42 lines
953 B
TypeScript
42 lines
953 B
TypeScript
import { getUserByUsername } from '~/server/utils/database'
|
|
import { setAuthCookie } from '~/server/utils/auth'
|
|
import bcrypt from 'bcrypt'
|
|
|
|
export default defineEventHandler(async (event) => {
|
|
const body = await readBody(event)
|
|
const { username, password } = body
|
|
|
|
if (!username || !password) {
|
|
throw createError({
|
|
statusCode: 400,
|
|
message: 'Username and password are required'
|
|
})
|
|
}
|
|
|
|
const user = getUserByUsername(username.toLowerCase())
|
|
|
|
if (!user) {
|
|
throw createError({
|
|
statusCode: 401,
|
|
message: 'Invalid credentials'
|
|
})
|
|
}
|
|
|
|
// Compare the provided password with the hashed password in the database
|
|
const passwordMatch = await bcrypt.compare(password, user.password)
|
|
|
|
if (!passwordMatch) {
|
|
throw createError({
|
|
statusCode: 401,
|
|
message: 'Invalid credentials'
|
|
})
|
|
}
|
|
|
|
setAuthCookie(event, user.username)
|
|
|
|
return {
|
|
success: true,
|
|
username: user.username
|
|
}
|
|
})
|