50 lines
1.2 KiB
TypeScript
50 lines
1.2 KiB
TypeScript
import { db } from '$lib/server/db';
|
|
import { createSession, getUserFromSession } from '$lib/server/sessions';
|
|
import { redirect } from '@sveltejs/kit';
|
|
import bcrypt from 'bcryptjs';
|
|
import type { Actions } from './$types';
|
|
import { dev } from '$app/environment';
|
|
|
|
export const actions = {
|
|
default: async ({ cookies, request, locals: { guard } }) => {
|
|
if (!guard.requiresAuth().isFailed()) {
|
|
redirect(302, '/dash');
|
|
}
|
|
|
|
const data = await request.formData();
|
|
const username = data.get('username')?.toString();
|
|
const password = data.get('password')?.toString();
|
|
|
|
if (!username || !password) {
|
|
return {
|
|
error: 'MISSING_CREDENTIALS',
|
|
};
|
|
}
|
|
|
|
const user = db.data.users.find((u) => u.name === username);
|
|
|
|
if (!user || !bcrypt.compareSync(password, user.password)) {
|
|
return {
|
|
error: 'INVALID_CREDENTIALS',
|
|
};
|
|
}
|
|
|
|
cookies.set(
|
|
'session',
|
|
createSession({
|
|
userAgent: request.headers.get('user-agent') ?? 'UNKNOWN',
|
|
userId: user.id,
|
|
}),
|
|
{
|
|
path: '/',
|
|
httpOnly: true,
|
|
secure: !dev, // safari doesn't allow secure cookies on localhost
|
|
sameSite: true,
|
|
maxAge: 60 * 60 * 24,
|
|
},
|
|
);
|
|
|
|
redirect(302, '/dash');
|
|
},
|
|
} satisfies Actions;
|