tomodachi-share/backend/src/app/api/auth/about-me/route.ts

import { NextRequest, NextResponse } from "next/server";
import { profanity } from "@2toad/profanity";
import z from "zod";

import { auth } from "@/lib/auth";
import { prisma } from "@/lib/prisma";
import { RateLimit } from "@/lib/rate-limit";

export async function POST(request: NextRequest) {
	const session = await auth();
	if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });

	const rateLimit = new RateLimit(request, 3);
	const check = await rateLimit.handle();
	if (check) return check;

	const { description } = await request.json();
	if (!description) return rateLimit.sendResponse({ error: "New about me is required" }, 400);

	const validation = z.string().trim().max(256).safeParse(description);
	if (!validation.success) return rateLimit.sendResponse({ error: validation.error.issues[0].message }, 400);

	try {
		await prisma.user.update({
			where: { id: Number(session.user?.id) },
			data: { description: profanity.censor(description) },
		});
	} catch (error) {
		console.error("Failed to update description:", error);
		return rateLimit.sendResponse({ error: "Failed to update description" }, 500);
	}

	// Tell Cloudflare to purge cache
	fetch(`https://api.cloudflare.com/client/v4/zones/${process.env.CLOUDFLARE_ZONE_ID}/purge_cache`, {
		method: "POST",
		headers: { Authorization: `Bearer ${process.env.CLOUDFLARE_API_TOKEN}`, "Content-Type": "application/json" },
		body: JSON.stringify({
			files: [`${process.env.NEXT_PUBLIC_BASE_URL}/api/profile/${session.user?.id}/info`],
		}),
	});

	return rateLimit.sendResponse({ success: true });
}