import type { RequestHandler } from "@sveltejs/kit";
import { sql } from "$lib/db";
import bcrypt from "bcryptjs";
export const POST: RequestHandler = async ({ request }) => {
const { email, password } = await request.json();
const user = await sql`SELECT * FROM users WHERE email = ${email}`;
if (!user.length) {
return new Response("Account not found", {
status: 401,
});
}
if (!(await bcrypt.compare(password, user[0].password))) {
return new Response("Invalid password or email", {
status: 401,
});
}
const bytes = new Uint8Array(48);
crypto.getRandomValues(bytes);
const token = btoa(String.fromCharCode(...bytes));
await sql`INSERT INTO sessions (user_id, token) VALUES (${user[0].id}, ${token})`;
return new Response(
JSON.stringify({
user: user[0],
token,
}),
);
};
import type { RequestHandler } from "@sveltejs/kit";
import { sql } from "$lib/db";
import bcrypt from "bcryptjs";
export const POST: RequestHandler = async ({ request }) => {
const { email, password } = await request.json();
const user = await sql`SELECT * FROM users WHERE email = ${email}`;
if (!user.length) {
return new Response("Account not found", {
status: 401,
});
}
if (!(await bcrypt.compare(password, user[0].password))) {
return new Response("Invalid password or email", {
status: 401,
});
}
const bytes = new Uint8Array(48);
crypto.getRandomValues(bytes);
const token = btoa(String.fromCharCode(...bytes));
await sql`INSERT INTO sessions (user_id, token) VALUES (${user[0].id}, ${token})`;
return new Response(
JSON.stringify({
user: user[0],
token,
}),
);
};
