60 lines
1.4 KiB
TypeScript
60 lines
1.4 KiB
TypeScript
|
import { NextRequest, NextResponse } from 'next/server';
|
||
|
|
import { verifyCredentials, generateToken } from '@/lib/admin/auth';
|
||
|
|
|
||
|
|
export async function POST(request: NextRequest) {
|
||
|
|
try {
|
||
|
|
const body = await request.json();
|
||
|
|
const { username, password } = body;
|
||
|
|
|
||
|
|
// Validate input
|
||
|
|
if (!username || !password) {
|
||
|
|
return NextResponse.json(
|
||
|
|
{ error: 'Username and password are required' },
|
||
|
|
{ status: 400 }
|
||
|
|
);
|
||
|
|
}
|
||
|
|
|
||
|
|
// Verify credentials
|
||
|
|
const isValid = verifyCredentials(username, password);
|
||
|
|
|
||
|
|
if (!isValid) {
|
||
|
|
return NextResponse.json(
|
||
|
|
{ error: 'Invalid credentials' },
|
||
|
|
{ status: 401 }
|
||
|
|
);
|
||
|
|
}
|
||
|
|
|
||
|
|
// Generate JWT token
|
||
|
|
const token = generateToken({
|
||
|
|
username,
|
||
|
|
isAdmin: true,
|
||
|
|
});
|
||
|
|
|
||
|
|
// Create response with token in cookie
|
||
|
|
const response = NextResponse.json({
|
||
|
|
success: true,
|
||
|
|
user: {
|
||
|
|
username,
|
||
|
|
isAdmin: true,
|
||
|
|
},
|
||
|
|
});
|
||
|
|
|
||
|
|
// Set HTTP-only cookie with JWT token
|
||
|
|
response.cookies.set('admin-token', token, {
|
||
|
|
httpOnly: true,
|
||
|
|
secure: process.env.NODE_ENV === 'production',
|
||
|
|
sameSite: 'lax',
|
||
|
|
maxAge: 60 * 60 * 24, // 24 hours
|
||
|
|
path: '/',
|
||
|
|
});
|
||
|
|
|
||
|
|
return response;
|
||
|
|
} catch (error) {
|
||
|
|
console.error('Login error:', error);
|
||
|
|
return NextResponse.json(
|
||
|
|
{ error: 'Internal server error' },
|
||
|
|
{ status: 500 }
|
||
|
|
);
|
||
|
|
}
|
||
|
|
}
|