All files / src/app/api/user/profile route.ts

100% Statements 154/154
100% Branches 18/18
100% Functions 3/3
100% Lines 154/154

Press n or j to go to the next uncovered block, b, p or k for the previous block. 



1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
1561x
1x
1x
1x
1x
1x
1x
1x
1x
1x
1x
1x
1x
1x
1x
1x
1x
1x
1x
1x
1x
1x
1x
1x
1x
1x
1x
1x
1x
1x
1x
1x
1x
1x
1x
1x
28x
28x
28x
28x
28x
28x
28x
28x
28x
28x
28x
28x
28x
28x
28x
28x
28x
4x
4x
4x
4x
4x
4x
4x
4x
4x
4x
4x
4x
4x
4x
4x
4x
4x
28x
24x
24x
1x
1x
8x
8x
8x
8x
8x
8x
8x
8x
2x
2x
6x
6x
6x
6x
6x
6x
6x
6x
6x
6x
6x
6x
6x
6x
6x
5x
8x
1x
1x
4x
4x
4x
1x
1x
20x
20x
20x
20x
20x
20x
20x
20x
2x
2x
18x
18x
18x
18x
18x
18x
18x
5x
5x
5x
6x
6x
6x
5x
5x
5x
13x
13x
13x
13x
13x
13x
13x
13x
13x
13x
13x
13x
13x
13x
12x
12x
12x
1x
1x
 
 
import { NextRequest, NextResponse } from "next/server";
import {
  withAuth,
  withErrorHandling,
  successResponse,
  validationErrorResponse,
  ApiError,
  ApiSuccessResponse,
  ApiErrorResponse } from "@/lib/api";
import { RouteContext } from "@/lib/api/middleware";
import { prisma } from "@/lib/prisma";
import { addSecurityHeaders } from "@/lib/security";
import {
  checkRateLimit,
  rateLimitPresets,
  getRateLimitInfo } from "@/lib/security";
import { z } from "zod";
import { Session } from "next-auth";
 
// Profile update schema
const ProfileUpdateSchema = z.object({
  name: z.string().min(2).max(100).optional(),
  phone: z.string().min(10).max(20).optional()});
 
interface UserProfile {
  id: number;
  email: string;
  name: string | null;
  phone: string | null;
  image: string | null;
  role: string;
  createdAt: Date;
  updatedAt: Date;
}
 
// Rate limit helper - returns error response if rate limited
function checkRateLimitForProfile(
  request: NextRequest,
  action: "get" | "patch"
): NextResponse<ApiErrorResponse> | null {
  const ip =
    request.headers.get("x-forwarded-for") ||
    request.headers.get("x-real-ip") ||
    "unknown";
  const key = `api-user-profile-${action}-${ip}`;
 
  if (
    !checkRateLimit(
      key,
      rateLimitPresets.standard.limit,
      rateLimitPresets.standard.windowMs
    )
  ) {
//
    const rateLimitInfo = getRateLimitInfo(key, rateLimitPresets.standard.limit);
    return addSecurityHeaders(
      NextResponse.json<ApiErrorResponse>(
        {
          success: false,
          error: {
            code: "RATE_LIMIT_EXCEEDED",
            message: "Rate limit exceeded"}},
        {
          status: 429,
          headers: {
            "X-RateLimit-Limit": rateLimitInfo.limit.toString(),
            "X-RateLimit-Remaining": rateLimitInfo.remaining.toString(),
            "X-RateLimit-Reset": rateLimitInfo.resetTime}}
      )
    );
  }
  return null;
}
 
// GET /api/user/profile - Get current user's profile
async function handleGet(
  request: NextRequest,
  _context: RouteContext | undefined,
  session: Session
): Promise<NextResponse<ApiSuccessResponse<UserProfile> | ApiErrorResponse>> {
  // Rate limiting
  const rateLimitResponse = checkRateLimitForProfile(request, "get");
  if (rateLimitResponse) {
    return rateLimitResponse;
  }
 
  const userId = session.user.id;
 
  // Fetch user profile
  const user = await prisma.user.findUnique({
    where: { id: userId },
    select: {
      id: true,
      email: true,
      name: true,
      phone: true,
      image: true,
      role: true,
      createdAt: true,
      updatedAt: true}});
 
  if (!user) {
    throw ApiError.notFound("User");
  }
 
  return addSecurityHeaders(successResponse(user));
}
 
// PATCH /api/user/profile - Update current user's profile
async function handlePatch(
  request: NextRequest,
  _context: RouteContext | undefined,
  session: Session
): Promise<NextResponse<ApiSuccessResponse<UserProfile> | ApiErrorResponse>> {
  // Rate limiting
  const rateLimitResponse = checkRateLimitForProfile(request, "patch");
  if (rateLimitResponse) {
    return rateLimitResponse;
  }
 
  const userId = session.user.id;
  const body = await request.json();
 
  // Validate input
  const validationResult = ProfileUpdateSchema.safeParse(body);
  if (!validationResult.success) {
    return addSecurityHeaders(
      validationErrorResponse("Invalid profile data",
        validationResult.error.issues.map((issue) => ({
          field: issue.path.join('.') || '_root',
          message: issue.message,
          code: issue.code}))
      )
    );
  }
 
  // Update user profile
  const updatedUser = await prisma.user.update({
    where: { id: userId },
    data: validationResult.data,
    select: {
      id: true,
      email: true,
      name: true,
      phone: true,
      image: true,
      role: true,
      createdAt: true,
      updatedAt: true}});
 
  return addSecurityHeaders(successResponse(updatedUser));
}
 
export const GET = withErrorHandling(withAuth(handleGet));
export const PATCH = withErrorHandling(withAuth(handlePatch));
 
Code coverage generated by istanbul at 2026-01-06T03:25:28.552Z