WorkshopTasker/server/api/login.post.ts

import crypto from "crypto";
import { defineEventHandler, getCookie, setCookie, readBody } from "h3";

import { database } from "../utils/database";
import { isString } from "../utils/isString";
import { cookieSettings } from "../utils/rootUtils";
import Snowflake from "~/utils/snowflake";

import { createError } from "#imports";

export function getPasswordHash(password: string) {
  return crypto.createHmac("sha512", "42")
    .update(password)
    .digest();
}

export default defineEventHandler(async (e) => {
  if (getCookie(e, "token"))
    throw createError({ statusCode: 501, message: "Case not implemented: logging in while cookie is set" });
  await new Promise(resolve => setTimeout(resolve, 420));
  const data = await readBody(e);

  const login = data.login;
  const password = data.password;

  if (!isString(login)) throw createError({ statusCode: 400, message: "Login is not string." });
  if (!isString(password)) throw createError({ statusCode: 400, message: "Password is not string." });

  const hashedPassword = getPasswordHash(password);

  const account = await database.user.findUnique({
    where: {
      username: login,
      password: hashedPassword,
    },
    select: {
      id: true,
    },
  });

  if (account === null) throw createError({ statusCode: 400, message: "Invalid username or password." });

  const sessionId = new Snowflake();

  await database.session.create({
    data: {
      id: sessionId.state,
      userId: account.id,
    },
  });
  setCookie(e, "token", sessionId.toString(), cookieSettings);
  return { message: "Login successful", token: sessionId.toString() };
});