apps/web/pages/api/auth/forgot-password.ts

import { NextApiRequest, NextApiResponse } from "next";
import { sendResetPassword } from "@documenso/lib/mail";
import { defaultHandler, defaultResponder } from "@documenso/lib/server";
import prisma from "@documenso/prisma";
import crypto from "crypto";

async function postHandler(req: NextApiRequest, res: NextApiResponse) {
  const { email } = req.body;
  const cleanEmail = email.toLowerCase();

  if (!cleanEmail || !cleanEmail.includes("@")) {
    res.status(422).json({ message: "Invalid email" });
    return;
  }

  const user = await prisma.user.findFirst({
    where: {
      email: cleanEmail,
    },
  });

  if (!user) {
    return res.status(404).json({ message: "No user found with this email." });
  }

  const existingToken = await prisma.passwordResetToken.findFirst({
    where: {
      userId: user.id,
      createdAt: {
        gte: new Date(Date.now() - 1000 * 60 * 60),
      },
    },
  });

  if (existingToken) {
    return res
      .status(400)
      .json({ message: "A password reset has already been requested. Please check your email." });
  }

  const token = crypto.randomBytes(64).toString("hex");

  let passwordResetToken;
  try {
    passwordResetToken = await prisma.passwordResetToken.create({
      data: {
        token,
        userId: user.id,
      },
    });
  } catch (error) {
    return res.status(500).json({ message: "Error saving token." });
  }

  await sendResetPassword(user, passwordResetToken.token);

  res.status(200).json({ message: "Password reset email sent." });
}

export default defaultHandler({
  POST: Promise.resolve({ default: defaultResponder(postHandler) }),
});
Create reset password token for user 2023-06-05 13:05:25 +00:00			`import { NextApiRequest, NextApiResponse } from "next";`
Avoid user from setting the same old password 2023-06-05 16:36:16 +00:00			`import { sendResetPassword } from "@documenso/lib/mail";`
Create reset password token for user 2023-06-05 13:05:25 +00:00			`import { defaultHandler, defaultResponder } from "@documenso/lib/server";`
			`import prisma from "@documenso/prisma";`
			`import crypto from "crypto";`

			`async function postHandler(req: NextApiRequest, res: NextApiResponse) {`
			`const { email } = req.body;`
			`const cleanEmail = email.toLowerCase();`

			`if (!cleanEmail \|\| !cleanEmail.includes("@")) {`
			`res.status(422).json({ message: "Invalid email" });`
			`return;`
			`}`

			`const user = await prisma.user.findFirst({`
			`where: {`
			`email: cleanEmail,`
			`},`
			`});`

			`if (!user) {`
Error handling for invalid users 2023-06-05 15:52:00 +00:00			`return res.status(404).json({ message: "No user found with this email." });`
Create reset password token for user 2023-06-05 13:05:25 +00:00			`}`

Avoid consecutive password reset requests 2023-06-05 16:01:01 +00:00			`const existingToken = await prisma.passwordResetToken.findFirst({`
			`where: {`
			`userId: user.id,`
			`createdAt: {`
			`gte: new Date(Date.now() - 1000 * 60 * 60),`
			`},`
			`},`
			`});`

			`if (existingToken) {`
			`return res`
			`.status(400)`
			`.json({ message: "A password reset has already been requested. Please check your email." });`
			`}`

Create reset password token for user 2023-06-05 13:05:25 +00:00			`const token = crypto.randomBytes(64).toString("hex");`
Error handling for invalid users 2023-06-05 15:52:00 +00:00
			`let passwordResetToken;`
			`try {`
			`passwordResetToken = await prisma.passwordResetToken.create({`
			`data: {`
			`token,`
			`userId: user.id,`
			`},`
			`});`
			`} catch (error) {`
			`return res.status(500).json({ message: "Error saving token." });`
			`}`
Create reset password token for user 2023-06-05 13:05:25 +00:00
feat: send reset password email 2023-06-05 13:44:22 +00:00			`await sendResetPassword(user, passwordResetToken.token);`
Create reset password token for user 2023-06-05 13:05:25 +00:00
Change password in database to new reset password 2023-06-05 14:36:20 +00:00			`res.status(200).json({ message: "Password reset email sent." });`
Create reset password token for user 2023-06-05 13:05:25 +00:00			`}`

			`export default defaultHandler({`
			`POST: Promise.resolve({ default: defaultResponder(postHandler) }),`
			`});`