t510599/ntu-awd-website
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
037ccb5781c8a14fa49b9b1aae16ff8f32dcbdf3
ntu-awd-website/functions/api/login.js
T
Tony Yang 037ccb5781 feat: add ReCaptchaV2 & Turnstile
2025-04-16 16:35:24 +08:00

72 lines
2.5 KiB
JavaScript
Raw Blame History

import { SignJWT } from 'jose';
import { createSuccessResponse, createErrorResponse } from "../utils";
import { captchaPlugins } from '../middleware/captcha';
export const onRequestPost = [
...captchaPlugins,
async (context) => {
try {
const { request, env } = context;
let payload;
try {
const formData = await request.formData();
payload = JSON.parse(formData.get('payload'));
} catch (e) {
console.error("Payload parsing error:", e);
return createErrorResponse("Invalid payload", 400);
}
const { username, password } = payload;
if (!username || !password) {
return createErrorResponse("Missing username or password", 400);
}
if (username.length < 3) {
return createErrorResponse("Username must be at least 3 characters", 400);
}
if (password.length < 8) {
return createErrorResponse("Password must be at least 8 characters", 400);
}
if (!/^[a-zA-Z0-9]+$/.test(username)) {
return createErrorResponse("Username must be alphanumeric", 400);
}
// Get the stored password from D1
const { results } = await env.DB.prepare("SELECT password FROM users WHERE username = ?").bind(username).all();
if (!results || results.length === 0) {
return new Response(JSON.stringify({"error": "Invalid username or password"}), { status: 403, headers: { 'Content-Type': 'application/json' } });
}
const storedPassword = results[0].password;
// Compare the password to the stored password
if (password !== storedPassword) {
return new Response(JSON.stringify({"error": "Invalid username or password"}), { status: 403, headers: { 'Content-Type': 'application/json' } });
}
// Get the user ID
const { results: userResults } = await env.DB.prepare("SELECT * FROM users WHERE username = ?").bind(username).all();
const jwtPayload = (({ id, username }) => ({ id, username }))(userResults[0]);
// Generate a JWT token
const jwt = await new SignJWT(jwtPayload)
.setProtectedHeader({ alg: 'HS256' })
.setIssuedAt()
.setIssuer('urn:example:issuer')
.setAudience('urn:example:audience')
.setExpirationTime('2h')
.sign(new TextEncoder().encode(env.JWT_SECRET));
return createSuccessResponse({ jwt });
} catch (error) {
console.error("Login error:", error);
return createErrorResponse("Login failed", 500);
}
},
];
Reference in New Issue View Git Blame Copy Permalink