torsten/harheimertc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
623a63c29f848766d042d35f48e80faaf94c1dfa
harheimertc/server/api/auth/login.post.js

79 lines
2.0 KiB
JavaScript
Raw Blame History

import { readUsers, writeUsers, verifyPassword, generateToken, createSession } from '../../utils/auth.js'
export default defineEventHandler(async (event) => {
try {
const body = await readBody(event)
const { email, password } = body
if (!email || !password) {
throw createError({
statusCode: 400,
message: 'E-Mail und Passwort sind erforderlich'
})
}
// Find user
const users = await readUsers()
const user = users.find(u => u.email.toLowerCase() === email.toLowerCase())
if (!user) {
throw createError({
statusCode: 401,
message: 'Ungültige Anmeldedaten'
})
}
// Check if user is active
if (user.active === false) {
throw createError({
statusCode: 403,
message: 'Ihr Konto wurde noch nicht freigeschaltet. Bitte warten Sie auf die Bestätigung des Vorstands.'
})
}
// Verify password
const isValid = await verifyPassword(password, user.password)
if (!isValid) {
throw createError({
statusCode: 401,
message: 'Ungültige Anmeldedaten'
})
}
// Generate token
const token = generateToken(user)
// Create session
await createSession(user.id, token)
// Update last login
user.lastLogin = new Date().toISOString()
const updatedUsers = users.map(u => u.id === user.id ? user : u)
await writeUsers(updatedUsers)
// Set cookie
setCookie(event, 'auth_token', token, {
httpOnly: true,
secure: false, // Auch in Production false, da wir HTTPS über Apache terminieren
sameSite: 'lax',
maxAge: 60 * 60 * 24 * 7 // 7 days
})
// Return user data (without password) and token for API usage
return {
success: true,
token: token, // Token auch im Body für externe API-Clients
user: {
id: user.id,
email: user.email,
name: user.name,
role: user.role
}
}
} catch (error) {
console.error('Login-Fehler:', error)
throw error
}
})
Reference in New Issue View Git Blame Copy Permalink