You've already forked obsidian-visualiser
Starting to put back the server part. Currently the registration and login are almost ready.
This commit is contained in:
105
server/api/auth/login.post.ts
Normal file
105
server/api/auth/login.post.ts
Normal file
@@ -0,0 +1,105 @@
|
||||
import useDatabase from '~/composables/useDatabase';
|
||||
import { schema } from '~/schemas/login';
|
||||
import type { User, UserExtendedData, UserRawData, UserSession, UserSessionRequired } from '~/types/auth';
|
||||
import { ZodError } from 'zod';
|
||||
import { checkSession, logSession } from '~/server/utils/user';
|
||||
import { usersTable } from '~/db/schema';
|
||||
import { eq, or, sql } from 'drizzle-orm';
|
||||
import type { BunSQLiteDatabase } from 'drizzle-orm/bun-sqlite';
|
||||
|
||||
interface SuccessHandler
|
||||
{
|
||||
success: true;
|
||||
session: UserSession;
|
||||
}
|
||||
interface ErrorHandler
|
||||
{
|
||||
success: false;
|
||||
error: Error | ZodError<{
|
||||
usernameOrEmail: string;
|
||||
password: string;
|
||||
}>;
|
||||
}
|
||||
type Return = SuccessHandler | ErrorHandler;
|
||||
|
||||
export default defineEventHandler(async (e): Promise<Return> => {
|
||||
try
|
||||
{
|
||||
const session = await getUserSession(e);
|
||||
const db = useDatabase();
|
||||
|
||||
const checkedSession = await checkSession(e, session);
|
||||
|
||||
if(checkedSession !== undefined)
|
||||
return checkedSession;
|
||||
|
||||
const body = await readValidatedBody(e, schema.safeParse);
|
||||
|
||||
if (!body.success)
|
||||
{
|
||||
await clearUserSession(e);
|
||||
|
||||
setResponseStatus(e, 406);
|
||||
return { success: false, error: body.error };
|
||||
}
|
||||
|
||||
const hash = await Bun.password.hash(body.data.password);
|
||||
const id = db.select({ id: usersTable.id, hash: usersTable.hash }).from(usersTable).where(or(eq(usersTable.username, sql.placeholder('username')), eq(usersTable.email, sql.placeholder('username')))).prepare().get({ username: body.data.usernameOrEmail });
|
||||
|
||||
if(!id || !id.id || !id.hash)
|
||||
{
|
||||
await clearUserSession(e);
|
||||
|
||||
setResponseStatus(e, 401);
|
||||
return { success: false, error: new ZodError([{ code: 'custom', path: ['username'], message: 'Identifiant inconnu' }]) };
|
||||
}
|
||||
|
||||
const valid = await Bun.password.verify(body.data.password, id.hash);
|
||||
|
||||
if(!valid)
|
||||
{
|
||||
await clearUserSession(e);
|
||||
|
||||
setResponseStatus(e, 401);
|
||||
return { success: false, error: new ZodError([{ code: 'custom', path: ['password'], message: 'Mot de passe incorrect' }]) };
|
||||
}
|
||||
|
||||
const user = db.query.usersTable.findFirst({
|
||||
columns: {
|
||||
id: true,
|
||||
email: true,
|
||||
username: true,
|
||||
state: true,
|
||||
},
|
||||
with: {
|
||||
data: true,
|
||||
},
|
||||
where: (table) => eq(table.id, sql.placeholder('id'))
|
||||
}).prepare().get({ id: id.id });
|
||||
|
||||
if(!user)
|
||||
{
|
||||
setResponseStatus(e, 401);
|
||||
return { success: false, error: new Error('Données utilisateur introuvable') };
|
||||
}
|
||||
|
||||
const data = await logSession(e, await setUserSession(e, {
|
||||
user: {
|
||||
...user.data,
|
||||
email: user.email,
|
||||
username: user.username,
|
||||
state: user.state,
|
||||
}
|
||||
}) as UserSessionRequired);
|
||||
|
||||
setResponseStatus(e, 201);
|
||||
return { success: true, session: data };
|
||||
}
|
||||
catch(err: any)
|
||||
{
|
||||
console.error(err);
|
||||
|
||||
await clearUserSession(e);
|
||||
return { success: false, error: err as Error };
|
||||
}
|
||||
});
|
||||
87
server/api/auth/register.post.ts
Normal file
87
server/api/auth/register.post.ts
Normal file
@@ -0,0 +1,87 @@
|
||||
import { count, eq, sql } from 'drizzle-orm';
|
||||
import { ZodError, type ZodIssue } from 'zod';
|
||||
import useDatabase from '~/composables/useDatabase';
|
||||
import { usersDataTable, usersTable } from '~/db/schema';
|
||||
import { schema } from '~/schemas/registration';
|
||||
import { checkSession, logSession } from '~/server/utils/user';
|
||||
