Enrollment + almost all auth

app/api/verify-email/route.ts

@@ -0,0 +1,62 @@
+import { NextResponse } from "next/server";
+import { prisma } from "@/lib/prisma";
+import { buildSessionCookieOptions, COOKIE_NAME, SESSION_DAYS } from "@/lib/auth/sessionCookie";
+import { getBaseUrl } from "@/lib/appUrl";
+
+export async function GET(req: Request) {
+  const url = new URL(req.url);
+  const token = url.searchParams.get("token");
+  const wantsJson = req.headers.get("accept")?.includes("application/json");
+
+  if (!token) {
+    return NextResponse.json({ ok: false, error: "Missing token" }, { status: 400 });
+  }
+
+  const user = await prisma.user.findFirst({
+    where: {
+      emailVerificationToken: token,
+      emailVerificationExpiresAt: { gt: new Date() },
+    },
+  });
+
+  if (!user) {
+    return NextResponse.json({ ok: false, error: "Invalid or expired token" }, { status: 404 });
+  }
+
+  await prisma.user.update({
+    where: { id: user.id },
+    data: {
+      emailVerifiedAt: new Date(),
+      emailVerificationToken: null,
+      emailVerificationExpiresAt: null,
+    },
+  });
+
+  const membership = await prisma.orgUser.findFirst({
+    where: { userId: user.id },
+    orderBy: { createdAt: "asc" },
+  });
+
+  if (!membership) {
+    return NextResponse.json({ ok: false, error: "No organization found" }, { status: 403 });
+  }
+
+  const expiresAt = new Date(Date.now() + SESSION_DAYS * 24 * 60 * 60 * 1000);
+  const session = await prisma.session.create({
+    data: {
+      userId: user.id,
+      orgId: membership.orgId,
+      expiresAt,
+    },
+  });
+
+  if (wantsJson) {
+    const res = NextResponse.json({ ok: true, next: "/machines" });
+    res.cookies.set(COOKIE_NAME, session.id, buildSessionCookieOptions(req));
+    return res;
+  }
+
+  const res = NextResponse.redirect(new URL("/machines", getBaseUrl(req)));
+  res.cookies.set(COOKIE_NAME, session.id, buildSessionCookieOptions(req));
+  return res;
+}