Update user actions

Author: zntb

app/actions/user.ts

@@ -0,0 +1,78 @@
+'use server';
+
+import { db } from '@/drizzle/db';
+import { verifySession } from '@/app/auth/02-stateless-session';
+import { deleteDbSession } from '@/app/auth/02-database-session';
+import { users } from '@/drizzle/schema';
+import { eq } from 'drizzle-orm';
+import { getUser } from '../auth/03-dal';
+
+interface User {
+  id: number;
+  name: string;
+  email: string;
+}
+
+export async function fetchUsers(): Promise<User[]> {
+  try {
+    const dbUsers = await db.select().from(users);
+    return dbUsers;
+  } catch (error) {
+    console.error('Error fetching users:', error);
+    throw new Error('Failed to fetch users');
+  }
+}
+
+export const deleteUser = async () => {
+  console.log('deleteUser function called');
+
+  // Verify session
+  const session = await verifySession();
+  if (!session) {
+    console.log('Session verification failed');
+    return { success: false };
+  }
+  console.log('Session verified:', session);
+
+  // Get user
+  const user = await getUser();
+  if (!user) {
+    console.log('User not found');
+    return { success: false };
+  }
+  console.log('User found:', user);
+
+  try {
+    // Attempt to delete session
+    console.log('Attempting to delete session for user id:', session.userId);
+    const sessionDeleteResponse = await deleteDbSession(session.userId);
+
+    // Ensure the session deletion was successful
+    if (!sessionDeleteResponse) {
+      console.log('Failed to delete session');
+      return { success: false };
+    }
+
+    console.log('Session deleted successfully');
+
+    // Attempt to delete user
+    console.log('Attempting to delete user with id:', session.userId);
+    const userDeleteResponse = await db
+      .delete(users)
+      .where(eq(users.id, session.userId));
+
+    // Check the result of the delete operation
+    console.log('Delete user response:', userDeleteResponse);
+
+    if (!userDeleteResponse) {
+      console.log('Failed to delete user');
+      return { success: false };
+    }
+
+    console.log('User deleted successfully');
+    return { success: true };
+  } catch (error) {
+    console.error('Error deleting user:', error);
+    throw new Error('Failed to delete user');
+  }
+};

app/api/users/route.ts

@@ -0,0 +1,34 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { cookies } from 'next/headers';
+
+import { decrypt } from '../../auth/02-database-session';
+import { fetchUsers } from '../../actions/user';
+
+interface User {
+  id: number;
+  name: string;
+  email: string;
+}
+
+export async function GET(req: NextRequest, res: NextResponse<User | null>) {
+  try {
+    const cookie = cookies().get('session')?.value;
+
+    if (!cookie) {
+      return new NextResponse(null, { status: 401 });
+    }
+    const session = await decrypt(cookie);
+
+    if (!session?.userId) {
+      return new NextResponse(null, { status: 401 });
+    }
+
+    const users = await fetchUsers();
+
+    return new NextResponse(JSON.stringify(users), { status: 200 });
+  } catch (error) {
+    // Handle errors appropriately
+    console.error('Error fetching user:', error);
+    return new NextResponse(null, { status: 500 });
+  }
+}

app/auth/01-auth.ts

@@ -7,32 +7,33 @@ import {
   LoginFormSchema,
   SignupFormSchema,
 } from '@/app/auth/definitions';
-import { createSession, deleteSession } from '@/app/auth/02-stateless-session';
+import {
+  createDbSession,
+  deleteDbSession,
+} from '@/app/auth/02-database-session'; // Ensure correct import
 import bcrypt from 'bcrypt';
 import { eq } from 'drizzle-orm';
+import { redirect } from 'next/navigation';
+import { getUser } from './03-dal';
 
 export async function signup(
   state: FormState,
   formData: FormData,
 ): Promise<FormState> {
-  // 1. Validate form fields
   const validatedFields = SignupFormSchema.safeParse({
     name: formData.get('name'),
     email: formData.get('email'),
     password: formData.get('password'),
   });
 
-  // If any form fields are invalid, return early
   if (!validatedFields.success) {
     return {
       errors: validatedFields.error.flatten().fieldErrors,
     };
   }
 
-  // 2. Prepare data for insertion into database
   const { name, email, password } = validatedFields.data;
 
-  // 3. Check if the user's email already exists
   const existingUser = await db.query.users.findFirst({
     where: eq(users.email, email),
   });
@@ -43,10 +44,8 @@ export async function signup(
     };
   }
 
-  // Hash the user's password
   const hashedPassword = await bcrypt.hash(password, 10);
 
-  // 3. Insert the user into the database or call an Auth Provider's API
   const data = await db
     .insert(users)
     .values({
@@ -64,58 +63,71 @@ export async function signup(
     };
   }
 
