45 lines
1.2 KiB
JavaScript
45 lines
1.2 KiB
JavaScript
|
/** @type {import('./$types').Actions} */
|
||
|
|
import {compare} from 'bcrypt';
|
||
|
|
import {initDb} from '$lib/db/db.js';
|
||
|
|
import {randomBytes} from 'crypto';
|
||
|
|
import { serialize } from 'cookie';
|
||
|
|
|
||
|
|
const db = await initDb();
|
||
|
|
|
||
|
|
/** @type {import('./$types').RequestHandler} */
|
||
|
|
export async function POST(event) {
|
||
|
|
var data = await event.request.formData();
|
||
|
|
var user = data.get("username");
|
||
|
|
var password = data.get("password");
|
||
|
|
|
||
|
|
var rows = await db.all(
|
||
|
|
"SELECT * from auth WHERE user = ?",
|
||
|
|
[user]
|
||
|
|
);
|
||
|
|
|
||
|
|
if (rows && rows.length > 0) {
|
||
|
|
var isPass = await compare(password,rows[0].password);
|
||
|
|
} else {
|
||
|
|
return new Response('nouser');
|
||
|
|
}
|
||
|
|
|
||
|
|
if (isPass) {
|
||
|
|
var token = randomBytes(64).toString('hex');
|
||
|
|
await db.run("DELETE FROM token WHERE user = ?",user);
|
||
|
|
await db.run("INSERT INTO token (user,token) VALUES (?,?)",user,token);
|
||
|
|
|
||
|
|
event.cookies.set('token',token,{
|
||
|
|
path: '/',
|
||
|
|
httpOnly: true,
|
||
|
|
sameSite: 'strict',
|
||
|
|
secure: true,
|
||
|
|
maxAge: 60 * 60 * 24 * 7
|
||
|
|
})
|
||
|
|
return new Response('loggedin');
|
||
|
|
|
||
|
|
} else {
|
||
|
|
return new Response('wrongpass');
|
||
|
|
}
|
||
|
|
};
|
||
|
|
|