feat: optimize web ui

packages/server/src/routes/auth.ts

@@ -88,6 +88,56 @@ router.post('/refresh', async (req, res) => {
   }
 });
 
+const changePasswordSchema = z.object({
+  currentPassword: z.string(),
+  newPassword: z.string().min(8),
+});
+
+router.post('/change-password', requireAuth, async (req, res) => {
+  const parsed = changePasswordSchema.safeParse(req.body);
+  if (!parsed.success) {
+    res.status(400).json({ success: false, error: { code: 'VALIDATION', message: parsed.error.issues[0].message } });
+    return;
+  }
+
+  const { currentPassword, newPassword } = parsed.data;
+  const user = await prisma.user.findUnique({ where: { id: req.user!.userId } });
+
+  if (!user || !user.passwordHash) {
+    res.status(400).json({ success: false, error: { code: 'NO_PASSWORD', message: 'No password set for this account' } });
+    return;
+  }
+
+  const valid = await verifyPassword(currentPassword, user.passwordHash);
+  if (!valid) {
+    res.status(401).json({ success: false, error: { code: 'UNAUTHORIZED', message: 'Current password is incorrect' } });
+    return;
+  }
+
+  const newHash = await hashPassword(newPassword);
+  await prisma.user.update({ where: { id: user.id }, data: { passwordHash: newHash } });
+  res.json({ success: true, data: { message: 'Password changed' } });
+});
+
+const profileSchema = z.object({
+  name: z.string().min(1).max(100),
+});
+
+router.put('/profile', requireAuth, async (req, res) => {
+  const parsed = profileSchema.safeParse(req.body);
+  if (!parsed.success) {
+    res.status(400).json({ success: false, error: { code: 'VALIDATION', message: parsed.error.issues[0].message } });
+    return;
+  }
+
+  const user = await prisma.user.update({
+    where: { id: req.user!.userId },
+    data: { name: parsed.data.name },
+    select: { id: true, email: true, name: true },
+  });
+  res.json({ success: true, data: user });
+});
+
 router.get('/me', requireAuth, async (req, res) => {
   const user = await prisma.user.findUnique({
     where: { id: req.user!.userId },