obsidian-visualiser/server/api/auth/login.post.ts

import useDatabase from '~/composables/useDatabase';
import { schema } from '~/schemas/login';

export default defineEventHandler(async (e) => {
    const { sessionPassword } = useRuntimeConfig();
    const session = await useSession(e, {
        password: sessionPassword,
    });

    try
    {
        const db = useDatabase();

        console.log(session.id);

        if(session.id && session.data.id)
        {
            const checkSession = db.query("SELECT user_id FROM user_sessions WHERE id = ?1");
            const sessionId = checkSession.get(session.id) as any;

            console.log(sessionId);

            if(sessionId && sessionId.user_id === session.data.id)
            {
                return { success: true, id: session.data.id, sessionId: session.id, data: session.data };
            }
            else
            {
                session.clear();
                
                setResponseStatus(e, 406);
                return { success: false, error: { path: ['global'], message: 'Vous êtes déjà connecté' } };
            }
    
        }
        const body = await readValidatedBody(e, schema.safeParse);

        if (!body.success)
        {
            session.clear();

            setResponseStatus(e, 406);
            return { success: false, error: body.error };
        }


        const hash = await Bun.password.hash(body.data.password);
        const checkID = db.query(`SELECT id FROM users WHERE (username = ?1 or email = ?1)`);
        const id = checkID.get(body.data.username) as any;

        if(!id || !id.id)
        {
            session.clear();

            setResponseStatus(e, 401);
            return { success: false, error: { path: ['username'], message: 'Identifiant inconnu' } };
        }

        const checkHash = db.query(`SELECT COUNT(*) as count FROM users WHERE id = ?1 and hash = ?2`);
        const validation = checkHash.get(id.id, hash) as any;

        if(validation && validation.count && validation.count !== 1)
        {
            session.clear();

            setResponseStatus(e, 401);
            return { success: false, error: { path: ['password'], message: 'Mot de passe incorrect' } };
        }

        const loggingIn = db.query(`INSERT INTO user_sessions(id, user_id, ip, agent, lastRefresh) VALUES(?1, ?2, ?3, ?4, ?5)`);
        loggingIn.get(session.id, id.id, getRequestIP(e), getRequestHeader(e, 'User-Agent'), Date.now());

        await session.update(getData(db, id.id));

        setResponseStatus(e, 201);
        return { success: true, id: id.id, sessionId: session.id, data: session.data };
    }
    catch(e)
    {
        session.clear();

        console.error(e);
        return { success: false, error: e };
    }
});

function getData(db: Database, id: string): any
{
    const userQuery = db.query(`SELECT * FROM users WHERE id = ?1`);
    const user = userQuery.get(id);

    const userDataQuery = db.query(`SELECT * FROM users_data WHERE user_id = ?1`);
    const userData = userDataQuery.get(id);

    return { ...user, ...userData };
}