engagentdev
diff --git a/‎app/api/org/join-requests/[id]/decision/route.ts‎
Lines changed: 75 additions & 0 deletions b/‎app/api/org/join-requests/[id]/decision/route.ts‎
Lines changed: 75 additions & 0 deletions
diff --git a/‎app/api/org/join-requests/route.ts‎
Lines changed: 94 additions & 0 deletions b/‎app/api/org/join-requests/route.ts‎
Lines changed: 94 additions & 0 deletions
diff --git a/‎app/api/org/settings/route.ts‎
Lines changed: 3 additions & 10 deletions b/‎app/api/org/settings/route.ts‎
Lines changed: 3 additions & 10 deletions
diff --git a/‎app/api/restricted/signout/route.ts‎
Lines changed: 19 additions & 0 deletions b/‎app/api/restricted/signout/route.ts‎
Lines changed: 19 additions & 0 deletions
diff --git a/‎app/auth/signin/SignInClient.tsx‎
Lines changed: 64 additions & 35 deletions b/‎app/auth/signin/SignInClient.tsx‎
Lines changed: 64 additions & 35 deletions
diff --git a/‎app/auth/signin/cwru/page.tsx‎
Lines changed: 0 additions & 40 deletions b/‎app/auth/signin/cwru/page.tsx‎
Lines changed: 0 additions & 40 deletions
@@ -0,0 +1,75 @@
+import { NextRequest, NextResponse } from "next/server"
+import { getServerSession } from "next-auth"
+import { authOptions } from "@/lib/auth"
+import { prisma } from "@/lib/prisma"
+
+// POST /api/org/join-requests/[id]/decision
+// body: { decision: "APPROVE" | "DECLINE" }
+export async function POST(
+  req: NextRequest,
+  context: { params: Promise<{ id: string }> }
+) {
+  try {
+    const session = await getServerSession(authOptions)
+    if (!session?.user?.id) return NextResponse.json({ error: "Unauthorized" }, { status: 401 })
+
+    const { id } = await context.params
+    if (!id) return NextResponse.json({ error: "Missing id" }, { status: 400 })
+
+    const body = (await req.json().catch(() => null)) as { decision?: "APPROVE" | "DECLINE" } | null
+    const decision = body?.decision
+    if (decision !== "APPROVE" && decision !== "DECLINE") {
+      return NextResponse.json({ error: "Invalid decision" }, { status: 400 })
+    }
+
+    // Load request and org
+    const request = await prisma.organizationJoinRequest.findUnique({
+      where: { id },
+      select: { id: true, status: true, organizationId: true, userId: true },
+    })
+    if (!request) return NextResponse.json({ error: "Not found" }, { status: 404 })
+    if (request.status !== "PENDING") return NextResponse.json({ error: "Already decided" }, { status: 400 })
+
+    // Authorization: approver must be member or owner-by-email of this org
+    const organizationId = request.organizationId
+    let member = await prisma.organizationMember.findFirst({ where: { organizationId, userId: session.user.id } })
+    if (!member) {
+      const [user, org] = await Promise.all([
+        prisma.user.findUnique({ where: { id: session.user.id }, select: { email: true } }),
+        prisma.organization.findUnique({ where: { id: organizationId }, select: { email: true, contactEmail: true } }),
+      ])
+      const isOwnerByEmail = !!(user?.email && org && (org.email === user.email || org.contactEmail === user.email))
+      if (!isOwnerByEmail) return NextResponse.json({ error: "Forbidden" }, { status: 403 })
+      // Optional: backfill membership so future checks pass
+      member = await prisma.organizationMember.upsert({
+        where: { organizationId_userId: { organizationId, userId: session.user.id } },
+        create: { organizationId, userId: session.user.id },
+        update: {},
+      })
+    }
+
+    if (decision === "DECLINE") {
+      await prisma.organizationJoinRequest.update({ where: { id }, data: { status: "DECLINED", decidedAt: new Date() } })
+      return NextResponse.json({ ok: true })
+    }
+
+    // APPROVE
+    await prisma.$transaction(async (tx) => {
+      // Create membership
+      await tx.organizationMember.upsert({
+        where: { organizationId_userId: { organizationId, userId: request.userId } },
+        create: { organizationId, userId: request.userId },
+        update: {},
+      })
+      // Promote to ORGANIZATION and mark profile complete
+      await tx.user.update({ where: { id: request.userId }, data: { role: "ORGANIZATION", profileComplete: true } })
+      // Mark request approved
+      await tx.organizationJoinRequest.update({ where: { id }, data: { status: "APPROVED", decidedAt: new Date() } })
+    })
+
+    return NextResponse.json({ ok: true })
+  } catch (e) {
+    console.error("POST /api/org/join-requests/[id]/decision error", e)
+    return NextResponse.json({ error: "Server error" }, { status: 500 })
+  }
+}
@@ -0,0 +1,94 @@
+import { NextResponse } from "next/server"
