2022-11-09 07:58:52 +01:00
|
|
|
import {
|
|
|
|
|
ok,
|
|
|
|
|
unauthorized,
|
|
|
|
|
badRequest,
|
|
|
|
|
checkPassword,
|
|
|
|
|
createSecureToken,
|
|
|
|
|
methodNotAllowed,
|
|
|
|
|
getRandomChars,
|
|
|
|
|
} from 'next-basics';
|
2022-11-01 07:42:37 +01:00
|
|
|
import { getUser } from 'queries';
|
2022-08-29 05:20:54 +02:00
|
|
|
import { secret } from 'lib/crypto';
|
2022-11-08 01:22:49 +01:00
|
|
|
import redis from 'lib/redis';
|
2020-07-23 00:46:05 +02:00
|
|
|
|
2020-07-23 05:45:09 +02:00
|
|
|
export default async (req, res) => {
|
2022-11-09 07:58:52 +01:00
|
|
|
if (req.method === 'POST') {
|
|
|
|
|
const { username, password } = req.body;
|
2020-07-23 00:46:05 +02:00
|
|
|
|
2022-11-09 07:58:52 +01:00
|
|
|
if (!username || !password) {
|
|
|
|
|
return badRequest(res);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const user = await getUser({ username });
|
2021-10-04 05:44:02 +02:00
|
|
|
|
2022-11-09 07:58:52 +01:00
|
|
|
if (user && checkPassword(password, user.password)) {
|
|
|
|
|
if (redis.enabled) {
|
|
|
|
|
const key = `auth:${getRandomChars(32)}`;
|
2020-07-23 00:46:05 +02:00
|
|
|
|
2022-11-09 07:58:52 +01:00
|
|
|
await redis.set(key, user);
|
2022-11-08 21:28:45 +01:00
|
|
|
|
2022-11-09 07:58:52 +01:00
|
|
|
const token = createSecureToken(key, secret());
|
|
|
|
|
|
|
|
|
|
return ok(res, { token, user });
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const token = createSecureToken(user.id, secret());
|
2022-11-08 01:22:49 +01:00
|
|
|
|
|
|
|
|
return ok(res, { token, user });
|
|
|
|
|
}
|
|
|
|
|
|
2022-11-09 07:58:52 +01:00
|
|
|
return unauthorized(res, 'Incorrect username and/or password.');
|
2020-07-23 00:46:05 +02:00
|
|
|
}
|
2020-07-29 04:04:45 +02:00
|
|
|
|
2022-11-09 07:58:52 +01:00
|
|
|
return methodNotAllowed(res);
|
2020-07-23 00:46:05 +02:00
|
|
|
};
|
