cal.pub0.org/packages/trpc/server/routers/viewer/auth.tsx

import { IdentityProvider } from "@prisma/client";
import { z } from "zod";

import { hashPassword, validPassword, verifyPassword } from "@calcom/lib/auth";
import prisma from "@calcom/prisma";

import { TRPCError } from "@trpc/server";

import { router, authedProcedure } from "../../trpc";

export const authRouter = router({
  changePassword: authedProcedure
    .input(
      z.object({
        oldPassword: z.string(),
        newPassword: z.string(),
      })
    )
    .mutation(async ({ input, ctx }) => {
      const { oldPassword, newPassword } = input;

      const { user } = ctx;

      if (user.identityProvider !== IdentityProvider.CAL) {
        throw new TRPCError({ code: "FORBIDDEN", message: "THIRD_PARTY_IDENTITY_PROVIDER_ENABLED" });
      }

      const currentPasswordQuery = await prisma.user.findFirst({
        where: {
          id: user.id,
        },
        select: {
          password: true,
        },
      });

      const currentPassword = currentPasswordQuery?.password;

      if (!currentPassword) {
        throw new TRPCError({ code: "NOT_FOUND", message: "MISSING_PASSWORD" });
      }

      const passwordsMatch = await verifyPassword(oldPassword, currentPassword);
      if (!passwordsMatch) {
        throw new TRPCError({ code: "BAD_REQUEST", message: "incorrect_password" });
      }

      if (oldPassword === newPassword) {
        throw new TRPCError({ code: "BAD_REQUEST", message: "new_password_matches_old_password" });
      }

      if (!validPassword(newPassword)) {
        throw new TRPCError({ code: "BAD_REQUEST", message: "password_hint_min" });
      }

      const hashedPassword = await hashPassword(newPassword);
      await prisma.user.update({
        where: {
          id: user.id,
        },
        data: {
          password: hashedPassword,
        },
      });
    }),
  verifyPassword: authedProcedure
    .input(
      z.object({
        passwordInput: z.string(),
      })
    )
    .mutation(async ({ input, ctx }) => {
      const user = await prisma.user.findUnique({
        where: {
          id: ctx.user.id,
        },
      });

      if (!user?.password) {
        throw new TRPCError({ code: "INTERNAL_SERVER_ERROR" });
      }

      const passwordsMatch = await verifyPassword(input.passwordInput, user.password);

      if (!passwordsMatch) {
        throw new TRPCError({ code: "UNAUTHORIZED" });
      }

      return;
    }),
});