blocked for now, but it's a start

2025-05-21 15:53:59 +02:00 · 2025-05-21 15:53:59 +02:00 · ec0ae60b10
commit ec0ae60b10
parent c76c016a46
13 changed files with 272 additions and 0 deletions
--- a/src/routes/auth/idp/api/login.ts
+++ b/src/routes/auth/idp/api/login.ts
@ -0,0 +1,35 @@
+import { json, redirect } from "@solidjs/router";
+import { APIEvent } from "@solidjs/start/server";
+import { getUser, signIn } from "~/features/auth";
+
+export const POST = async ({ request }: APIEvent) => {
+    const formData = await request.formData();
+    const username = formData.get('username');
+    const password = formData.get('password');
+    
+    if (typeof username !== 'string' || /^[a-z0-9-_]+$/.test(username) !== true) {
+        return json({ error: 'Bad request' }, { status: 400 })
+    }
+    
+    if (typeof password !== 'string' || password.length === 0) {
+        return json({ error: 'Bad request' }, { status: 400 })
+    }
+
+    const user = getUser(username);
+
+    if (user === undefined) {
+        return json({ error: 'Invalid credentials' }, { status: 400 });
+    }
+
+    if (user.credential !== password) {
+        return json({ error: 'Invalid credentials' }, { status: 400 });
+    }
+
+    await signIn(user);
+
+    return redirect('/auth/client', {
+        headers: {
+            'Set-Login': 'logged-in',
+        }
+    });
+};