fix broken response

docs/pages/guides/email-and-password/email-verification-codes.md

@@ -125,12 +125,16 @@ app.post("/email-verification", async () => {
 	// ...
 	const { user } = await lucia.validateSession(sessionId);
 	if (!user) {
-		return new Response(401);
+		return new Response(null, {
+			status: 401
+		});
 	}
 	const code = formData.get("code");
 	// check for length
 	if (typeof code !== "string" || code.length !== 8) {
-		return new Response(400);
+		return new Response(null, {
+			status: 400
+		});
 	}
 
 	await db.beginTransaction();
@@ -144,13 +148,19 @@ app.post("/email-verification", async () => {
 	await db.commit();
 
 	if (!databaseCode || databaseCode.code !== code) {
-		return new Response(400);
+		return new Response(null, {
+			status: 400
+		});
 	}
 	if (!isWithinExpiration(databaseCode.expires_at)) {
-		return new Response(400);
+		return new Response(null, {
+			status: 400
+		});
 	}
 	if (!user || user.email !== databaseCode.email) {
-		return new Response(400);
+		return new Response(null, {
+			status: 400
+		});
 	}
 
 	await lucia.invalidateUserSessions(user.id);

docs/pages/guides/email-and-password/email-verification-links.md

@@ -130,11 +130,15 @@ app.get("email-verification/:token", async () => {
 	await db.commit();
 
 	if (!token || !isWithinExpiration(token.expires_at)) {
-		return new Response(400);
+		return new Response(null, {
+			status: 400
+		});
 	}
 	const user = await db.table("user").where("id", "=", token.user_id).get();
 	if (!user || user.email !== token.email) {
-		return new Response(400);
+		return new Response(null, {
+			status: 400
+		});
 	}
 
 	await lucia.invalidateUserSessions(user.id);

docs/pages/guides/email-and-password/index.md

@@ -4,7 +4,7 @@ title: "Email and password"
 
 # Email and password
 
-Email based auth requires a lot of components so be prepared to do some work! For a step-by-step, framework specific tutorial to learn the basics of password based auth and Lucia, see the [Username and password](/tutorials/username-and-password) tutorial. 
+Email based auth requires a lot of components so be prepared to do some work! For a step-by-step, framework specific tutorial to learn the basics of password based auth and Lucia, see the [Username and password](/tutorials/username-and-password) tutorial.
 
 - [Password basics](/guides/email-and-password/basics)
 - Email verification

docs/pages/guides/email-and-password/password-reset.md

@@ -73,25 +73,33 @@ Extract the verification token from the URL and validate by checking the expirat
 ```ts
 import { isWithinExpiration } from "oslo";
 
-app.post("/reset-password/*", async () => {
-	let password: string;
+app.post("/reset-password/:token", async () => {
+	let password = formData.get("password");
+	if (typeof password !== "string" || password.length < 8) {
+		return new Response(null, {
+			status: 400
+		});
+	}
+	// check your framework's API
+	const verificationToken = params.token;
 
 	// ...
 
-	// there are better ways to do this - check your framework's API
-	const verificationToken = request.url.replace("http://localhost:3000/reset-password/", "");
-
 	await db.beginTransaction();
 	const token = await db.table("password_reset_token").where("id", "=", verificationToken).get();
 	await db.table("password_reset_token").where("id", "=", verificationToken).delete();
 	await db.commit();
 
 	if (!token) {
-		return new Response(400);
+		return new Response(null, {
+			status: 400
+		});
 	}
 	if (!isWithinExpiration(token.expires_at)) {
 		await db.table("password_reset_token").where("id", "=", token.id).delete();
-		return new Response(400);
+		return new Response(null, {
+			status: 400
+		});
 	}
 
 	await lucia.invalidateUserSessions(user.id);