ghostguild-org/server/api/members/profile.patch.js

import Member from "../../models/member.js";
import { requireAuth } from "../../utils/auth.js";

export default defineEventHandler(async (event) => {
  const authedMember = await requireAuth(event);
  const memberId = authedMember._id;

  const body = await readBody(event);

  // Define allowed profile fields
  const allowedFields = [
    "pronouns",
    "timeZone",
    "avatar",
    "studio",
    "bio",
    "location",
    "socialLinks",
    "showInDirectory",
  ];

  // Define privacy fields
  const privacyFields = [
    "pronounsPrivacy",
    "timeZonePrivacy",
    "avatarPrivacy",
    "studioPrivacy",
    "bioPrivacy",
    "locationPrivacy",
    "socialLinksPrivacy",
    "offeringPrivacy",
    "lookingForPrivacy",
  ];

  // Build update object
  const updateData = {};

  allowedFields.forEach((field) => {
    if (body[field] !== undefined) {
      updateData[field] = body[field];
    }
  });

  // Handle offering and lookingFor separately (nested objects)
  if (body.offering !== undefined) {
    updateData.offering = {
      text: body.offering.text || "",
      tags: body.offering.tags || [],
    };
  }
  if (body.lookingFor !== undefined) {
    updateData.lookingFor = {
      text: body.lookingFor.text || "",
      tags: body.lookingFor.tags || [],
    };
  }

  // Handle privacy settings
  privacyFields.forEach((privacyField) => {
    if (body[privacyField] !== undefined) {
      const baseField = privacyField.replace("Privacy", "");
      updateData[`privacy.${baseField}`] = body[privacyField];
    }
  });

  try {
    const member = await Member.findByIdAndUpdate(
      memberId,
      { $set: updateData },
      { new: true, runValidators: true },
    );

    if (!member) {
      throw createError({
        statusCode: 404,
        message: "Member not found",
      });
    }

    // Return sanitized member data
    return {
      id: member._id,
      email: member.email,
      name: member.name,
      circle: member.circle,
      contributionTier: member.contributionTier,
      pronouns: member.pronouns,
      timeZone: member.timeZone,
      avatar: member.avatar,
      studio: member.studio,
      bio: member.bio,
      location: member.location,
      socialLinks: member.socialLinks,
      offering: member.offering,
      lookingFor: member.lookingFor,
      showInDirectory: member.showInDirectory,
    };
  } catch (error) {
    console.error("Profile update error:", error);
    throw createError({
      statusCode: 500,
      message: "Failed to update profile",
    });
  }
});