import { NextRequest, NextResponse } from 'next/server';
import bcrypt from 'bcryptjs';
import { Resend } from 'resend';
import { db } from '@/lib/db';
import crypto from 'crypto';
const resend = new Resend(process.env.RESEND_API_KEY);
export async function POST(request: NextRequest) {
try {
const body = await request.json();
const {
username,
email,
password,
firstName,
lastName,
dob,
gender,
expertiseLevel,
} = body;
// Validation
if (!username || !email || !password || !firstName || !lastName || !dob || !gender || !expertiseLevel) {
return NextResponse.json(
{ success: false, error: 'All fields are required' },
{ status: 400 }
);
}
// Check if email already exists
const existingUserByEmail = await db.findUserByEmail(email);
if (existingUserByEmail) {
return NextResponse.json(
{ success: false, error: 'Email already registered' },
{ status: 400 }
);
}
// Check if username already exists
const existingUserByUsername = await db.findUserByUsername(username);
if (existingUserByUsername) {
return NextResponse.json(
{ success: false, error: 'Username already taken' },
{ status: 400 }
);
}
// Validate email format
const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
if (!emailRegex.test(email)) {
return NextResponse.json(
{ success: false, error: 'Invalid email format' },
{ status: 400 }
);
}
// Validate password strength
if (password.length < 6) {
return NextResponse.json(
{ success: false, error: 'Password must be at least 6 characters long' },
{ status: 400 }
);
}
// Hash password
const hashedPassword = await bcrypt.hash(password, 10);
// Create user (inactive by default)
const userId = await db.createUser({
username,
email,
password: hashedPassword,
first_name: firstName,
last_name: lastName,
dob,
gender,
expertise_level: expertiseLevel,
is_active: false,
email_verified: false,
});
// Generate verification token
const verificationToken = crypto.randomBytes(32).toString('hex');
const expiresAt = new Date(Date.now() + 24 * 60 * 60 * 1000); // 24 hours from now
await db.setVerificationToken(userId, verificationToken, expiresAt);
// Send verification email
const baseUrl = process.env.NEXTAUTH_URL || `http://localhost:${process.env.PORT || 3000}`;
const verificationUrl = `${baseUrl}/verify-email?token=${verificationToken}`;
try {
await resend.emails.send({
from: process.env.EMAIL_FROM || 'onboarding@resend.dev',
to: email,
subject: 'Verify your email address',
html: `
<div style="font-family: Arial, sans-serif; max-width: 600px; margin: 0 auto;">
<h2>Welcome to Kite Portfolio Manager!</h2>
<p>Hi ${firstName},</p>
<p>Thank you for registering. Please verify your email address by clicking the link below:</p>
<a href="${verificationUrl}" style="display: inline-block; padding: 12px 24px; background-color: #4F46E5; color: white; text-decoration: none; border-radius: 6px; margin: 16px 0;">
Verify Email Address
</a>
<p>Or copy and paste this link into your browser:</p>
<p style="color: #666; word-break: break-all;">${verificationUrl}</p>
<p>This link will expire in 24 hours.</p>
<p>If you didn't create an account, please ignore this email.</p>
<hr style="margin: 24px 0; border: none; border-top: 1px solid #eee;">
<p style="color: #999; font-size: 12px;">Kite Portfolio Manager</p>
</div>
`,
});
} catch (emailError) {
console.error('Failed to send verification email:', emailError);
// Don't fail registration if email fails
}
return NextResponse.json({
success: true,
message: 'Registration successful! Please check your email to verify your account.',
userId,
});
} catch (error: any) {
console.error('Registration error:', error);
return NextResponse.json(
{ success: false, error: error.message || 'Registration failed' },
{ status: 500 }
);
}
}