import type { UserSession, UserSessionRequired } from '~/types/auth';
|
||||
|
||||
interface SuccessHandler
|
||||
{
|
||||
success: true;
|
||||
session: UserSession;
|
||||
}
|
||||
interface ErrorHandler
|
||||
{
|
||||
success: false;
|
||||
error: Error | ZodError<{
|
||||
username: string;
|
||||
email: string;
|
||||
password: string;
|
||||
}>;
|
||||
}
|
||||
type Return = SuccessHandler | ErrorHandler;
|
||||
|
||||
export default defineEventHandler(async (e): Promise<Return> => {
|
||||
try
|
||||
{
|
||||
const session = await getUserSession(e);
|
||||
const db = useDatabase();
|
||||
|
||||
const checkedSession = await checkSession(e, session);
|
||||
|
||||
if(checkedSession !== undefined)
|
||||
return checkedSession;
|
||||
|
||||
const body = await readValidatedBody(e, schema.safeParse);
|
||||
|
||||
if (!body.success)
|
||||
{
|
||||
await clearUserSession(e);
|
||||
|
||||
setResponseStatus(e, 406);
|
||||
return { success: false, error: body.error };
|
||||
}
|
||||
|
||||
const checkUsername = db.select({ count: count() }).from(usersTable).where(eq(usersTable.username, sql.placeholder('username'))).prepare().get({ username: body.data.username });
|
||||
const checkEmail = db.select({ count: count() }).from(usersTable).where(eq(usersTable.email, sql.placeholder('email'))).prepare().get({ email: body.data.email });
|
||||
|
||||
const errors: ZodIssue[] = [];
|
||||
if(!checkUsername || checkUsername.count !== 0)
|
||||
errors.push({ code: 'custom', path: ['username'], message: "Ce nom d'utilisateur est déjà utilisé" });
|
||||
if(!checkEmail || checkEmail.count !== 0)
|
||||
errors.push({ code: 'custom', path: ['email'], message: "Cette adresse mail est déjà utilisée" });
|
||||
|
||||
if(errors.length > 0)
|
||||
{
|
||||
setResponseStatus(e, 406);
|
||||
return { success: false, error: new ZodError(errors) };
|
||||
}
|
||||
else
|
||||
{
|
||||
const hash = await Bun.password.hash(body.data.password);
|
||||
db.insert(usersTable).values({ username: sql.placeholder('username'), email: sql.placeholder('email'), hash: sql.placeholder('hash'), state: sql.placeholder('state') }).prepare().run({ username: body.data.username, email: body.data.email, hash, state: 0 });
|
||||
const id = db.select({ id: usersTable.id }).from(usersTable).where(eq(usersTable.username, sql.placeholder('username'))).prepare().get({ username: body.data.username });
|
||||
|
||||
if(!id || !id.id)
|
||||
{
|
||||
setResponseStatus(e, 406);
|
||||
return { success: false, error: new Error('Erreur de création de compte') };
|
||||
}
|
||||
|
||||
db.insert(usersDataTable).values({ id: sql.placeholder('id') }).prepare().run({ id: id.id });
|
||||
|
||||
logSession(e, await setUserSession(e, { user: { id: id.id, username: body.data.username, email: body.data.email, state: 0, signin: new Date() } }) as UserSessionRequired);
|
||||
|
||||
setResponseStatus(e, 201);
|
||||
return { success: true, session };
|
||||
}
|
||||
}
|
||||
catch(err: any)
|
||||
{
|
||||
console.error(err);
|
||||
|
||||
await clearUserSession(e);
|
||||
return { success: false, error: err as Error };
|
||||
}
|
||||
});
|
||||
8
server/api/auth/session.delete.ts
Normal file
8
server/api/auth/session.delete.ts
Normal file
@@ -0,0 +1,8 @@
|
||||
import { eventHandler } from 'h3';
|
||||
import { clearUserSession } from '~/server/utils/session';
|
||||
|
||||
export default eventHandler(async (event) => {
|
||||
await clearUserSession(event);
|
||||
|
||||
return { loggedOut: true };
|
||||
})
|
||||
13
server/api/auth/session.get.ts
Normal file
13
server/api/auth/session.get.ts
Normal file
@@ -0,0 +1,13 @@
|
||||
import { eventHandler } from 'h3'
|
||||
import { getUserSession, sessionHooks } from '~/server/utils/session'
|
||||
import type { UserSessionRequired } from '~/types/auth'
|
||||
|
||||
export default eventHandler(async (event) => {
|
||||
const session = await getUserSession(event)
|
||||
|
||||
if (session.user) {
|
||||
await sessionHooks.callHookParallel('fetch', session as UserSessionRequired, event)
|
||||
}
|
||||
|
||||
return session
|
||||
})
|
||||
Reference in New Issue
Block a user