-  // 4. Create a session for the user
-  const userId = user.id.toString();
-  await createSession(userId);
+  const userId = user.id;
+  await createDbSession(userId);
+
+  redirect('/dashboard');
 }
 
 export async function login(
   state: FormState,
   formData: FormData,
 ): Promise<FormState> {
-  // 1. Validate form fields
   const validatedFields = LoginFormSchema.safeParse({
     email: formData.get('email'),
     password: formData.get('password'),
   });
   const errorMessage = { message: 'Invalid login credentials.' };
 
-  // If any form fields are invalid, return early
   if (!validatedFields.success) {
     return {
       errors: validatedFields.error.flatten().fieldErrors,
     };
   }
 
-  // 2. Query the database for the user with the given email
   const user = await db.query.users.findFirst({
     where: eq(users.email, validatedFields.data.email),
   });
 
-  // If user is not found, return early
   if (!user) {
     return errorMessage;
   }
-  // 3. Compare the user's password with the hashed password in the database
+
   const passwordMatch = await bcrypt.compare(
     validatedFields.data.password,
     user.password,
   );
 
-  // If the password does not match, return early
   if (!passwordMatch) {
     return errorMessage;
   }
 
-  // 4. If login successful, create a session for the user and redirect
-  const userId = user.id.toString();
-  await createSession(userId);
+  const userId = user.id;
+  await createDbSession(userId);
 
-  return {
-    message: 'Login successful.',
-  };
+  redirect('/dashboard');
 }
 
 export async function logout() {
-  deleteSession();
+  try {
+    const user = await getUser(); // get the current logged-in user
+    if (!user) {
+      console.log('No user logged in');
+      return {
+        message: 'No user logged in',
+      };
+    }
+
+    const userId = user.id;
+    console.log('Logging out user with ID:', userId);
+
+    const result = await deleteDbSession(userId);
+    if (result.success) {
+      console.log('Successfully logged out');
+    } else {
+      console.log('Failed to log out');
+    }
+  } catch (error) {
+    console.error('Error during logout:', error);
+  }
 }

app/auth/02-database-session.ts

@@ -5,6 +5,8 @@ import { cookies } from 'next/headers';
 import type { SessionPayload } from '@/app/auth/definitions';
 import { sessions } from '@/drizzle/schema';
 import { db } from '@/drizzle/db';
+import { eq } from 'drizzle-orm';
+import { createLocalSession } from './02-stateless-session';
 
 const secretKey = process.env.SECRET;
 if (!secretKey) {
@@ -32,40 +34,75 @@ export async function decrypt(session: string | undefined = '') {
   }
 }
 
-export async function createSession(id: number) {
+export async function createDbSession(userId: number) {
   const expiresAt = new Date(Date.now() + 7 * 24 * 60 * 60 * 1000);
 
   try {
-    // 1. Create a session in the database
     const data = await db
       .insert(sessions)
       .values({
-        userId: id,
-        expiresAt,
+        userId: userId,
+        expiresAt: expiresAt,
       })
-      // Return the session ID
       .returning({ id: sessions.id });
 
     if (data.length === 0) {
       throw new Error('Failed to create session in the database');
     }
 
     const sessionId = data[0].id;
+    const session = await encrypt({ userId: userId, expiresAt: expiresAt });
 
-    // 2. Encrypt the session ID
-    const session = await encrypt({ userId: id, expiresAt });
-
-    // 3. Store the session in cookies for optimistic auth checks
-    cookies().set('session', session, {
-      httpOnly: true,
-      secure: true,
-      expires: expiresAt,
-      sameSite: 'lax',
-      path: '/',
-    });
+    createLocalSession(session, expiresAt);
 
     console.log(`Session created successfully: ${sessionId}`);
   } catch (error) {
     console.error('Error creating session:', error);
   }
 }
+
+export async function deleteDbSession(userId: number) {
+  try {
+    // Get session from cookies
+    const sessionCookie = cookies().get('session')?.value;
+    if (!sessionCookie) {
+      console.log('No session cookie found');
+      return { success: false };
+    }
+    console.log('Session cookie:', sessionCookie);
+
+    // Decrypt session
+    const session = await decrypt(sessionCookie);
+    if (!session) {
+      console.log('Failed to decrypt session');
+      return { success: false };
+    }
+    console.log('Decrypted session:', session);
+
+    // Verify session user ID
+    if (session.userId !== userId) {
+      console.log('Session userId mismatch:', session.userId, '!==', userId);
+      return { success: false };
+    }
+
+    // Delete session from the database
+    const response = await db
+      .delete(sessions)
+      .where(eq(sessions.userId, userId));
+
+    if (!response) {
+      console.log('Failed to delete session from the database');
+      return { success: false };
+    }
+    console.log('Session deleted from database');
+
+    // Delete session from cookies
+    cookies().delete('session');
+    console.log('Session cookie deleted');
+
+    return { success: true };
+  } catch (error) {
+    console.error('Error deleting session:', error);
+    return { success: false };
+  }
+}