AdventureLog/frontend/src/routes/login/+page.server.ts

import { fail, redirect, type RequestEvent } from '@sveltejs/kit';

import type { Actions, PageServerLoad, RouteParams } from './$types';
import { getRandomBackground, getRandomQuote } from '$lib';
import { fetchCSRFToken } from '$lib/index.server';
const PUBLIC_SERVER_URL = process.env['PUBLIC_SERVER_URL'];

export const load: PageServerLoad = async (event) => {
	if (event.locals.user) {
		return redirect(302, '/');
	} else {
		const quote = getRandomQuote();
		const background = getRandomBackground();

		return {
			props: {
				quote,
				background
			}
		};
	}
};

export const actions: Actions = {
	default: async (event) => {
		const formData = await event.request.formData();
		const formUsername = formData.get('username');
		const username = formUsername?.toString().toLowerCase();
		const password = formData.get('password');
		const totp = formData.get('totp');

		const serverEndpoint = PUBLIC_SERVER_URL || 'http://localhost:8000';
		const csrfToken = await fetchCSRFToken();

		// Initial login attempt
		const loginFetch = await event.fetch(`${serverEndpoint}/_allauth/browser/v1/auth/login`, {
			method: 'POST',
			headers: {
				'X-CSRFToken': csrfToken,
				'Content-Type': 'application/json',
				Cookie: `csrftoken=${csrfToken}`
			},
			body: JSON.stringify({ username, password }),
			credentials: 'include'
		});

		if (loginFetch.status === 200) {
			// Login successful without MFA
			handleSuccessfulLogin(event, loginFetch);
			return redirect(302, '/');
		} else if (loginFetch.status === 401) {
			// MFA required
			if (!totp) {
				return fail(401, {
					message: 'Multi-factor authentication required',
					mfa_required: true
				});
			} else {
				// Attempt MFA authentication
				const sessionId = extractSessionId(loginFetch.headers.get('Set-Cookie'));
				const mfaLoginFetch = await event.fetch(
					`${serverEndpoint}/_allauth/browser/v1/auth/2fa/authenticate`,
					{
						method: 'POST',
						headers: {
							'X-CSRFToken': csrfToken,
							'Content-Type': 'application/json',
							Cookie: `csrftoken=${csrfToken}; sessionid=${sessionId}`
						},
						body: JSON.stringify({ code: totp }),
						credentials: 'include'
					}
				);

				if (mfaLoginFetch.ok) {
					// MFA successful
					handleSuccessfulLogin(event, mfaLoginFetch);
					return redirect(302, '/');
				} else {
					// MFA failed
					const mfaLoginResponse = await mfaLoginFetch.json();
					return fail(401, {
						message: mfaLoginResponse.error || 'Invalid MFA code',
						mfa_required: true
					});
				}
			}
		} else {
			// Login failed
			const loginResponse = await loginFetch.json();
			const firstKey = Object.keys(loginResponse)[0] || 'error';
			const error = loginResponse[firstKey][0] || 'Invalid username or password';
			return fail(400, { message: error });
		}
	}
};

function handleSuccessfulLogin(event: RequestEvent<RouteParams, '/login'>, response: Response) {
	const setCookieHeader = response.headers.get('Set-Cookie');
	if (setCookieHeader) {
		const sessionIdRegex = /sessionid=([^;]+).*?expires=([^;]+)/;
		const match = setCookieHeader.match(sessionIdRegex);
		if (match) {
			const [, sessionId, expiryString] = match;
			event.cookies.set('sessionid', sessionId, {
				path: '/',
				httpOnly: true,
				sameSite: 'lax',
				secure: true,
				expires: new Date(expiryString)
			});
		}
	}
}

function extractSessionId(setCookieHeader: string | null) {
	if (setCookieHeader) {
		const sessionIdRegex = /sessionid=([^;]+)/;
		const match = setCookieHeader.match(sessionIdRegex);
		return match ? match[1] : '';
	}
	return '';
}
Add MFA to login screen 2024-12-12 15:45:19 -05:00			`import { fail, redirect, type RequestEvent } from '@sveltejs/kit';`
migration to new backend 2024-07-08 11:44:39 -04:00
Add MFA to login screen 2024-12-12 15:45:19 -05:00			`import type { Actions, PageServerLoad, RouteParams } from './$types';`
Load background from server page 2024-10-20 21:56:16 -04:00			`import { getRandomBackground, getRandomQuote } from '$lib';`
Initial migration to new session based auth system with AllAuth 2024-11-29 14:41:13 -05:00			`import { fetchCSRFToken } from '$lib/index.server';`
migration to new backend 2024-07-08 11:44:39 -04:00			`const PUBLIC_SERVER_URL = process.env['PUBLIC_SERVER_URL'];`

			`export const load: PageServerLoad = async (event) => {`
			`if (event.locals.user) {`
			`return redirect(302, '/');`
Load background from server page 2024-10-20 21:56:16 -04:00			`} else {`
			`const quote = getRandomQuote();`
			`const background = getRandomBackground();`

			`return {`
			`props: {`
			`quote,`
			`background`
			`}`
			`};`
migration to new backend 2024-07-08 11:44:39 -04:00			`}`
			`};`

