Initial commit: Lageplan v1.0 - Next.js 15.5, React 19

src/app/api/auth/register/route.ts

@@ -0,0 +1,175 @@
+import { NextRequest, NextResponse } from 'next/server'
+import { prisma } from '@/lib/db'
+import { hashPassword } from '@/lib/auth'
+import { sendEmail } from '@/lib/email'
+import { randomBytes } from 'crypto'
+import { z } from 'zod'
+
+const registerSchema = z.object({
+  organizationName: z.string().min(2, 'Organisationsname zu kurz').max(200),
+  name: z.string().min(2, 'Name zu kurz').max(200),
+  email: z.string().email('Ungültige E-Mail-Adresse'),
+  password: z.string().min(6, 'Passwort muss mindestens 6 Zeichen haben'),
+})
+
+export async function POST(req: NextRequest) {
+  try {
+    const body = await req.json()
+    const data = registerSchema.parse(body)
+
+    // Check if email already exists
+    const existingUser = await (prisma as any).user.findUnique({
+      where: { email: data.email },
+      include: { memberships: true },
+    })
+    if (existingUser) {
+      // If the user is an orphan (no memberships) or never verified their email,
+      // clean them up so they can re-register
+      const isOrphan = !existingUser.memberships || existingUser.memberships.length === 0
+      const isUnverified = existingUser.emailVerified === false
+      if (isOrphan || isUnverified) {
+        // Force-delete orphan/unverified user and all their remaining data
+        try {
+          await (prisma as any).upgradeRequest.deleteMany({ where: { requestedById: existingUser.id } })
+          await (prisma as any).iconAsset.updateMany({ where: { ownerId: existingUser.id }, data: { ownerId: null } })
+          await (prisma as any).project.updateMany({ where: { ownerId: existingUser.id }, data: { ownerId: null } })
+          await (prisma as any).tenantMembership.deleteMany({ where: { userId: existingUser.id } })
+          await (prisma as any).user.delete({ where: { id: existingUser.id } })
+          console.log(`[Register] Cleaned up orphan/unverified user: ${data.email}`)
+        } catch (cleanupErr) {
+          console.error('[Register] Failed to cleanup existing user:', cleanupErr)
+          return NextResponse.json({ error: 'Diese E-Mail-Adresse ist bereits registriert. Bitte kontaktieren Sie den Administrator.' }, { status: 400 })
+        }
+      } else {
+        return NextResponse.json({ error: 'Diese E-Mail-Adresse ist bereits registriert.' }, { status: 400 })
+      }
+    }
+
+    // Generate slug from organization name
+    let slug = data.organizationName
+      .toLowerCase()
+      .replace(/[äÄ]/g, 'ae').replace(/[öÖ]/g, 'oe').replace(/[üÜ]/g, 'ue')
+      .replace(/[^a-z0-9]+/g, '-')
+      .replace(/^-|-$/g, '')
+
+    // Ensure slug is unique
+    const existingTenant = await (prisma as any).tenant.findUnique({ where: { slug } })
+    if (existingTenant) {
+      slug = `${slug}-${Date.now().toString(36)}`
+    }
+
+    // Hash password
+    const hashedPassword = await hashPassword(data.password)
+
+    // Generate email verification token
+    const verificationToken = randomBytes(32).toString('hex')
+
+    // Create tenant (no trial, directly ACTIVE) with privacy consent
+    const tenant = await (prisma as any).tenant.create({
+      data: {
+        name: data.organizationName,
+        slug,
+        plan: 'FREE',
+        subscriptionStatus: 'ACTIVE',
+        maxUsers: 5,
+        maxProjects: 10,
+        contactEmail: data.email,
+        privacyAccepted: body.privacyAccepted === true,
+        privacyAcceptedAt: body.privacyAccepted ? new Date() : null,
+        adminAccessAccepted: body.adminAccessAccepted === true,
+      },
+    })
+
+    // Create user as TENANT_ADMIN with email not yet verified
+    const user = await (prisma as any).user.create({
+      data: {
+        email: data.email,
+        password: hashedPassword,
+        name: data.name,
+        role: 'TENANT_ADMIN',
