This commit is contained in:
commit
421043c9b5
GPG key ID:
8F553AA4320FC711
67 changed files with 3455 additions and 0 deletions
178
src/routes/user/login.ts
Normal file
178
src/routes/user/login.ts
Normal file
|
|
@ -0,0 +1,178 @@
|
|||
import { echo } from "@atums/echo";
|
||||
import { sessionManager } from "#lib/auth";
|
||||
import { cassandra } from "#lib/database";
|
||||
import { isValidEmail, isValidUsername } from "#lib/validation";
|
||||
|
||||
import type {
|
||||
ExtendedRequest,
|
||||
LoginRequest,
|
||||
LoginResponse,
|
||||
RouteDef,
|
||||
UserRow,
|
||||
} from "#types/server";
|
||||
|
||||
const routeDef: RouteDef = {
|
||||
method: "POST",
|
||||
accepts: "application/json",
|
||||
returns: "application/json",
|
||||
needsBody: "json",
|
||||
};
|
||||
|
||||
async function handler(
|
||||
request: ExtendedRequest,
|
||||
requestBody: unknown,
|
||||
): Promise<Response> {
|
||||
try {
|
||||
const { identifier, password } = requestBody as LoginRequest;
|
||||
const { force } = request.query;
|
||||
|
||||
if (force !== "true" && force !== "1") {
|
||||
const existingSession = await sessionManager.getSession(request);
|
||||
if (existingSession) {
|
||||
const response: LoginResponse = {
|
||||
code: 409,
|
||||
success: false,
|
||||
error: "User already logged in",
|
||||
};
|
||||
return Response.json(response, { status: 409 });
|
||||
}
|
||||
}
|
||||
|
||||
if (!identifier || !password) {
|
||||
const response: LoginResponse = {
|
||||
code: 400,
|
||||
success: false,
|
||||
error:
|
||||
"Missing required fields: identifier (username or email), password",
|
||||
};
|
||||
return Response.json(response, { status: 400 });
|
||||
}
|
||||
|
||||
const isEmail = isValidEmail(identifier).valid;
|
||||
const isUsername = isValidUsername(identifier).valid;
|
||||
|
||||
if (!isEmail && !isUsername) {
|
||||
const response: LoginResponse = {
|
||||
code: 400,
|
||||
success: false,
|
||||
error: "Invalid identifier format - must be a valid username or email",
|
||||
};
|
||||
return Response.json(response, { status: 400 });
|
||||
}
|
||||
|
||||
let userQuery: string;
|
||||
let queryParams: string[];
|
||||
|
||||
if (isEmail) {
|
||||
userQuery = `
|
||||
SELECT id, username, display_name, email, password, is_verified, created_at, updated_at
|
||||
FROM users WHERE email = ? LIMIT 1
|
||||
`;
|
||||
queryParams = [identifier.trim().toLowerCase()];
|
||||
} else {
|
||||
userQuery = `
|
||||
SELECT id, username, display_name, email, password, is_verified, created_at, updated_at
|
||||
FROM users WHERE username = ? LIMIT 1
|
||||
`;
|
||||
queryParams = [identifier.trim()];
|
||||
}
|
||||
|
||||
const userResult = (await cassandra.execute(userQuery, queryParams)) as {
|
||||
rows: UserRow[];
|
||||
};
|
||||
|
||||
if (!userResult?.rows || !Array.isArray(userResult.rows)) {
|
||||
const response: LoginResponse = {
|
||||
code: 500,
|
||||
success: false,
|
||||
error: "Database query failed",
|
||||
};
|
||||
return Response.json(response, { status: 500 });
|
||||
}
|
||||
|
||||
if (userResult.rows.length === 0) {
|
||||
const response: LoginResponse = {
|
||||
code: 401,
|
||||
success: false,
|
||||
error: "Invalid credentials",
|
||||
};
|
||||
return Response.json(response, { status: 401 });
|
||||
}
|
||||
|
||||
const user = userResult.rows[0];
|
||||
|
||||
if (!user) {
|
||||
const response: LoginResponse = {
|
||||
code: 401,
|
||||
success: false,
|
||||
error: "Invalid credentials",
|
||||
};
|
||||
|
||||
return Response.json(response, { status: 401 });
|
||||
}
|
||||
|
||||
const isPasswordValid = await Bun.password.verify(password, user.password);
|
||||
|
||||
if (!isPasswordValid) {
|
||||
const response: LoginResponse = {
|
||||
code: 401,
|
||||
success: false,
|
||||
error: "Invalid credentials",
|
||||
};
|
||||
return Response.json(response, { status: 401 });
|
||||
}
|
||||
|
||||
const userAgent = request.headers.get("User-Agent") || "Unknown";
|
||||
const sessionPayload = {
|
||||
id: user.id,
|
||||
username: user.username,
|
||||
email: user.email,
|
||||
isVerified: user.is_verified,
|
||||
displayName: user.display_name,
|
||||
createdAt: user.created_at.toISOString(),
|
||||
updatedAt: user.updated_at.toISOString(),
|
||||
};
|
||||
|
||||
const sessionCookie = await sessionManager.createSession(
|
||||
sessionPayload,
|
||||
userAgent,
|
||||
);
|
||||
|
||||
const responseUser: LoginResponse["user"] = {
|
||||
id: user.id,
|
||||
username: user.username,
|
||||
displayName: user.display_name,
|
||||
email: user.email,
|
||||
isVerified: user.is_verified,
|
||||
createdAt: user.created_at.toISOString(),
|
||||
};
|
||||
|
||||
const response: LoginResponse = {
|
||||
code: 200,
|
||||
success: true,
|
||||
message: "Login successful",
|
||||
user: responseUser,
|
||||
};
|
||||
|
||||
return Response.json(response, {
|
||||
status: 200,
|
||||
headers: {
|
||||
"Set-Cookie": sessionCookie,
|
||||
},
|
||||
});
|
||||
} catch (error) {
|
||||
echo.error({
|
||||
message: "Error during user login",
|
||||
error,
|
||||
});
|
||||
|
||||
const response: LoginResponse = {
|
||||
code: 500,
|
||||
success: false,
|
||||
error: "Internal server error",
|
||||
};
|
||||
return Response.json(response, { status: 500 });
|
||||
}
|
||||
}
|
||||
|
||||
export { handler, routeDef };
|
||||
Loading…
Add table
Add a link
Reference in a new issue