69 lines
1.6 KiB
TypeScript
69 lines
1.6 KiB
TypeScript
import { verifyPassword } from '../../utils/password';
|
|
import { useSession } from 'h3';
|
|
|
|
export default defineEventHandler(async (event) => {
|
|
const body = await readBody(event);
|
|
const { email, password } = body;
|
|
|
|
// 1. Validate input
|
|
if (!email || !password) {
|
|
throw createError({
|
|
statusCode: 400,
|
|
statusMessage: 'Email and password are required',
|
|
});
|
|
}
|
|
|
|
const normalizedEmail = email.toLowerCase();
|
|
|
|
// 2. Find the user
|
|
const user = await prisma.user.findUnique({
|
|
where: { email: normalizedEmail },
|
|
});
|
|
|
|
if (!user) {
|
|
throw createError({
|
|
statusCode: 401,
|
|
statusMessage: 'Invalid credentials',
|
|
});
|
|
}
|
|
|
|
// 3. Verify the password
|
|
// WARNING: This verifyPassword is a mock. Replace with a secure library like bcrypt before production.
|
|
const isPasswordValid = await verifyPassword(password, user.password);
|
|
if (!isPasswordValid) {
|
|
throw createError({
|
|
statusCode: 401,
|
|
statusMessage: 'Invalid credentials',
|
|
});
|
|
}
|
|
|
|
// 4. Create and update the session
|
|
const session = await useSession(event, {
|
|
password: process.env.SESSION_PASSWORD, // Relies on fail-fast check in auth.ts
|
|
maxAge: 60 * 60 * 24 * 7, // 1 week
|
|
});
|
|
|
|
await session.update({
|
|
user: {
|
|
id: user.id,
|
|
email: user.email,
|
|
}
|
|
});
|
|
|
|
// 5. Return user data DTO
|
|
return {
|
|
user: {
|
|
id: user.id,
|
|
email: user.email,
|
|
nickname: user.nickname,
|
|
avatar: user.avatar,
|
|
coins: user.coins,
|
|
exp: user.exp,
|
|
soundOn: user.soundOn,
|
|
confettiOn: user.confettiOn,
|
|
createdAt: user.createdAt,
|
|
updatedAt: user.updatedAt,
|
|
}
|
|
};
|
|
});
|