67 lines
1.6 KiB
TypeScript
67 lines
1.6 KiB
TypeScript
import { NextResponse, NextRequest } from "next/server";
|
|
import prisma from "app/lib/db";
|
|
import { SignJWT } from "jose";
|
|
|
|
import { getJWTSecretKey, login, setUserDataCookie } from "../actions";
|
|
|
|
export interface UserLoginRequest {
|
|
email: string
|
|
password: string
|
|
}
|
|
|
|
//render route afresh every time
|
|
const dynamic = 'force-dynamic'
|
|
|
|
//POST endpoint
|
|
export async function POST(request: NextRequest) {
|
|
const body = await request.json()
|
|
console.log(`body: ${JSON.stringify(body)}`)
|
|
const { email, password } = body
|
|
|
|
if (!email || !password) {
|
|
const res = {
|
|
succes: false,
|
|
message: 'Email or password missing'
|
|
}
|
|
return NextResponse.json(res, { status: 400 })
|
|
}
|
|
|
|
try {
|
|
|
|
//fetch user from db, throw if email or password are invalid
|
|
const user = await login({ email, password })
|
|
|
|
//create and sign JWT
|
|
const token = await new SignJWT({
|
|
...user
|
|
})
|
|
.setProtectedHeader({ alg: 'HS256' })
|
|
.setIssuedAt()
|
|
.setExpirationTime('1h')
|
|
.sign(await getJWTSecretKey())
|
|
|
|
//make response
|
|
const res = { success: true }
|
|
const response = NextResponse.json(res)
|
|
|
|
//Store jwt as secure http-only cookie
|
|
response.cookies.set({
|
|
name: 'token',
|
|
value: token,
|
|
path: '/', //defines where the cookie can be accessed - in this case, site wide
|
|
maxAge: 3600, //1 hour
|
|
httpOnly: true,
|
|
sameSite: 'strict'
|
|
})
|
|
//Store public user data as cookie
|
|
setUserDataCookie(user)
|
|
|
|
return response
|
|
|
|
} catch (error) {
|
|
console.error(error)
|
|
const res = { success: false, message: error.message || 'something went wrong' }
|
|
return NextResponse.json(res, { status: 500 })
|
|
}
|
|
}
|