Is there anything wrong with this authentication?
// /server/api/auth/register.post.ts
import prisma from "~/lib/prisma";
import { registerSchema } from "~/lib/yup";
import { hash } from "argon2";
import { v4 } from "uuid";
export default defineEventHandler(async (event) => {
const body = await readValidatedBody(event, async (body) => {
return await registerSchema.validate(body).catch((error) => {
throw createError({
statusCode: 400,
statusMessage: error.errors,
});
});
});
const conflict = await prisma.user.findUnique({
where: {
email: body.email,
},
});
if (conflict) {
throw createError({
statusCode: 400,
statusMessage: "Email is already in use",
});
}
const passwordHash = await hash(body.password);
const user = await prisma.user.create({
data: {
email: body.email,
passwordHash: passwordHash,
},
});
const session = { id: user.id, email: user.email };
const uuid = v4();
await useStorage("sessions").setItem(uuid, session);
setCookie(event, "session", uuid);
return "Registered";
});
// /server/api/auth/register.post.ts
import prisma from "~/lib/prisma";
import { registerSchema } from "~/lib/yup";
import { hash } from "argon2";
import { v4 } from "uuid";
export default defineEventHandler(async (event) => {
const body = await readValidatedBody(event, async (body) => {
return await registerSchema.validate(body).catch((error) => {
throw createError({
statusCode: 400,
statusMessage: error.errors,
});
});
});
const conflict = await prisma.user.findUnique({
where: {
email: body.email,
},
});
if (conflict) {
throw createError({
statusCode: 400,
statusMessage: "Email is already in use",
});
}
const passwordHash = await hash(body.password);
const user = await prisma.user.create({
data: {
email: body.email,
passwordHash: passwordHash,
},
});
const session = { id: user.id, email: user.email };
const uuid = v4();
await useStorage("sessions").setItem(uuid, session);
setCookie(event, "session", uuid);
return "Registered";
});
// /server/middleware/session.ts
export default defineEventHandler(async (event) => {
const uuid = getCookie(event, "session");
const storage = useStorage("sessions");
if (uuid) {
if (await storage.hasItem(uuid)) {
event.context.session = await storage.getItem(uuid);
} else {
deleteCookie(event, "session");
}
}
});
// /server/middleware/session.ts
export default defineEventHandler(async (event) => {
const uuid = getCookie(event, "session");
const storage = useStorage("sessions");
if (uuid) {
if (await storage.hasItem(uuid)) {
event.context.session = await storage.getItem(uuid);
} else {
deleteCookie(event, "session");
}
}
});
// /server/api/auth/session.get.ts
export default defineEventHandler(async (event) => {
const session = event.context.session;
if (!session) {
throw createError({
statusCode: 403,
statusMessage: "Forbidden",
});
}
return session;
});
// /server/api/auth/session.get.ts
export default defineEventHandler(async (event) => {
const session = event.context.session;
if (!session) {
throw createError({
statusCode: 403,
statusMessage: "Forbidden",
});
}
return session;
});
// /middleware/protected.ts
export default defineNuxtRouteMiddleware((to, from) => {
const cookie = useCookie("session")
if (!cookie.value) {
return abortNavigation()
}
});
// /middleware/protected.ts
export default defineNuxtRouteMiddleware((to, from) => {
const cookie = useCookie("session")
if (!cookie.value) {
return abortNavigation()
}
});
0 Replies