77 lines
2.3 KiB
JavaScript
77 lines
2.3 KiB
JavaScript
// server/api/auth/login.post.js
|
|
import jwt from "jsonwebtoken";
|
|
import { Resend } from "resend";
|
|
import Member from "../../models/member.js";
|
|
import { connectDB } from "../../utils/mongoose.js";
|
|
|
|
const resend = new Resend(process.env.RESEND_API_KEY);
|
|
|
|
export default defineEventHandler(async (event) => {
|
|
// Connect to database
|
|
await connectDB();
|
|
|
|
const { email } = await readBody(event);
|
|
|
|
if (!email) {
|
|
throw createError({
|
|
statusCode: 400,
|
|
statusMessage: "Email is required",
|
|
});
|
|
}
|
|
|
|
const member = await Member.findOne({ email });
|
|
if (!member) {
|
|
throw createError({
|
|
statusCode: 404,
|
|
statusMessage: "No account found with that email address",
|
|
});
|
|
}
|
|
|
|
// Generate magic link token
|
|
const token = jwt.sign(
|
|
{ memberId: member._id },
|
|
process.env.JWT_SECRET,
|
|
{ expiresIn: "15m" }, // Shorter expiry for security
|
|
);
|
|
|
|
// Get the base URL for the magic link
|
|
const headers = getHeaders(event);
|
|
const baseUrl =
|
|
process.env.BASE_URL ||
|
|
`${headers.host?.includes("localhost") ? "http" : "https"}://${headers.host}`;
|
|
|
|
// Send magic link via Resend
|
|
try {
|
|
await resend.emails.send({
|
|
from: "Ghost Guild <ghostguild@babyghosts.org>",
|
|
to: email,
|
|
subject: "Your Ghost Guild login link",
|
|
html: `
|
|
<div style="font-family: Arial, sans-serif; max-width: 600px; margin: 0 auto;">
|
|
<h2 style="color: #2563eb;">Welcome back to Ghost Guild!</h2>
|
|
<p>Click the button below to sign in to your account:</p>
|
|
<div style="text-align: center; margin: 30px 0;">
|
|
<a href="${baseUrl}/api/auth/verify?token=${token}"
|
|
style="background-color: #2563eb; color: white; padding: 12px 24px; text-decoration: none; border-radius: 6px; display: inline-block;">
|
|
Sign In to Ghost Guild
|
|
</a>
|
|
</div>
|
|
<p style="color: #666; font-size: 14px;">
|
|
This link will expire in 15 minutes for security. If you didn't request this login link, you can safely ignore this email.
|
|
</p>
|
|
</div>
|
|
`,
|
|
});
|
|
|
|
return {
|
|
success: true,
|
|
message: "Login link sent to your email",
|
|
};
|
|
} catch (error) {
|
|
console.error("Failed to send email:", error);
|
|
throw createError({
|
|
statusCode: 500,
|
|
statusMessage: "Failed to send login email. Please try again.",
|
|
});
|
|
}
|
|
});
|