Update various configuration files, components, and assets; enhance notification system and API endpoints; improve documentation and styles across the application.
This commit is contained in:
93
server/api/auth/login.post.js
Normal file
93
server/api/auth/login.post.js
Normal file
@@ -0,0 +1,93 @@
|
||||
import sha256 from "crypto-js/sha256.js";
|
||||
import jwt from "jsonwebtoken";
|
||||
|
||||
const ENV = useRuntimeConfig();
|
||||
|
||||
export default defineEventHandler(async (event) => {
|
||||
try {
|
||||
const { username, password } = await readBody(event);
|
||||
|
||||
if (!username || !password) {
|
||||
return {
|
||||
statusCode: 400,
|
||||
message: "Username and password are required",
|
||||
};
|
||||
}
|
||||
|
||||
const user = await prisma.user.findFirst({
|
||||
where: {
|
||||
userUsername: username,
|
||||
},
|
||||
});
|
||||
|
||||
if (!user) {
|
||||
return {
|
||||
statusCode: 404,
|
||||
message: "User does not exist",
|
||||
};
|
||||
}
|
||||
|
||||
const hashedPassword = sha256(password).toString();
|
||||
if (user.userPassword !== hashedPassword) {
|
||||
return {
|
||||
statusCode: 401,
|
||||
message: "Invalid password",
|
||||
};
|
||||
}
|
||||
|
||||
// Get user roles
|
||||
const roles = await prisma.userrole.findMany({
|
||||
where: {
|
||||
userRoleUserID: user.userID,
|
||||
},
|
||||
select: {
|
||||
role: {
|
||||
select: {
|
||||
roleName: true,
|
||||
},
|
||||
},
|
||||
},
|
||||
});
|
||||
|
||||
const roleNames = roles.map((r) => r.role.roleName);
|
||||
|
||||
const accessToken = generateAccessToken({
|
||||
username: user.userUsername,
|
||||
roles: roleNames,
|
||||
});
|
||||
|
||||
const refreshToken = generateRefreshToken({
|
||||
username: user.userUsername,
|
||||
roles: roleNames,
|
||||
});
|
||||
|
||||
// Set cookie httpOnly
|
||||
event.res.setHeader("Set-Cookie", [
|
||||
`accessToken=${accessToken}; HttpOnly; Secure; SameSite=Lax; Path=/`,
|
||||
`refreshToken=${refreshToken}; HttpOnly; Secure; SameSite=Lax; Path=/`,
|
||||
]);
|
||||
|
||||
return {
|
||||
statusCode: 200,
|
||||
message: "Login success",
|
||||
data: {
|
||||
username: user.userUsername,
|
||||
roles: roleNames,
|
||||
},
|
||||
};
|
||||
} catch (error) {
|
||||
console.log(error);
|
||||
return {
|
||||
statusCode: 500,
|
||||
message: "Internal server error",
|
||||
};
|
||||
}
|
||||
});
|
||||
|
||||
function generateAccessToken(user) {
|
||||
return jwt.sign(user, ENV.auth.secretAccess, { expiresIn: "1d" });
|
||||
}
|
||||
|
||||
function generateRefreshToken(user) {
|
||||
return jwt.sign(user, ENV.auth.secretRefresh, { expiresIn: "30d" });
|
||||
}
|
||||
19
server/api/auth/logout.get.js
Normal file
19
server/api/auth/logout.get.js
Normal file
@@ -0,0 +1,19 @@
|
||||
export default defineEventHandler(async (event) => {
|
||||
try {
|
||||
event.res.setHeader("Set-Cookie", [
|
||||
`accessToken=; HttpOnly; Secure; SameSite=Lax; Path=/`,
|
||||
`refreshToken=; HttpOnly; Secure; SameSite=Lax; Path=/`,
|
||||
]);
|
||||
|
||||
return {
|
||||
statusCode: 200,
|
||||
message: "Logout success",
|
||||
};
|
||||
} catch (error) {
|
||||
console.log(error);
|
||||
return {
|
||||
statusCode: 400,
|
||||
message: "Server error",
|
||||
};
|
||||
}
|
||||
});
|
||||
34
server/api/auth/validate.get.js
Normal file
34
server/api/auth/validate.get.js
Normal file
@@ -0,0 +1,34 @@
|
||||
export default defineEventHandler(async (event) => {
|
||||
try {
|
||||
const { userID } = event.context.user;
|
||||
|
||||
if (userID == null) {
|
||||
return {
|
||||
statusCode: 401,
|
||||
message: "Unauthorized",
|
||||
};
|
||||
}
|
||||
|
||||
const validatedUser = await prisma.user.findFirst({
|
||||
where: {
|
||||
userID: parseInt(userID),
|
||||
},
|
||||
});
|
||||
if (!validatedUser) {
|
||||
return {
|
||||
statusCode: 401,
|
||||
message: "Unauthorized",
|
||||
};
|
||||
}
|
||||
|
||||
return {
|
||||
statusCode: 200,
|
||||
message: "Authorized",
|
||||
};
|
||||
} catch (error) {
|
||||
return {
|
||||
statusCode: 401,
|
||||
message: "Unauthorized",
|
||||
};
|
||||
}
|
||||
});
|
||||
Reference in New Issue
Block a user