thalla/lomavuokraus
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
lomavuokraus/app/api/auth/login/route.ts
Tero Halla-aho 0bb709d9c5
Some checks failed
CI / checks (push) Has been cancelled
Details
chore: fix audit alerts and formatting
2026-02-04 12:43:03 +02:00

71 lines
2.1 KiB
TypeScript
Raw Blame History

import { NextResponse } from "next/server";
import { UserStatus } from "@prisma/client";
import { prisma } from "../../../../lib/prisma";
import { verifyPassword } from "../../../../lib/auth";
import {
signAccessToken,
buildSessionCookie,
clearSessionCookie,
} from "../../../../lib/jwt";
export async function POST(req: Request) {
try {
const body = await req.json();
const email = String(body.email ?? "")
.trim()
.toLowerCase();
const password = String(body.password ?? "");
if (!email || !password) {
return NextResponse.json(
{ error: "Email and password are required" },
{ status: 400 },
);
}
const user = await prisma.user.findUnique({ where: { email } });
if (!user) {
return NextResponse.json(
{ error: "Invalid credentials" },
{ status: 401 },
);
}
const valid = await verifyPassword(password, user.passwordHash);
if (!valid) {
return NextResponse.json(
{ error: "Invalid credentials" },
{ status: 401 },
);
}
if (!user.emailVerifiedAt) {
return NextResponse.json(
{ error: "Email not verified yet" },
{ status: 403 },
);
}
if (!user.approvedAt || user.status !== UserStatus.ACTIVE) {
const statusMessage =
user.status === UserStatus.REJECTED
? "User access was rejected"
: user.status === UserStatus.REMOVED
? "User has been removed"
: "User is not approved yet";
return NextResponse.json({ error: statusMessage }, { status: 403 });
}
const token = await signAccessToken({ userId: user.id, role: user.role });
const res = NextResponse.json({
token,
user: { id: user.id, role: user.role, email: user.email },
});
res.headers.append("Set-Cookie", buildSessionCookie(token));
return res;
} catch (error) {
console.error("Login error", error);
const res = NextResponse.json({ error: "Login failed" }, { status: 500 });
res.headers.append("Set-Cookie", clearSessionCookie());
return res;
}
}
Reference in a new issue View git blame Copy permalink