nyk
feat(refactor): ready for manual QA after main sync (#274)
b6ecafa unverified
Raw
History Blame Contribute Delete
1.47 kB
import { NextResponse } from 'next/server'
import { getUserFromRequest } from '@/lib/auth'
import { getDatabase, logAuditEvent } from '@/lib/db'
export async function POST(request: Request) {
const user = getUserFromRequest(request)
if (!user || user.id === 0) {
return NextResponse.json({ error: 'Authentication required' }, { status: 401 })
}
if (user.provider !== 'google') {
return NextResponse.json({ error: 'Account is not connected to Google' }, { status: 400 })
}
const db = getDatabase()
// Check that the user has a password set so they can still log in after disconnect
const row = db.prepare('SELECT password_hash FROM users WHERE id = ?').get(user.id) as { password_hash?: string } | undefined
if (!row?.password_hash) {
return NextResponse.json(
{ error: 'Cannot disconnect Google — no password set. Set a password first to avoid being locked out.' },
{ status: 400 }
)
}
db.prepare(`
UPDATE users
SET provider = 'local', provider_user_id = NULL, updated_at = (unixepoch())
WHERE id = ?
`).run(user.id)
const ipAddress = request.headers.get('x-forwarded-for') || request.headers.get('x-real-ip') || 'unknown'
const userAgent = request.headers.get('user-agent') || undefined
logAuditEvent({
action: 'google_disconnect',
actor: user.username,
actor_id: user.id,
ip_address: ipAddress,
user_agent: userAgent,
})
return NextResponse.json({ ok: true })
}