lomavuokraus/app/api/auth/verify/route.ts

import { NextResponse } from "next/server";
import { prisma } from "../../../../lib/prisma";

export async function POST(req: Request) {
  try {
    const body = await req.json();
    const token = String(body.token ?? "").trim();
    if (!token) {
      return NextResponse.json({ error: "Token is required" }, { status: 400 });
    }

    const record = await prisma.verificationToken.findUnique({
      where: { token },
      include: { user: true },
    });
    if (!record) {
      return NextResponse.json({ error: "Invalid token" }, { status: 400 });
    }
    if (record.consumedAt) {
      return NextResponse.json(
        { error: "Token already used" },
        { status: 400 },
      );
    }
    if (record.expiresAt < new Date()) {
      return NextResponse.json({ error: "Token expired" }, { status: 400 });
    }

    await prisma.$transaction([
      prisma.user.update({
        where: { id: record.userId },
        data: { emailVerifiedAt: new Date() },
      }),
      prisma.verificationToken.update({
        where: { id: record.id },
        data: { consumedAt: new Date() },
      }),
    ]);

    return NextResponse.json({ ok: true });
  } catch (error) {
    console.error("Verify error", error);
    return NextResponse.json({ error: "Verification failed" }, { status: 500 });
  }
}

export const dynamic = "force-dynamic";