Add authentication system with login, password reset, and member area

server/api/auth/login.post.js

@@ -0,0 +1,69 @@
+import { readUsers, writeUsers, verifyPassword, generateToken, createSession } from '../../utils/auth.js'
+
+export default defineEventHandler(async (event) => {
+  try {
+    const body = await readBody(event)
+    const { email, password } = body
+
+    if (!email || !password) {
+      throw createError({
+        statusCode: 400,
+        message: 'E-Mail und Passwort sind erforderlich'
+      })
+    }
+
+    // Find user
+    const users = await readUsers()
+    const user = users.find(u => u.email.toLowerCase() === email.toLowerCase())
+
+    if (!user) {
+      throw createError({
+        statusCode: 401,
+        message: 'Ungültige Anmeldedaten'
+      })
+    }
+
+    // Verify password
+    const isValid = await verifyPassword(password, user.password)
+    if (!isValid) {
+      throw createError({
+        statusCode: 401,
+        message: 'Ungültige Anmeldedaten'
+      })
+    }
+
+    // Generate token
+    const token = generateToken(user)
+
+    // Create session
+    await createSession(user.id, token)
+
+    // Update last login
+    user.lastLogin = new Date().toISOString()
+    const updatedUsers = users.map(u => u.id === user.id ? user : u)
+    await writeUsers(updatedUsers)
+
+    // Set cookie
+    setCookie(event, 'auth_token', token, {
+      httpOnly: true,
+      secure: process.env.NODE_ENV === 'production',
+      sameSite: 'lax',
+      maxAge: 60 * 60 * 24 * 7 // 7 days
+    })
+
+    // Return user data (without password)
+    return {
+      success: true,
+      user: {
+        id: user.id,
+        email: user.email,
+        name: user.name,
+        role: user.role
+      }
+    }
+  } catch (error) {
+    console.error('Login-Fehler:', error)
+    throw error
+  }
+})
+