el.xwx.moe/lib/api/controllers/users/postUser.ts

import { prisma } from "@/lib/api/db";
import type { NextApiRequest, NextApiResponse } from "next";
import bcrypt from "bcrypt";
import isServerAdmin from "../../isServerAdmin";
import { PostUserSchema } from "@/lib/shared/schemaValidation";

const emailEnabled =
  process.env.EMAIL_FROM && process.env.EMAIL_SERVER ? true : false;
const stripeEnabled = process.env.STRIPE_SECRET_KEY ? true : false;

interface Data {
  response: string | object;
  status: number;
}

export default async function postUser(
  req: NextApiRequest,
  res: NextApiResponse
): Promise<Data> {
  let isAdmin = await isServerAdmin({ req });

  if (process.env.NEXT_PUBLIC_DISABLE_REGISTRATION === "true" && !isAdmin) {
    return { response: "Registration is disabled.", status: 400 };
  }

  const dataValidation = PostUserSchema().safeParse(req.body);

  if (!dataValidation.success) {
    return {
      response: `Error: ${
        dataValidation.error.issues[0].message
      } [${dataValidation.error.issues[0].path.join(", ")}]`,
      status: 400,
    };
  }

  const { name, email, password } = dataValidation.data;
  let { username } = dataValidation.data;

  const autoGeneratedUsername = "user" + Math.round(Math.random() * 1000000000);

  if (!username) {
    username = autoGeneratedUsername;
  }

  const checkIfUserExists = await prisma.user.findFirst({
    where: {
      OR: [
        {
          email: email ? email.toLowerCase().trim() : undefined,
        },
        {
          username: username ? username.toLowerCase().trim() : undefined,
        },
      ],
    },
  });

  if (!checkIfUserExists) {
    const autoGeneratedUsername =
      "user" + Math.round(Math.random() * 1000000000);

    const saltRounds = 10;

    const hashedPassword = bcrypt.hashSync(password, saltRounds);

    // Subscription dates
    const currentPeriodStart = new Date();
    const currentPeriodEnd = new Date();
    currentPeriodEnd.setFullYear(currentPeriodEnd.getFullYear() + 1000); // end date is in 1000 years...

    if (isAdmin) {
      const user = await prisma.user.create({
        data: {
          name: name,
          username: emailEnabled
            ? (username as string) || autoGeneratedUsername
            : (username as string),
          email: emailEnabled ? email : undefined,
          password: hashedPassword,
          emailVerified: new Date(),
          subscriptions: stripeEnabled
            ? {
                create: {
                  stripeSubscriptionId:
                    "fake_sub_" + Math.round(Math.random() * 10000000000000),
                  active: true,
                  currentPeriodStart,
                  currentPeriodEnd,
                },
              }
            : undefined,
        },
        select: {
          id: true,
          username: true,
          email: true,
          emailVerified: true,
          subscriptions: {
            select: {
              active: true,
            },
          },
          createdAt: true,
        },
      });

      return { response: user, status: 201 };
    } else {
      await prisma.user.create({
        data: {
          name: name,
          username: emailEnabled ? autoGeneratedUsername : (username as string),
          email: emailEnabled ? email : undefined,
          password: hashedPassword,
        },
      });

      return { response: "User successfully created.", status: 201 };
    }
  } else {
    return { response: "Email or Username already exists.", status: 400 };
  }
}