462bec2739
Co-authored-by: Cursor <cursoragent@cursor.com>
42 lines
1.1 KiB
TypeScript
42 lines
1.1 KiB
TypeScript
import { NextResponse } from "next/server";
|
|
import {
|
|
isAuthEnabled,
|
|
verifyCredentials,
|
|
} from "@/lib/auth/config";
|
|
import {
|
|
createSessionToken,
|
|
SESSION_COOKIE,
|
|
SESSION_MAX_AGE_SEC,
|
|
} from "@/lib/auth/session";
|
|
|
|
export async function POST(req: Request) {
|
|
if (!isAuthEnabled()) {
|
|
return NextResponse.json({ ok: true, authEnabled: false });
|
|
}
|
|
|
|
let body: { username?: string; password?: string };
|
|
try {
|
|
body = await req.json();
|
|
} catch {
|
|
return NextResponse.json({ error: "请求格式错误" }, { status: 400 });
|
|
}
|
|
|
|
const username = body.username?.trim() ?? "";
|
|
const password = body.password ?? "";
|
|
|
|
if (!verifyCredentials(username, password)) {
|
|
return NextResponse.json({ error: "用户名或密码错误" }, { status: 401 });
|
|
}
|
|
|
|
const token = await createSessionToken(username);
|
|
const res = NextResponse.json({ ok: true, username });
|
|
res.cookies.set(SESSION_COOKIE, token, {
|
|
httpOnly: true,
|
|
sameSite: "lax",
|
|
secure: process.env.NODE_ENV === "production",
|
|
path: "/",
|
|
maxAge: SESSION_MAX_AGE_SEC,
|
|
});
|
|
return res;
|
|
}
|