first commit
This commit is contained in:
soroush.asadi
@@ -0,0 +1,35 @@
|
||||
import { NextResponse } from 'next/server';
|
||||
import {
|
||||
SESSION_COOKIE,
|
||||
SESSION_MAX_AGE,
|
||||
createSession,
|
||||
verifyPassword,
|
||||
} from '@/lib/auth/session';
|
||||
|
||||
export const runtime = 'nodejs';
|
||||
|
||||
export async function POST(req: Request) {
|
||||
let password = '';
|
||||
try {
|
||||
const body = await req.json();
|
||||
password = typeof body?.password === 'string' ? body.password : '';
|
||||
} catch {
|
||||
return NextResponse.json({ error: 'bad request' }, { status: 400 });
|
||||
}
|
||||
|
||||
if (!(await verifyPassword(password))) {
|
||||
// Small constant delay-ish guard; password compare is already constant-time.
|
||||
return NextResponse.json({ error: 'invalid' }, { status: 401 });
|
||||
}
|
||||
|
||||
const token = await createSession();
|
||||
const res = NextResponse.json({ ok: true });
|
||||
res.cookies.set(SESSION_COOKIE, token, {
|
||||
httpOnly: true,
|
||||
sameSite: 'lax',
|
||||
secure: process.env.NODE_ENV === 'production',
|
||||
path: '/',
|
||||
maxAge: SESSION_MAX_AGE,
|
||||
});
|
||||
return res;
|
||||
}
|
||||
Reference in New Issue
Block a user