mirror of
https://github.com/BradNut/boredgame
synced 2025-09-08 17:40:22 +00:00
160 lines
4.9 KiB
TypeScript
160 lines
4.9 KiB
TypeScript
import { fail, type Actions } from '@sveltejs/kit';
|
|
import { eq, or } from 'drizzle-orm';
|
|
import { Argon2id } from 'oslo/password';
|
|
import { zod } from 'sveltekit-superforms/adapters';
|
|
import { setError, superValidate } from 'sveltekit-superforms/server';
|
|
import { redirect } from 'sveltekit-flash-message/server';
|
|
import { RateLimiter } from 'sveltekit-rate-limiter/server';
|
|
import db from '../../../db';
|
|
import { lucia } from '$lib/server/auth';
|
|
import { twoFactor, usersTable, type Users } from '$db/schema';
|
|
import type { PageServerLoad } from './$types';
|
|
import {signinUsernameDto} from "$lib/dtos/signin-username.dto";
|
|
|
|
export const load: PageServerLoad = async (event) => {
|
|
const { locals } = event;
|
|
|
|
const authedUser = await locals.getAuthedUser();
|
|
|
|
if (authedUser) {
|
|
const message = { type: 'success', message: 'You are already signed in' } as const;
|
|
throw redirect('/', message, event);
|
|
}
|
|
|
|
// if (userFullyAuthenticated(user, session)) {
|
|
// const message = { type: 'success', message: 'You are already signed in' } as const;
|
|
// throw redirect('/', message, event);
|
|
// } else if (userNotFullyAuthenticated(user, session)) {
|
|
// await lucia.invalidateSession(locals.session!.id!);
|
|
// const sessionCookie = lucia.createBlankSessionCookie();
|
|
// cookies.set(sessionCookie.name, sessionCookie.value, {
|
|
// path: '.',
|
|
// ...sessionCookie.attributes,
|
|
// });
|
|
// }
|
|
const form = await superValidate(event, zod(signinUsernameDto));
|
|
|
|
return {
|
|
form,
|
|
};
|
|
};
|
|
|
|
export const actions: Actions = {
|
|
default: async (event) => {
|
|
// if (await limiter.isLimited(event)) {
|
|
// throw error(429);
|
|
// }
|
|
|
|
const { locals } = event;
|
|
|
|
const authedUser = await locals.getAuthedUser();
|
|
|
|
if (authedUser) {
|
|
const message = { type: 'success', message: 'You are already signed in' } as const;
|
|
throw redirect('/', message, event);
|
|
}
|
|
|
|
const form = await superValidate(event, zod(signinUsernameDto));
|
|
|
|
const { error } = await locals.api.login.$post({ json: form.data }).then(locals.parseApiResponse);
|
|
if (error) return setError(form, 'username', error);
|
|
|
|
if (!form.valid) {
|
|
form.data.password = '';
|
|
return fail(400, {
|
|
form,
|
|
});
|
|
}
|
|
|
|
let session;
|
|
let sessionCookie;
|
|
const user: Users | undefined = await db.query.usersTable.findFirst({
|
|
where: or(eq(usersTable.username, form.data.username), eq(usersTable.email, form.data.username)),
|
|
});
|
|
|
|
if (!user) {
|
|
form.data.password = '';
|
|
return setError(form, 'username', 'Your username or password is incorrect.');
|
|
}
|
|
|
|
let twoFactorDetails;
|
|
|
|
try {
|
|
const password = form.data.password;
|
|
console.log('user', JSON.stringify(user, null, 2));
|
|
|
|
if (!user?.hashed_password) {
|
|
console.log('invalid username/password');
|
|
form.data.password = '';
|
|
return setError(form, 'password', 'Your username or password is incorrect.');
|
|
}
|
|
|
|
const validPassword = await new Argon2id().verify(user.hashed_password, password);
|
|
if (!validPassword) {
|
|
console.log('invalid password');
|
|
form.data.password = '';
|
|
return setError(form, 'password', 'Your username or password is incorrect.');
|
|
}
|
|
|
|
console.log('ip', locals.ip);
|
|
console.log('country', locals.country);
|
|
|
|
twoFactorDetails = await db.query.twoFactor.findFirst({
|
|
where: eq(twoFactor.userId, user?.id),
|
|
});
|
|
|
|
if (twoFactorDetails?.secret && twoFactorDetails?.enabled) {
|
|
await db.update(twoFactor).set({
|
|
initiatedTime: new Date(),
|
|
});
|
|
|
|
session = await lucia.createSession(user.id, {
|
|
ip_country: locals.country,
|
|
ip_address: locals.ip,
|
|
twoFactorAuthEnabled:
|
|
twoFactorDetails?.enabled &&
|
|
twoFactorDetails?.secret !== null &&
|
|
twoFactorDetails?.secret !== '',
|
|
isTwoFactorAuthenticated: false,
|
|
});
|
|
} else {
|
|
session = await lucia.createSession(user.id, {
|
|
ip_country: locals.country,
|
|
ip_address: locals.ip,
|
|
twoFactorAuthEnabled: false,
|
|
isTwoFactorAuthenticated: false,
|
|
});
|
|
}
|
|
console.log('logging in session', session);
|
|
sessionCookie = lucia.createSessionCookie(session.id);
|
|
console.log('logging in session cookie', sessionCookie);
|
|
} catch (e) {
|
|
// TODO: need to return error message to the client
|
|
console.error(e);
|
|
form.data.password = '';
|
|
return setError(form, '', 'Your username or password is incorrect.');
|
|
}
|
|
|
|
console.log('setting session cookie', sessionCookie);
|
|
event.cookies.set(sessionCookie.name, sessionCookie.value, {
|
|
path: '.',
|
|
...sessionCookie.attributes,
|
|
});
|
|
|
|
form.data.username = '';
|
|
form.data.password = '';
|
|
|
|
if (
|
|
twoFactorDetails?.enabled &&
|
|
twoFactorDetails?.secret !== null &&
|
|
twoFactorDetails?.secret !== ''
|
|
) {
|
|
console.log('redirecting to TOTP page');
|
|
const message = { type: 'success', message: 'Please enter your TOTP code.' } as const;
|
|
redirect(302, '/totp', message, event);
|
|
} else {
|
|
const message = { type: 'success', message: 'Signed In!' } as const;
|
|
redirect(302, '/', message, event);
|
|
}
|
|
},
|
|
};
|