+import { getServerSession } from "next-auth"
+import { authOptions } from "@/lib/auth"
+import { prisma } from "@/lib/prisma"
+
+// POST /api/org/join-requests
+// body: { organizationId: string, message?: string }
+export async function POST(req: Request) {
+  try {
+    const session = await getServerSession(authOptions)
+    if (!session?.user?.id) return NextResponse.json({ error: "Unauthorized" }, { status: 401 })
+
+    const body = (await req.json().catch(() => null)) as { organizationId?: string; message?: string } | null
+    const organizationId = body?.organizationId
+    const message = (body?.message || "").slice(0, 500) || undefined
+    if (!organizationId) return NextResponse.json({ error: "Missing organizationId" }, { status: 400 })
+
+    // Verify org exists
+    const org = await prisma.organization.findUnique({ where: { id: organizationId }, select: { id: true } })
+    if (!org) return NextResponse.json({ error: "Organization not found" }, { status: 404 })
+
+    // If already a member, no-op
+    const existingMember = await prisma.organizationMember.findUnique({
+      where: { organizationId_userId: { organizationId, userId: session.user.id } },
+    })
+    if (existingMember) return NextResponse.json({ ok: true, alreadyMember: true })
+
+    // If there is a pending request, ensure role is ORGANIZATION and return success
+    const pending = await prisma.organizationJoinRequest.findFirst({
+      where: { organizationId, userId: session.user.id, status: "PENDING" },
+    })
+    if (pending) {
+      await prisma.user.update({ where: { id: session.user.id }, data: { role: "ORGANIZATION" } })
+      return NextResponse.json({ ok: true, pending: true, id: pending.id })
+    }
+
+    const created = await prisma.organizationJoinRequest.create({
+      data: { organizationId, userId: session.user.id, message },
+      select: { id: true, createdAt: true },
+    })
+    // Immediately mark the user's role as ORGANIZATION (profileComplete remains false until approved)
+    await prisma.user.update({ where: { id: session.user.id }, data: { role: "ORGANIZATION" } })
+    return NextResponse.json({ ok: true, id: created.id })
+  } catch (e) {
+    console.error("POST /api/org/join-requests error", e)
+    return NextResponse.json({ error: "Server error" }, { status: 500 })
+  }
+}
+
+// GET /api/org/join-requests?organizationId=...
+// Returns pending join requests for an org (approvers only)
+export async function GET(req: Request) {
+  try {
+    const { searchParams } = new URL(req.url)
+    const organizationId = searchParams.get("organizationId")
+    if (!organizationId) return NextResponse.json({ error: "Missing organizationId" }, { status: 400 })
+
+    const session = await getServerSession(authOptions)
+    if (!session?.user?.id) return NextResponse.json({ error: "Unauthorized" }, { status: 401 })
+
+    // Authorization: must be a member OR owner-by-email
+    let member = await prisma.organizationMember.findFirst({ where: { organizationId, userId: session.user.id } })
+    if (!member) {
+      const [user, org] = await Promise.all([
+        prisma.user.findUnique({ where: { id: session.user.id }, select: { email: true } }),
+        prisma.organization.findUnique({ where: { id: organizationId }, select: { email: true, contactEmail: true } }),
+      ])
+      const isOwnerByEmail = !!(user?.email && org && (org.email === user.email || org.contactEmail === user.email))
+      if (!isOwnerByEmail) return NextResponse.json({ error: "Forbidden" }, { status: 403 })
+      // Optional: backfill membership so future checks pass
+      member = await prisma.organizationMember.upsert({
+        where: { organizationId_userId: { organizationId, userId: session.user.id } },
+        create: { organizationId, userId: session.user.id },
+        update: {},
+      })
+    }
+
+    const requests = await prisma.organizationJoinRequest.findMany({
+      where: { organizationId, status: "PENDING" },
+      orderBy: { createdAt: "asc" },
+      select: {
+        id: true,
+        message: true,
+        createdAt: true,
+        user: { select: { id: true, name: true, email: true, image: true } },
+      },
+    })
+
+    return NextResponse.json({ data: requests })
+  } catch (e) {
+    console.error("GET /api/org/join-requests error", e)
+    return NextResponse.json({ error: "Server error" }, { status: 500 })
+  }
+}
@@ -1,10 +1,10 @@
-import { NextRequest, NextResponse } from "next/server"
+import { NextResponse } from "next/server"
 import { getServerSession } from "next-auth"
 import { authOptions } from "@/lib/auth"
 import { prisma } from "@/lib/prisma"
 
