Implement GET /api/user endpoint (P0.4)

Add authenticated user profile retrieval endpoint using withAuth wrapper. Returns user profile with safe fields, excluding encrypted tokens. Changes: - Implement GET handler in src/app/api/user/route.ts - Add 4 tests for auth, response shape, sensitive field exclusion - Add path alias resolution to vitest.config.ts for @/* imports - Update IMPLEMENTATION_PLAN.md to mark P0.4 complete Response includes: id, email, garminConnected, cycleLength, lastPeriodDate, notificationTime, timezone, activeOverrides 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-10 18:48:19 +00:00
parent 76a46439b3
commit d3ba01d1e1
4 changed files with 143 additions and 10 deletions
--- a/src/app/api/user/route.ts
+++ b/src/app/api/user/route.ts
@@ -2,10 +2,30 @@
 // ABOUTME: Handles GET for profile retrieval and PATCH for updates.
 import { NextResponse } from "next/server";

-export async function GET() {
-  // TODO: Implement user profile retrieval
-  return NextResponse.json({ message: "Not implemented" }, { status: 501 });
-}
+import { withAuth } from "@/lib/auth-middleware";
+
+/**
+ * GET /api/user
+ * Returns the authenticated user's profile.
+ * Excludes sensitive fields like encrypted tokens.
+ */
+export const GET = withAuth(async (_request, user) => {
+  // Format date for consistent API response
+  const lastPeriodDate = user.lastPeriodDate
+    ? user.lastPeriodDate.toISOString().split("T")[0]
+    : null;
+
+  return NextResponse.json({
+    id: user.id,
+    email: user.email,
+    garminConnected: user.garminConnected,
+    cycleLength: user.cycleLength,
+    lastPeriodDate,
+    notificationTime: user.notificationTime,
+    timezone: user.timezone,
+    activeOverrides: user.activeOverrides,
+  });
+});

 export async function PATCH() {
  // TODO: Implement user profile update