Initial commit

app/api/auth/change-password/route.ts

@@ -0,0 +1,45 @@
+import { type NextRequest, NextResponse } from "next/server"
+import { safeQuery } from "@/lib/database"
+import { verifyPassword, hashPassword } from "@/lib/auth"
+
+export async function POST(request: NextRequest) {
+  try {
+    const { nationalId, currentPassword, newPassword } = await request.json()
+
+    // Input validation
+    if (!nationalId || !currentPassword || !newPassword) {
+      return NextResponse.json({ error: "נתונים חסרים" }, { status: 400 })
+    }
+
+    if (newPassword.length < 6) {
+      return NextResponse.json({ error: "הסיסמה החדשה חייבת להכיל לפחות 6 תווים" }, { status: 400 })
+    }
+
+    // Get current user data
+    const users = (await safeQuery("SELECT password FROM users WHERE national_id = ?", [nationalId])) as any[]
+
+    if (users.length === 0) {
+      return NextResponse.json({ error: "משתמש לא נמצא" }, { status: 404 })
+    }
+
+    const user = users[0]
+    const isValidCurrentPassword = await verifyPassword(currentPassword, user.password)
+
+    if (!isValidCurrentPassword) {
+      return NextResponse.json({ error: "הסיסמה הנוכחית שגויה" }, { status: 401 })
+    }
+
+    // Hash new password and update
+    const hashedNewPassword = await hashPassword(newPassword)
+
+    await safeQuery(
+      "UPDATE users SET password = ?, must_change_password = FALSE, password_changed_at = NOW() WHERE national_id = ?",
+      [hashedNewPassword, nationalId],
+    )
+
+    return NextResponse.json({ success: true })
+  } catch (error) {
+    console.error("Change password error:", error)
+    return NextResponse.json({ error: "שגיאה בשינוי סיסמה" }, { status: 500 })
+  }
+}