Files
zhimingge/app/api/auth/login/route.ts
T
2026-06-13 09:39:38 +08:00

42 lines
1.1 KiB
TypeScript

import { NextResponse } from "next/server";
import {
isAuthEnabled,
verifyCredentials,
} from "@/lib/auth/config";
import {
createSessionToken,
SESSION_COOKIE,
SESSION_MAX_AGE_SEC,
} from "@/lib/auth/session";
export async function POST(req: Request) {
if (!isAuthEnabled()) {
return NextResponse.json({ ok: true, authEnabled: false });
}
let body: { username?: string; password?: string };
try {
body = await req.json();
} catch {
return NextResponse.json({ error: "请求格式错误" }, { status: 400 });
}
const username = body.username?.trim() ?? "";
const password = body.password ?? "";
if (!verifyCredentials(username, password)) {
return NextResponse.json({ error: "用户名或密码错误" }, { status: 401 });
}
const token = await createSessionToken(username);
const res = NextResponse.json({ ok: true, username });
res.cookies.set(SESSION_COOKIE, token, {
httpOnly: true,
sameSite: "lax",
secure: process.env.NODE_ENV === "production",
path: "/",
maxAge: SESSION_MAX_AGE_SEC,
});
return res;
}