lomavuokraus/app/api/auth/verify/route.ts

import { NextResponse } from 'next/server';
import { prisma } from '../../../../lib/prisma';

export async function POST(req: Request) {
  try {
    const body = await req.json();
    const token = String(body.token ?? '').trim();
    if (!token) {
      return NextResponse.json({ error: 'Token is required' }, { status: 400 });
    }

    const record = await prisma.verificationToken.findUnique({ where: { token }, include: { user: true } });
    if (!record) {
      return NextResponse.json({ error: 'Invalid token' }, { status: 400 });
    }
    if (record.consumedAt) {
      return NextResponse.json({ error: 'Token already used' }, { status: 400 });
    }
    if (record.expiresAt < new Date()) {
      return NextResponse.json({ error: 'Token expired' }, { status: 400 });
    }

    await prisma.$transaction([
      prisma.user.update({
        where: { id: record.userId },
        data: { emailVerifiedAt: new Date() },
      }),
      prisma.verificationToken.update({
        where: { id: record.id },
        data: { consumedAt: new Date() },
      }),
    ]);

    return NextResponse.json({ ok: true });
  } catch (error) {
    console.error('Verify error', error);
    return NextResponse.json({ error: 'Verification failed' }, { status: 500 });
  }
}

export const dynamic = 'force-dynamic';