my2/server/api/auth/register.post.ts

// server/api/auth/register.post.ts

/**
 * POST /api/auth/register
 *
 * Register new user via Cidaas Registration API
 *
 * Request body:
 * {
 *   "email": "user@example.com",
 *   "password": "SecurePassword123!",
 *   "firstName": "Max",
 *   "lastName": "Mustermann"
 * }
 *
 * Response:
 * {
 *   "success": true,
 *   "message": "Registration successful. Please verify your email."
 * }
 *
 * Note: User must verify email before they can log in
 */

import { z } from 'zod'

const registerSchema = z.object({
  email: z.string().email('Invalid email address'),
  password: z
    .string()
    .min(8, 'Password must be at least 8 characters')
    .regex(/[A-Z]/, 'Password must contain at least one uppercase letter')
    .regex(/[a-z]/, 'Password must contain at least one lowercase letter')
    .regex(/[0-9]/, 'Password must contain at least one number'),
  firstName: z.string().min(2, 'First name must be at least 2 characters'),
  lastName: z.string().min(2, 'Last name must be at least 2 characters'),
})

export default defineEventHandler(async (event) => {
  // 1. Validate request body
  const body = await readBody(event)

  let validatedData
  try {
    validatedData = registerSchema.parse(body)
  } catch (error) {
    if (error instanceof z.ZodError) {
      throw createError({
        statusCode: 400,
        statusMessage: 'Validation failed',
        data: error.errors,
      })
    }
    throw error
  }

  // 2. Register user via Cidaas API
  try {
    const result = await registerUser({
      email: validatedData.email,
      password: validatedData.password,
      given_name: validatedData.firstName,
      family_name: validatedData.lastName,
      locale: 'de', // Default to German
    })

    return result
  } catch (error) {
    // Handle specific registration errors
    if ((error as any).statusCode === 409) {
      throw createError({
        statusCode: 409,
        statusMessage: 'Email address already registered',
      })
    }

    throw error
  }
})