 // Load current organization's settings (name, contactEmail)
-export async function GET(req: NextRequest) {
+export async function GET() {
   const session = await getServerSession(authOptions)
   if (!session?.user?.id) return NextResponse.json({ error: "Unauthorized" }, { status: 401 })
 
@@ -36,12 +36,6 @@ export async function GET(req: NextRequest) {
   }
   if (!org) return NextResponse.json({ error: "Organization not found" }, { status: 404 })
 
-  const envBase = process.env.NEXTAUTH_URL?.trim()
-  const reqOrigin = (() => {
-    try { return new URL(req.url).origin } catch { return null }
-  })()
-  const baseUrl = envBase || reqOrigin || null
-
   return NextResponse.json({
     id: org.id,
     name: org.name ?? "",
@@ -52,12 +46,11 @@ export async function GET(req: NextRequest) {
     defaultEventLocationTemplate: org.defaultEventLocationTemplate ?? null,
     defaultVolunteersNeeded: org.defaultVolunteersNeeded ?? null,
     userEmail: userEmail,
-    baseUrl,
   })
 }
 
 // Update current organization's settings
-export async function PUT(req: NextRequest) {
+export async function PUT(req: Request) {
   const session = await getServerSession(authOptions)
   if (!session?.user?.id) return NextResponse.json({ error: "Unauthorized" }, { status: 401 })
 
 
@@ -0,0 +1,19 @@
+import { NextResponse } from "next/server";
+import { getServerSession } from "next-auth";
+import { authOptions } from "@/lib/auth";
+import { prisma } from "@/lib/prisma";
+
+export async function POST() {
+  try {
+    const session = await getServerSession(authOptions);
+    const userId = session?.user?.id;
+    if (userId) {
+      // Delete the user and cascade to related entities per schema
+      await prisma.user.delete({ where: { id: userId } });
+    }
+    return NextResponse.json({ ok: true });
+  } catch (e) {
+    console.error("restricted signout delete failed", e);
+    return NextResponse.json({ ok: false }, { status: 500 });
+  }
+}
@@ -1,8 +1,13 @@
 "use client"
 
 import * as React from "react"
+import Link from "next/link"
 import { useSearchParams } from "next/navigation"
 import { signIn } from "next-auth/react"
+import { Button } from "@/components/ui/button"
+import { Card, CardContent, CardHeader } from "@/components/ui/card"
+import { Toaster } from "@/components/ui/sonner"
+import { toast } from "sonner"
 
 export default function SignInClient() {
   const params = useSearchParams()
@@ -11,44 +16,68 @@ export default function SignInClient() {
   const cb = params.get("callbackUrl") || "/"
   const mode = params.get("mode") || undefined
 
