57 lines
No EOL
1.5 KiB
JavaScript
57 lines
No EOL
1.5 KiB
JavaScript
// server/api/auth/verify.get.js
|
|
import jwt from 'jsonwebtoken'
|
|
import Member from '../../models/member.js'
|
|
import { connectDB } from '../../utils/mongoose.js'
|
|
|
|
export default defineEventHandler(async (event) => {
|
|
// Connect to database
|
|
await connectDB()
|
|
|
|
const query = getQuery(event)
|
|
const { token } = query
|
|
|
|
if (!token) {
|
|
throw createError({
|
|
statusCode: 400,
|
|
statusMessage: 'Token is required'
|
|
})
|
|
}
|
|
|
|
try {
|
|
// Verify the JWT token
|
|
const decoded = jwt.verify(token, process.env.JWT_SECRET)
|
|
const member = await Member.findById(decoded.memberId)
|
|
|
|
if (!member) {
|
|
throw createError({
|
|
statusCode: 404,
|
|
statusMessage: 'Member not found'
|
|
})
|
|
}
|
|
|
|
// Create a new session token for the authenticated user
|
|
const sessionToken = jwt.sign(
|
|
{ memberId: member._id, email: member.email },
|
|
process.env.JWT_SECRET,
|
|
{ expiresIn: '30d' }
|
|
)
|
|
|
|
// Set the session cookie
|
|
setCookie(event, 'auth-token', sessionToken, {
|
|
httpOnly: false, // Allow JavaScript access for debugging in development
|
|
secure: false, // Don't require HTTPS in development
|
|
sameSite: 'lax',
|
|
maxAge: 60 * 60 * 24 * 30 // 30 days
|
|
})
|
|
|
|
// Redirect to the members dashboard or home page
|
|
await sendRedirect(event, '/members', 302)
|
|
|
|
} catch (err) {
|
|
console.error('Token verification error:', err)
|
|
throw createError({
|
|
statusCode: 401,
|
|
statusMessage: 'Invalid or expired token'
|
|
})
|
|
}
|
|
}) |