13:09:50 +0000
committer: Fuwn <[email protected]> 2026-01-24 13:09:50 +0000
commit: 396acf3bbbe00a192cb0ea0a9ccf91b1d8d2850b (patch)
tree: b9df4ca6a70db45cfffbae6fdd7252e20fb8e93c /src/app/api/me/password/route.ts
download: umami-main.tar.xz
umami-main.zip
1 files changed, 33 insertions, 0 deletions
diff --git a/src/app/api/me/password/route.ts b/src/app/api/me/password/route.ts
new file mode 100644
index 0000000..24c7370
--- /dev/null
+++ b/src/app/api/me/password/route.ts
@@ -0,0 +1,33 @@
+import { z } from 'zod';
+import { checkPassword, hashPassword } from '@/lib/password';
+import { parseRequest } from '@/lib/request';
+import { badRequest, json } from '@/lib/response';
+import { getUser, updateUser } from '@/queries/prisma/user';
+
+export async function POST(request: Request) {
+  const schema = z.object({
+    currentPassword: z.string(),
+    newPassword: z.string().min(8),
+  });
+
+  const { auth, body, error } = await parseRequest(request, schema);
+
+  if (error) {
+    return error();
+  }
+
+  const userId = auth.user.id;
+  const { currentPassword, newPassword } = body;
+
+  const user = await getUser(userId, { includePassword: true });
+
+  if (!checkPassword(currentPassword, user.password)) {
+    return badRequest({ message: 'Current password is incorrect' });
+  }
+
+  const password = hashPassword(newPassword);
+
+  const updated = await updateUser(userId, { password });
+
+  return json(updated);
+}
author	Fuwn <[email protected]>	2026-01-24 13:09:50 +0000
committer	Fuwn <[email protected]>	2026-01-24 13:09:50 +0000
commit	396acf3bbbe00a192cb0ea0a9ccf91b1d8d2850b (patch)
tree	b9df4ca6a70db45cfffbae6fdd7252e20fb8e93c /src/app/api/me/password/route.ts
download	umami-main.tar.xz umami-main.zip