RyderTech/nlcc-itinerary
1
0
Fork 0
Code Issues Pull Requests Packages Activity
Files
ffb721a12cbb11146d278e638ba1c0199a854c45
nlcc-itinerary/server/api/auth/register.post.ts

133 lines
3.8 KiB
TypeScript
Raw Blame History

import { createUser, getUserByUsername, getUserByEmail, checkRateLimit, createSession } from '~/server/utils/database'
import { setAuthCookie, generateSessionToken } from '~/server/utils/auth'
export default defineEventHandler(async (event) => {
// Get real client IP from proxy headers (prioritize x-real-ip for NPM)
const xRealIp = getHeader(event, 'x-real-ip')
const xForwardedFor = getHeader(event, 'x-forwarded-for')
const cfConnectingIp = getHeader(event, 'cf-connecting-ip')
// Use x-real-ip first (set by NPM), then x-forwarded-for, then cf-connecting-ip, then fallback
const clientIp = xRealIp ||
(xForwardedFor ? xForwardedFor.split(',')[0].trim() : null) ||
cfConnectingIp ||
getRequestIP(event) ||
'unknown'
// Log IP for verification
console.log(`[REGISTER ATTEMPT] IP: ${clientIp}, Headers:`, {
'x-forwarded-for': xForwardedFor,
'x-real-ip': xRealIp,
'cf-connecting-ip': cfConnectingIp,
'getRequestIP': getRequestIP(event)
})
// Check rate limit: 3 attempts per hour
if (!checkRateLimit(clientIp, 'register', 3, 60)) {
throw createError({
statusCode: 429,
message: 'Too many registration attempts. Please try again in 1 hour.'
})
}
const body = await readBody(event)
const { username, password, email, firstName, lastName } = body
if (!username || !password || !email || !firstName || !lastName) {
throw createError({
statusCode: 400,
message: 'All fields are required'
})
}
// Validate email format
const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/
if (!emailRegex.test(email)) {
throw createError({
statusCode: 400,
message: 'Invalid email format'
})
}
// Validate username format
if (username.length < 3) {
throw createError({
statusCode: 400,
message: 'Username must be at least 3 characters long'
})
}
// Validate password strength
if (password.length < 8) {
throw createError({
statusCode: 400,
message: 'Password must be at least 8 characters long'
})
}
if (!/[A-Z]/.test(password)) {
throw createError({
statusCode: 400,
message: 'Password must contain at least one uppercase letter'
})
}
if (!/[a-z]/.test(password)) {
throw createError({
statusCode: 400,
message: 'Password must contain at least one lowercase letter'
})
}
if (!/[0-9!@#$%^&*()_+\-=\[\]{};':"\\|,.<>\/?]/.test(password)) {
throw createError({
statusCode: 400,
message: 'Password must contain at least one number or symbol'
})
}
// Check if username already exists
const existingUser = getUserByUsername(username.toLowerCase())
if (existingUser) {
throw createError({
statusCode: 409,
message: 'Username already exists'
})
}
// Check if email already exists
const existingEmail = getUserByEmail(email.toLowerCase())
if (existingEmail) {
throw createError({
statusCode: 409,
message: 'Email already exists'
})
}
try {
// Create the new user with all fields
createUser(username.toLowerCase(), password, email.toLowerCase(), firstName, lastName)
// Generate session token and create session for auto-login
const sessionToken = generateSessionToken()
const expiresAt = new Date(Date.now() + 24 * 60 * 60 * 1000).toISOString() // 24 hours
createSession(sessionToken, username.toLowerCase(), expiresAt)
// Set session cookie
setAuthCookie(event, sessionToken)
// Log successful registration
console.log(`[REGISTER SUCCESS] User: ${username.toLowerCase()}, IP: ${clientIp}`)
return {
success: true,
username: username.toLowerCase()
}
} catch (error) {
throw createError({
statusCode: 500,
message: 'Failed to create user account'
})
}
})
Reference in New Issue View Git Blame Copy Permalink