49 lines
1.6 KiB
TypeScript
49 lines
1.6 KiB
TypeScript
import { NextApiRequest, NextApiResponse } from 'next';
|
|
import { UserService } from '../../../../backend/services/userService';
|
|
import { generateToken } from '../../../../lib/auth';
|
|
|
|
export default async function handler(req: NextApiRequest, res: NextApiResponse) {
|
|
if (req.method !== 'POST') {
|
|
return res.status(405).json({ success: false, error: 'Method not allowed' });
|
|
}
|
|
|
|
try {
|
|
const { username, password } = req.body;
|
|
|
|
// Validate input
|
|
if (!username || !password) {
|
|
return res.status(400).json({ success: false, error: 'Username and password are required' });
|
|
}
|
|
|
|
// Authenticate user
|
|
const user = await UserService.authenticateUser(username, password);
|
|
|
|
if (!user) {
|
|
return res.status(401).json({ success: false, error: 'Invalid username or password' });
|
|
}
|
|
|
|
// Check if user is banned
|
|
if (user.status === 'BANNED') {
|
|
return res.status(403).json({ success: false, error: 'Account has been banned' });
|
|
}
|
|
|
|
// Generate JWT token
|
|
const token = generateToken(user.id);
|
|
|
|
// Set HTTP-only cookie
|
|
res.setHeader('Set-Cookie', `token=${token}; HttpOnly; Path=/; Max-Age=${7 * 24 * 60 * 60}; SameSite=Strict`);
|
|
|
|
// Return user data
|
|
return res.status(200).json({
|
|
success: true,
|
|
data: {
|
|
user,
|
|
token // Also return token in body for non-cookie clients
|
|
}
|
|
});
|
|
} catch (error) {
|
|
console.error('Login error:', error);
|
|
return res.status(500).json({ success: false, error: 'Login failed' });
|
|
}
|
|
}
|