feat: add /api/auth/register route for user registration

Creates tenant and admin user with bcrypt-hashed password. Fixes registration page JSON parse error caused by missing endpoint. Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-04-09 08:14:22 +00:00
parent ffdab093ff
commit 07a057bf79
1 changed files with 69 additions and 0 deletions
--- a/src/app/api/auth/register/route.ts
+++ b/src/app/api/auth/register/route.ts
@@ -0,0 +1,69 @@
+import bcrypt from 'bcryptjs';
+import { eq } from 'drizzle-orm';
+import { db } from '@/lib/db';
+import { tenants, users } from '@/lib/db/schema';
+
+export async function POST(request: Request) {
+  try {
+    const body = await request.json();
+    const { name, email, password, tenantName } = body;
+
+    if (!name || !email || !password || !tenantName) {
+      return Response.json(
+        { error: 'Alle Felder sind erforderlich' },
+        { status: 400 },
+      );
+    }
+
+    if (typeof password !== 'string' || password.length < 8) {
+      return Response.json(
+        { error: 'Passwort muss mindestens 8 Zeichen lang sein' },
+        { status: 400 },
+      );
+    }
+
+    // Check if email already exists
+    const [existing] = await db
+      .select({ id: users.id })
+      .from(users)
+      .where(eq(users.email, email))
+      .limit(1);
+
+    if (existing) {
+      return Response.json(
+        { error: 'Diese E-Mail-Adresse ist bereits registriert' },
+        { status: 409 },
+      );
+    }
+
+    // Create tenant
+    const slug = tenantName
+      .toLowerCase()
+      .replace(/[^a-z0-9]+/g, '-')
+      .replace(/^-|-$/g, '');
+
+    const [tenant] = await db
+      .insert(tenants)
+      .values({ name: tenantName, slug })
+      .returning({ id: tenants.id });
+
+    // Hash password and create admin user
+    const passwordHash = await bcrypt.hash(password, 12);
+
+    await db.insert(users).values({
+      tenantId: tenant.id,
+      email,
+      name,
+      role: 'admin',
+      passwordHash,
+    });
+
+    return Response.json({ success: true }, { status: 201 });
+  } catch (err) {
+    console.error('Registration error:', err);
+    return Response.json(
+      { error: 'Registrierung fehlgeschlagen' },
+      { status: 500 },
+    );
+  }
+}