2024-04-03 00:51:12 +00:00
|
|
|
import { lucia } from "$lib/server/auth";
|
2024-04-15 00:13:02 +00:00
|
|
|
import { error, fail, redirect } from "@sveltejs/kit";
|
2024-04-03 00:51:12 +00:00
|
|
|
import { Argon2id } from "oslo/password";
|
|
|
|
|
import { db } from "$lib/db/db.server";
|
|
|
|
|
|
|
|
|
|
import type { Actions, PageServerLoad } from "./$types";
|
|
|
|
|
import type { DatabaseUser } from "$lib/server/auth";
|
|
|
|
|
import { userTable } from "$lib/db/schema";
|
|
|
|
|
import { eq } from "drizzle-orm";
|
|
|
|
|
|
|
|
|
|
export const load: PageServerLoad = async (event) => {
|
|
|
|
|
if (event.locals.user) {
|
|
|
|
|
return redirect(302, "/");
|
|
|
|
|
}
|
|
|
|
|
return {};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
export const actions: Actions = {
|
|
|
|
|
default: async (event) => {
|
|
|
|
|
const formData = await event.request.formData();
|
|
|
|
|
const username = formData.get("username");
|
|
|
|
|
const password = formData.get("password");
|
|
|
|
|
|
2024-04-03 23:55:00 +00:00
|
|
|
if (!username || !password) {
|
2024-04-15 00:13:02 +00:00
|
|
|
return error(400, {
|
|
|
|
|
message: "Missing username or password",
|
2024-04-03 23:55:00 +00:00
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
2024-04-03 00:51:12 +00:00
|
|
|
if (
|
|
|
|
|
typeof username !== "string" ||
|
|
|
|
|
username.length < 3 ||
|
|
|
|
|
username.length > 31 ||
|
2024-05-24 15:44:28 +00:00
|
|
|
!/^[a-zA-Z0-9_-]+$/.test(username)
|
2024-04-03 00:51:12 +00:00
|
|
|
) {
|
2024-04-15 00:13:02 +00:00
|
|
|
return error(400, {
|
2024-04-03 00:51:12 +00:00
|
|
|
message: "Invalid username",
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
if (
|
|
|
|
|
typeof password !== "string" ||
|
|
|
|
|
password.length < 6 ||
|
|
|
|
|
password.length > 255
|
|
|
|
|
) {
|
2024-04-15 00:13:02 +00:00
|
|
|
return error(400, {
|
2024-04-03 00:51:12 +00:00
|
|
|
message: "Invalid password",
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
2024-05-24 15:44:28 +00:00
|
|
|
const existingUser: any = await db
|
2024-04-03 00:51:12 +00:00
|
|
|
.select()
|
|
|
|
|
.from(userTable)
|
|
|
|
|
.where(eq(userTable.username, username))
|
|
|
|
|
.limit(1)
|
|
|
|
|
.then((results) => results[0] as unknown as DatabaseUser | undefined);
|
|
|
|
|
|
|
|
|
|
if (!existingUser) {
|
2024-04-15 00:13:02 +00:00
|
|
|
return error(400, {
|
2024-04-03 00:51:12 +00:00
|
|
|
message: "Incorrect username or password",
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const validPassword = await new Argon2id().verify(
|
|
|
|
|
existingUser.hashed_password,
|
|
|
|
|
password
|
|
|
|
|
);
|
|
|
|
|
if (!validPassword) {
|
2024-04-15 00:13:02 +00:00
|
|
|
return error(400, {
|
2024-04-03 00:51:12 +00:00
|
|
|
message: "Incorrect username or password",
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
2024-04-18 01:15:52 +00:00
|
|
|
await db
|
|
|
|
|
.update(userTable)
|
|
|
|
|
.set({
|
|
|
|
|
last_login: new Date(),
|
|
|
|
|
})
|
|
|
|
|
.where(eq(userTable.id, existingUser.id))
|
|
|
|
|
.execute();
|
|
|
|
|
|
2024-04-03 00:51:12 +00:00
|
|
|
const session = await lucia.createSession(existingUser.id, {});
|
|
|
|
|
const sessionCookie = lucia.createSessionCookie(session.id);
|
|
|
|
|
event.cookies.set(sessionCookie.name, sessionCookie.value, {
|
|
|
|
|
path: ".",
|
|
|
|
|
...sessionCookie.attributes,
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
return redirect(302, "/");
|
|
|
|
|
},
|
|
|
|
|
};
|
