import { NextResponse } from "next/server"; import { getServerSession } from "next-auth"; import { authOptions } from "@/lib/auth"; import prisma from "@/lib/prisma"; import bcrypt from "bcryptjs"; export async function GET() { try { const session = await getServerSession(authOptions); if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); const user = await prisma.user.findUnique({ where: { id: session.user.id }, select: { id: true, name: true, email: true, role: true, department: true, manager: { select: { name: true } }, createdAt: true, }, }); return NextResponse.json(user); } catch (error) { return NextResponse.json({ error: "Failed to fetch profile" }, { status: 500 }); } } export async function PUT(req: Request) { try { const session = await getServerSession(authOptions); if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); const body = await req.json(); // Password change if (body.currentPassword && body.newPassword) { const user = await prisma.user.findUnique({ where: { id: session.user.id } }); if (!user) return NextResponse.json({ error: "User not found" }, { status: 404 }); const isValid = await bcrypt.compare(body.currentPassword, user.password); if (!isValid) { return NextResponse.json({ error: "Current password is incorrect" }, { status: 400 }); } const hashedPassword = await bcrypt.hash(body.newPassword, 10); await prisma.user.update({ where: { id: session.user.id }, data: { password: hashedPassword }, }); return NextResponse.json({ message: "Password updated" }); } // Profile update const updated = await prisma.user.update({ where: { id: session.user.id }, data: { name: body.name }, select: { id: true, name: true, email: true }, }); return NextResponse.json(updated); } catch (error) { return NextResponse.json({ error: "Failed to update profile" }, { status: 500 }); } }