encryption

server/api/auth/login.post.ts

@@ -1,5 +1,6 @@
 import { getUserByUsername } from '~/server/utils/database'
 import { setAuthCookie } from '~/server/utils/auth'
+import bcrypt from 'bcrypt'
 
 export default defineEventHandler(async (event) => {
   const body = await readBody(event)
@@ -14,7 +15,17 @@ export default defineEventHandler(async (event) => {
 
   const user = getUserByUsername(username.toLowerCase())
 
-  if (!user || user.password !== password) {
+  if (!user) {
+    throw createError({
+      statusCode: 401,
+      message: 'Invalid credentials'
+    })
+  }
+
+  // Compare the provided password with the hashed password in the database
+  const passwordMatch = await bcrypt.compare(password, user.password)
+
+  if (!passwordMatch) {
     throw createError({
       statusCode: 401,
       message: 'Invalid credentials'