+        emailVerified: false,
+        emailVerificationToken: verificationToken,
+      },
+    })
+
+    // Create tenant membership
+    await (prisma as any).tenantMembership.create({
+      data: {
+        userId: user.id,
+        tenantId: tenant.id,
+        role: 'TENANT_ADMIN',
+      },
+    })
+
+    // Send verification email
+    let baseUrl = process.env.NEXTAUTH_URL || req.headers.get('origin') || `${req.headers.get('x-forwarded-proto') || 'https'}://${req.headers.get('host')}` || 'http://localhost:3000'
+    if (baseUrl && !baseUrl.startsWith('http://') && !baseUrl.startsWith('https://')) {
+      baseUrl = `https://${baseUrl}`
+    }
+    const verifyUrl = `${baseUrl}/api/auth/verify-email?token=${verificationToken}`
+    try {
+      await sendEmail(
+        data.email,
+        'E-Mail-Adresse bestätigen — Lageplan',
+        `<div style="font-family:sans-serif;max-width:600px;margin:0 auto;">
+          <div style="background:#dc2626;color:white;padding:20px 24px;border-radius:12px 12px 0 0;">
+            <h1 style="margin:0;font-size:22px;">E-Mail bestätigen</h1>
+          </div>
+          <div style="border:1px solid #e5e7eb;border-top:none;padding:24px;border-radius:0 0 12px 12px;">
+            <p>Hallo <strong>${data.name}</strong>,</p>
+            <p>Bitte bestätigen Sie Ihre E-Mail-Adresse, um Ihr Konto für <strong>${data.organizationName}</strong> zu aktivieren.</p>
+            <div style="text-align:center;margin:24px 0;">
+              <a href="${verifyUrl}" style="background:#dc2626;color:white;padding:12px 32px;text-decoration:none;border-radius:8px;font-weight:600;display:inline-block;">
+                E-Mail bestätigen
+              </a>
+            </div>
+            <p style="color:#666;font-size:13px;">Falls der Button nicht funktioniert, kopieren Sie diesen Link:<br/>
+            <a href="${verifyUrl}" style="word-break:break-all;">${verifyUrl}</a></p>
+          </div>
+        </div>`
+      )
+    } catch (e) {
+      console.warn('Failed to send verification email:', e)
+    }
+
+    // Notify server admin about new registration (#13)
+    try {
+      const adminSetting = await (prisma as any).systemSetting.findUnique({ where: { key: 'notify_registration_email' } })
+      const adminEmail = adminSetting?.value
+      if (adminEmail) {
+        await sendEmail(
+          adminEmail,
+          `Neue Registrierung — ${data.organizationName}`,
+          `<div style="font-family:sans-serif;max-width:600px;margin:0 auto;">
+            <div style="background:#1e293b;color:white;padding:20px 24px;border-radius:12px 12px 0 0;">
+              <h1 style="margin:0;font-size:22px;">Neue Registrierung</h1>
+            </div>
+            <div style="border:1px solid #e5e7eb;border-top:none;padding:24px;border-radius:0 0 12px 12px;">
+              <p><strong>Organisation:</strong> ${data.organizationName}</p>
+              <p><strong>Name:</strong> ${data.name}</p>
+              <p><strong>E-Mail:</strong> ${data.email}</p>
+              <p><strong>Mandant-Slug:</strong> ${slug}</p>
+              <p><strong>Datum:</strong> ${new Date().toLocaleString('de-CH')}</p>
+            </div>
+          </div>`
+        )
+      }
+    } catch (e) {
+      console.warn('Failed to send registration notification:', e)
+    }
+
+    return NextResponse.json({
+      success: true,
+      message: 'Registrierung erfolgreich! Bitte bestätigen Sie Ihre E-Mail-Adresse.',
+      tenantSlug: tenant.slug,
+      requiresVerification: true,
+    }, { status: 201 })
+  } catch (error) {
+    if (error instanceof z.ZodError) {
+      const firstError = error.errors[0]
+      return NextResponse.json({ error: firstError.message }, { status: 400 })
+    }
+    console.error('Registration error:', error)
+    return NextResponse.json({ error: 'Registrierung fehlgeschlagen. Bitte versuchen Sie es später.' }, { status: 500 })
+  }
+}