38 lines
No EOL
957 B
JavaScript
38 lines
No EOL
957 B
JavaScript
import crypto from 'crypto'
|
|
|
|
export default defineEventHandler(async (event) => {
|
|
const { password } = await readBody(event)
|
|
|
|
if (!password) {
|
|
throw createError({
|
|
statusCode: 400,
|
|
statusMessage: 'Password is required'
|
|
})
|
|
}
|
|
|
|
const correctPassword = process.env.APP_PASSWORD
|
|
|
|
if (password !== correctPassword) {
|
|
throw createError({
|
|
statusCode: 401,
|
|
statusMessage: 'Invalid password'
|
|
})
|
|
}
|
|
|
|
const sessionToken = crypto.randomBytes(32).toString('hex')
|
|
|
|
setCookie(event, 'auth-token', sessionToken, {
|
|
httpOnly: true,
|
|
secure: process.env.NODE_ENV === 'production',
|
|
sameSite: 'lax',
|
|
maxAge: 60 * 60 * 24 * 7 // 7 days
|
|
})
|
|
|
|
await useStorage('memory').setItem(`session:${sessionToken}`, {
|
|
authenticated: true,
|
|
createdAt: new Date().toISOString(),
|
|
expiresAt: new Date(Date.now() + (60 * 60 * 24 * 7 * 1000)).toISOString() // 7 days
|
|
})
|
|
|
|
return { success: true }
|
|
}) |