+  React.useEffect(() => {
+    const err = params.get("error")
+    if (err === "org_pending") {
+      toast.error("Your request is pending approval. You can sign in after an admin approves.")
+    }
+  }, [params])
+
   return (
-    <main className="min-h-screen flex items-center justify-center p-6">
-      <div className="w-full max-w-sm rounded-xl border bg-card p-6 shadow-sm">
-        <div className="mb-4">
-          <h1 className="text-xl font-semibold">Sign in</h1>
-          <p className="text-sm text-muted-foreground">
-            {mode === "org-invite"
-              ? "Continue to join the organization with your Google account."
-              : "Continue with your Google account."}
-          </p>
+    <main className="min-h-[calc(100vh-4rem)] p-6 bg-gradient-to-b from-primary/20 via-transparent to-transparent">
+      <header className="mb-6 flex justify-end">
+        <Button asChild variant="default">
+          <Link href="/auth/signup">Sign up</Link>
+        </Button>
+      </header>
+      <div className="min-h-[calc(100vh-10rem)] flex items-center justify-center">
+        <div className="w-full max-w-sm">
+          <Card>
+            <CardHeader className="text-center space-y-1">
+              <h1 className="text-2xl font-semibold tracking-tight">Sign in</h1>
+              <p className="text-sm text-muted-foreground">
+                {mode === "org-invite"
+                  ? "Continue to join the organization with your Google account."
+                  : "Continue with your Google account."}
+              </p>
+            </CardHeader>
+            <CardContent>
+              <button
+                type="button"
+                disabled={loading}
+                onClick={async () => {
+                  setLoading(true)
+                  try {
+                    try {
+                      // Clear any stale volunteer/org-intent cookies to avoid misrouting
+                      document.cookie = "signup_user=; Max-Age=0; Path=/; SameSite=Lax";
+                      document.cookie = "org_join_orgId=; Max-Age=0; Path=/; SameSite=Lax";
+                    } catch {}
+                    await signIn("google", { callbackUrl: cb })
+                  } finally {
+                    setLoading(false)
+                  }
+                }}
+                className="w-full inline-flex items-center justify-center gap-2 rounded-md bg-orange-500 px-4 py-2 text-white hover:bg-orange-600 disabled:opacity-50"
+              >
+                <span className="inline-flex h-4 w-4 items-center justify-center">
+                  <svg viewBox="0 0 24 24" fill="currentColor" className="h-4 w-4" aria-hidden>
+                    <path d="M21.35 11.1h-8.9v2.98h5.1c-.22 1.3-.93 2.4-1.98 3.14l3.2 2.48c1.87-1.73 2.95-4.28 2.95-7.38 0-.64-.06-1.25-.17-1.83z" />
+                    <path d="M12.45 22c2.67 0 4.91-.88 6.55-2.39l-3.2-2.48c-.89 .6-2.02 .95-3.35 .95-2.57 0-4.75-1.73-5.53-4.06H3.59v2.55A9.55 9.55 0 0 0 12.45 22z" />
+                    <path d="M6.92 13.99a5.73 5.73 0 0 1 0-3.98V7.46H3.59a9.57 9.57 0 0 0 0 9.08l3.33-2.55z" />
+                    <path d="M12.45 5.52c1.45 0 2.74 .5 3.76 1.47l2.82-2.82A9.52 9.52 0 0 0 12.45 2 9.55 9.55 0 0 0 3.59 7.46l3.33 2.55c.78-2.33 2.96-4.49 5.53-4.49z" />
+                  </svg>
+                </span>
+                {loading ? "Redirecting…" : "Continue with Google"}
+              </button>
+              <p className="mt-4 text-[11px] text-muted-foreground text-center">
+                By continuing, you agree to our Terms and acknowledge our Privacy Policy.
+              </p>
+            </CardContent>
+          </Card>
         </div>
-        <button
-          type="button"
-          disabled={loading}
-          onClick={async () => {
-            setLoading(true)
-            try {
-              await signIn("google", { callbackUrl: cb })
-            } finally {
-              setLoading(false)
-            }
-          }}
-          className="w-full inline-flex items-center justify-center gap-2 rounded-md bg-orange-500 px-4 py-2 text-white hover:bg-orange-600 disabled:opacity-50"
-        >
-          <span className="inline-flex h-4 w-4 items-center justify-center">
-            <svg viewBox="0 0 24 24" fill="currentColor" className="h-4 w-4" aria-hidden>
-              <path d="M21.35 11.1h-8.9v2.98h5.1c-.22 1.3-.93 2.4-1.98 3.14l3.2 2.48c1.87-1.73 2.95-4.28 2.95-7.38 0-.64-.06-1.25-.17-1.83z" />
-              <path d="M12.45 22c2.67 0 4.91-.88 6.55-2.39l-3.2-2.48c-.89.6-2.02.95-3.35.95-2.57 0-4.75-1.73-5.53-4.06H3.59v2.55A9.55 9.55 0 0 0 12.45 22z" />
-              <path d="M6.92 13.99a5.73 5.73 0 0 1 0-3.98V7.46H3.59a9.57 9.57 0 0 0 0 9.08l3.33-2.55z" />
-              <path d="M12.45 5.52c1.45 0 2.74.5 3.76 1.47l2.82-2.82A9.52 9.52 0 0 0 12.45 2 9.55 9.55 0 0 0 3.59 7.46l3.33 2.55c.78-2.33 2.96-4.49 5.53-4.49z" />
-            </svg>
-          </span>
-          {loading ? "Redirecting…" : "Continue with Google"}
-        </button>
-        <p className="mt-4 text-[11px] text-muted-foreground">
-          By continuing, you agree to our Terms and acknowledge our Privacy Policy.
-        </p>
       </div>
+      <Toaster />
     </main>
   )
 }