codeboard/apps/web/src/app/api/auth/resend-verification/route.ts

import { NextResponse } from "next/server";
import crypto from "crypto";
import { auth } from "@/auth";
import { prisma } from "@/lib/prisma";
import { sendEmail } from "@/lib/email";

export async function POST() {
  const session = await auth();

  if (!session?.user?.id) {
    return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
  }

  const user = await prisma.user.findUnique({
    where: { id: session.user.id },
  });

  if (!user) {
    return NextResponse.json({ error: "User not found" }, { status: 404 });
  }

  if (user.emailVerified) {
    return NextResponse.json({ error: "Email already verified" }, { status: 400 });
  }

  const latestToken = await prisma.emailVerificationToken.findFirst({
    where: { userId: user.id },
    orderBy: { createdAt: "desc" },
  });

  if (latestToken && Date.now() - latestToken.createdAt.getTime() < 60_000) {
    return NextResponse.json(
      { error: "Please wait 60 seconds before requesting another email" },
      { status: 429 }
    );
  }

  await prisma.emailVerificationToken.updateMany({
    where: { userId: user.id, used: false },
    data: { used: true },
  });

  const rawToken = crypto.randomBytes(32).toString("hex");
  const tokenHash = crypto.createHash("sha256").update(rawToken).digest("hex");

  await prisma.emailVerificationToken.create({
    data: {
      userId: user.id,
      token: tokenHash,
      expiresAt: new Date(Date.now() + 24 * 60 * 60 * 1000),
    },
  });

  const verifyUrl = `https://codeboard.vectry.tech/verify-email?token=${rawToken}`;
  await sendEmail({
    to: user.email,
    subject: "Verify your CodeBoard email",
    html: `
      <div style="font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif; max-width: 480px; margin: 0 auto; padding: 40px 20px;">
        <h2 style="color: #e5e5e5; margin-bottom: 16px;">Verify your email</h2>
        <p style="color: #a3a3a3; line-height: 1.6;">
          Click the link below to verify your email address for CodeBoard.
        </p>
        <a href="${verifyUrl}" style="display: inline-block; margin-top: 24px; padding: 12px 24px; background-color: #3b82f6; color: #fff; text-decoration: none; border-radius: 8px; font-weight: 600;">
          Verify Email
        </a>
        <p style="color: #737373; font-size: 13px; margin-top: 32px;">
          This link expires in 24 hours.
        </p>
      </div>
    `,
  });

  return NextResponse.json({ success: true });
}