fix: resolve Prettier markdown code block parsing errors

- Fix syntax errors in skills markdown files (.github/skills, .opencode/skills) - Change typescript to tsx for code blocks with JSX - Replace ellipsis (...) in array examples with valid syntax - Separate CSS from TypeScript into distinct code blocks - Convert JavaScript object examples to valid JSON in docs - Fix enum definitions with proper comma separation
2026-02-13 22:35:47 +01:00 · 2026-01-20 21:09:29 +01:00
parent 7932fe7386
commit cd05fc8648
177 changed files with 5042 additions and 5541 deletions
--- a/app/api/dashboard/users/route.ts
+++ b/app/api/dashboard/users/route.ts
@@ -1,30 +1,38 @@
-import crypto from "node:crypto";
-import bcrypt from "bcryptjs";
 import { type NextRequest, NextResponse } from "next/server";
-import { getServerSession } from "next-auth";
-import { authOptions } from "../../../../lib/auth";
-import { prisma } from "../../../../lib/prisma";
+import { neonAuth } from "@/lib/auth/server";
+import { prisma } from "@/lib/prisma";

-export const dynamic = "force-dynamic";
+// MIGRATED: Removed "export const dynamic = 'force-dynamic'" - dynamic by default with Cache Components

 interface UserBasicInfo {
  id: string;
  email: string;
+  name: string | null;
  role: string;
 }

 export async function GET(_request: NextRequest) {
-  const session = await getServerSession(authOptions);
-  if (!session?.user || session.user.role !== "ADMIN") {
-    return NextResponse.json({ error: "Forbidden" }, { status: 403 });
+  const { session: authSession, user: authUser } = await neonAuth();
+  if (!authSession || !authUser?.email) {
+    return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
  }

+  // Look up user in our database to get companyId and role
  const user = await prisma.user.findUnique({
-    where: { email: session.user.email as string },
+    where: { email: authUser.email },
+    select: { companyId: true, role: true },
  });

-  if (!user) {
-    return NextResponse.json({ error: "No user" }, { status: 401 });
+  if (!user || !user.companyId) {
+    return NextResponse.json(
+      { error: "User not found or no company" },
+      { status: 401 }
+    );
+  }
+
+  // Check for admin role
+  if (user.role !== "ADMIN") {
+    return NextResponse.json({ error: "Forbidden" }, { status: 403 });
  }

  const users = await prisma.user.findMany({
@@ -34,28 +42,44 @@ export async function GET(_request: NextRequest) {
  const mappedUsers: UserBasicInfo[] = users.map((u) => ({
    id: u.id,
    email: u.email,
+    name: u.name,
    role: u.role,
  }));

  return NextResponse.json({ users: mappedUsers });
 }

+/**
+ * POST /api/dashboard/users
+ * Invite a new user to the company (creates a placeholder record)
+ * The user will need to sign up via Neon Auth using the same email
+ */
 export async function POST(request: NextRequest) {
-  const session = await getServerSession(authOptions);
-  if (!session?.user || session.user.role !== "ADMIN") {
+  const { session: authSession, user: authUser } = await neonAuth();
+  if (!authSession || !authUser?.email) {
+    return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+  }
+
+  // Look up user in our database to get companyId and role
+  const user = await prisma.user.findUnique({
+    where: { email: authUser.email },
+    select: { companyId: true, role: true, email: true },
+  });
+
+  if (!user || !user.companyId) {
+    return NextResponse.json(
+      { error: "User not found or no company" },
+      { status: 401 }
+    );
+  }
+
+  // Check for admin role
+  if (user.role !== "ADMIN") {
    return NextResponse.json({ error: "Forbidden" }, { status: 403 });
  }

-  const user = await prisma.user.findUnique({
-    where: { email: session.user.email as string },
-  });
-
-  if (!user) {
-    return NextResponse.json({ error: "No user" }, { status: 401 });
-  }
-
  const body = await request.json();
-  const { email, role } = body;
+  const { email, name, role } = body;

  if (!email || !role) {
    return NextResponse.json({ error: "Missing fields" }, { status: 400 });
@@ -63,20 +87,28 @@ export async function POST(request: NextRequest) {

  const exists = await prisma.user.findUnique({ where: { email } });
  if (exists) {
-    return NextResponse.json({ error: "Email exists" }, { status: 409 });
+    return NextResponse.json(
+      { error: "Email already exists" },
+      { status: 409 }
+    );
  }

-  const tempPassword = crypto.randomBytes(12).toString("base64").slice(0, 12); // secure random initial password
-
+  // Create user record (they'll complete signup via Neon Auth)
  await prisma.user.create({
    data: {
      email,
-      password: await bcrypt.hash(tempPassword, 10),
+      name: name || null,
      companyId: user.companyId,
      role,
+      invitedBy: user.email,
+      invitedAt: new Date(),
    },
  });

-  // TODO: Email user their temp password (stub, for demo) - Implement a robust and secure email sending mechanism. Consider using a transactional email service.
-  return NextResponse.json({ ok: true, tempPassword });
+  // TODO: Send invitation email with sign-up link
+  return NextResponse.json({
+    ok: true,
+    message:
+      "User invited. They should sign up at /auth/sign-up with this email.",
+  });
 }