.post('/login', zValidator('json', loginSchema), async c => {
const { username, password } = c.req.valid('json')
const user = await getUserByUsernameOrEmail(username)
if (!user) {
return c.json(
{
error: 'Invalid username or password'
},
404
)
}
const passwordMatch = await bcrypt.compare(password, user.password)
if (!passwordMatch) {
return c.json(
{
error: 'Invalid username or password'
},
404
)
}
if (!user.emailVerified) {
const emailVerificationToken = await generateEmailVerificationToken(
user.email
)
await sendEmailVerification({
email: emailVerificationToken.email,
token: emailVerificationToken.token
})
return c.json(
{
success: 'A confirmation email has been sent.'
},
201
)
}
const session = await createSession(user.id)
setCookie(c, SESSION_COOKIE!, session, {
path: '/',
httpOnly: true,
secure: process.env.NODE_ENV === 'production',
sameSite: 'strict',
maxAge: 5 * 60
})
return c.json(
{
success: 'Logged in successfully'
},
200
)
})
.post('/login', zValidator('json', loginSchema), async c => {
const { username, password } = c.req.valid('json')
const user = await getUserByUsernameOrEmail(username)
if (!user) {
return c.json(
{
error: 'Invalid username or password'
},
404
)
}
const passwordMatch = await bcrypt.compare(password, user.password)
if (!passwordMatch) {
return c.json(
{
error: 'Invalid username or password'
},
404
)
}
if (!user.emailVerified) {
const emailVerificationToken = await generateEmailVerificationToken(
user.email
)
await sendEmailVerification({
email: emailVerificationToken.email,
token: emailVerificationToken.token
})
return c.json(
{
success: 'A confirmation email has been sent.'
},
201
)
}
const session = await createSession(user.id)
setCookie(c, SESSION_COOKIE!, session, {
path: '/',
httpOnly: true,
secure: process.env.NODE_ENV === 'production',
sameSite: 'strict',
maxAge: 5 * 60
})
return c.json(
{
success: 'Logged in successfully'
},
200
)
})