			`export const actions: Actions = {`
			`default: async (event) => {`
			`const formData = await event.request.formData();`
			`const formUsername = formData.get('username');`
Add MFA to login screen 2024-12-12 15:45:19 -05:00			`const username = formUsername?.toString().toLowerCase();`
migration to new backend 2024-07-08 11:44:39 -04:00			`const password = formData.get('password');`
Add MFA to login screen 2024-12-12 15:45:19 -05:00			`const totp = formData.get('totp');`
migration to new backend 2024-07-08 11:44:39 -04:00
			`const serverEndpoint = PUBLIC_SERVER_URL \|\| 'http://localhost:8000';`
Initial migration to new session based auth system with AllAuth 2024-11-29 14:41:13 -05:00			`const csrfToken = await fetchCSRFToken();`
migration to new backend 2024-07-08 11:44:39 -04:00
Add MFA to login screen 2024-12-12 15:45:19 -05:00			`// Initial login attempt`
Initial migration to new session based auth system with AllAuth 2024-11-29 14:41:13 -05:00			const loginFetch = await event.fetch(`${serverEndpoint}/_allauth/browser/v1/auth/login`, {
migration to new backend 2024-07-08 11:44:39 -04:00			`method: 'POST',`
			`headers: {`
			`'X-CSRFToken': csrfToken,`
Initial migration to new session based auth system with AllAuth 2024-11-29 14:41:13 -05:00			`'Content-Type': 'application/json',`
			Cookie: `csrftoken=${csrfToken}`
migration to new backend 2024-07-08 11:44:39 -04:00			`},`
Add MFA to login screen 2024-12-12 15:45:19 -05:00			`body: JSON.stringify({ username, password }),`
Initial migration to new session based auth system with AllAuth 2024-11-29 14:41:13 -05:00			`credentials: 'include'`
migration to new backend 2024-07-08 11:44:39 -04:00			`});`
Initial migration to new session based auth system with AllAuth 2024-11-29 14:41:13 -05:00
Add MFA to login screen 2024-12-12 15:45:19 -05:00			`if (loginFetch.status === 200) {`
			`// Login successful without MFA`
			`handleSuccessfulLogin(event, loginFetch);`
			`return redirect(302, '/');`
			`} else if (loginFetch.status === 401) {`
			`// MFA required`
			`if (!totp) {`
			`return fail(401, {`
			`message: 'Multi-factor authentication required',`
			`mfa_required: true`
			`});`
			`} else {`
			`// Attempt MFA authentication`
			`const sessionId = extractSessionId(loginFetch.headers.get('Set-Cookie'));`
			`const mfaLoginFetch = await event.fetch(`
			`${serverEndpoint}/_allauth/browser/v1/auth/2fa/authenticate`,
			`{`
			`method: 'POST',`
			`headers: {`
			`'X-CSRFToken': csrfToken,`
			`'Content-Type': 'application/json',`
			Cookie: `csrftoken=${csrfToken}; sessionid=${sessionId}`
			`},`
			`body: JSON.stringify({ code: totp }),`
			`credentials: 'include'`
			`}`
			`);`
Initial migration to new session based auth system with AllAuth 2024-11-29 14:41:13 -05:00
Add MFA to login screen 2024-12-12 15:45:19 -05:00			`if (mfaLoginFetch.ok) {`
			`// MFA successful`
			`handleSuccessfulLogin(event, mfaLoginFetch);`
			`return redirect(302, '/');`
			`} else {`
			`// MFA failed`
			`const mfaLoginResponse = await mfaLoginFetch.json();`
			`return fail(401, {`
			`message: mfaLoginResponse.error \|\| 'Invalid MFA code',`
			`mfa_required: true`
Initial migration to new session based auth system with AllAuth 2024-11-29 14:41:13 -05:00			`});`
			`}`
			`}`
Add MFA to login screen 2024-12-12 15:45:19 -05:00			`} else {`
			`// Login failed`
			`const loginResponse = await loginFetch.json();`
			`const firstKey = Object.keys(loginResponse)[0] \|\| 'error';`
			`const error = loginResponse[firstKey][0] \|\| 'Invalid username or password';`
			`return fail(400, { message: error });`
migration to new backend 2024-07-08 11:44:39 -04:00			`}`
			`}`
			`};`
Add MFA to login screen 2024-12-12 15:45:19 -05:00
			`function handleSuccessfulLogin(event: RequestEvent<RouteParams, '/login'>, response: Response) {`
			`const setCookieHeader = response.headers.get('Set-Cookie');`
			`if (setCookieHeader) {`
			`const sessionIdRegex = /sessionid=([^;]+).*?expires=([^;]+)/;`
			`const match = setCookieHeader.match(sessionIdRegex);`
			`if (match) {`
			`const [, sessionId, expiryString] = match;`
			`event.cookies.set('sessionid', sessionId, {`
			`path: '/',`
			`httpOnly: true,`
			`sameSite: 'lax',`
			`secure: true,`
			`expires: new Date(expiryString)`
			`});`
			`}`
			`}`
			`}`

			`function extractSessionId(setCookieHeader: string \| null) {`
			`if (setCookieHeader) {`
			`const sessionIdRegex = /sessionid=([^;]+)/;`
			`const match = setCookieHeader.match(sessionIdRegex);`
			`return match ? match[1] : '';`
			`}`
			`return '';`
			`}`