Initial commit: Lageplan v1.0 - Next.js 15.5, React 19

src/app/api/auth/change-password/route.ts

@@ -0,0 +1,46 @@
+import { NextRequest, NextResponse } from 'next/server'
+import { getSession } from '@/lib/auth'
+import { prisma } from '@/lib/db'
+import bcrypt from 'bcryptjs'
+
+export async function POST(req: NextRequest) {
+  try {
+    const user = await getSession()
+    if (!user) return NextResponse.json({ error: 'Nicht autorisiert' }, { status: 401 })
+
+    const { currentPassword, newPassword } = await req.json()
+
+    if (!currentPassword || !newPassword) {
+      return NextResponse.json({ error: 'Beide Felder sind erforderlich' }, { status: 400 })
+    }
+
+    if (newPassword.length < 6) {
+      return NextResponse.json({ error: 'Neues Kennwort muss mindestens 6 Zeichen lang sein' }, { status: 400 })
+    }
+
+    const dbUser = await (prisma as any).user.findUnique({
+      where: { id: user.id },
+      select: { password: true },
+    })
+
+    if (!dbUser) {
+      return NextResponse.json({ error: 'Benutzer nicht gefunden' }, { status: 404 })
+    }
+
+    const isValid = await bcrypt.compare(currentPassword, dbUser.password)
+    if (!isValid) {
+      return NextResponse.json({ error: 'Aktuelles Kennwort ist falsch' }, { status: 400 })
+    }
+
+    const hashedPassword = await bcrypt.hash(newPassword, 12)
+    await (prisma as any).user.update({
+      where: { id: user.id },
+      data: { password: hashedPassword },
+    })
+
+    return NextResponse.json({ success: true })
+  } catch (error) {
+    console.error('Change password error:', error)
+    return NextResponse.json({ error: 'Interner Fehler' }, { status: 500 })
+  }
+}