Initial commit, scaffold and base login with cookies.

2025-09-08 17:40:33 +00:00 · 2022-05-12 19:47:04 -07:00 · 2022-05-12 19:47:04 -07:00 · 4672da6f4a
commit 4672da6f4a
24 changed files with 3591 additions and 0 deletions
--- a/.eslintrc.cjs
+++ b/.eslintrc.cjs
@ -0,0 +1,20 @@
+module.exports = {
+	root: true,
+	parser: '@typescript-eslint/parser',
+	extends: ['eslint:recommended', 'plugin:@typescript-eslint/recommended', 'prettier'],
+	plugins: ['svelte3', '@typescript-eslint'],
+	ignorePatterns: ['*.cjs'],
+	overrides: [{ files: ['*.svelte'], processor: 'svelte3/svelte3' }],
+	settings: {
+		'svelte3/typescript': () => require('typescript')
+	},
+	parserOptions: {
+		sourceType: 'module',
+		ecmaVersion: 2020
+	},
+	env: {
+		browser: true,
+		es2017: true,
+		node: true
+	}
+};
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,8 @@
+.DS_Store
+node_modules
+/build
+/.svelte-kit
+/package
+.env
+.env.*
+!.env.example
--- a/.npmrc
+++ b/.npmrc
@ -0,0 +1 @@
+engine-strict=true
--- a/.prettierrc
+++ b/.prettierrc
@ -0,0 +1,6 @@
+{
+	"useTabs": true,
+	"singleQuote": true,
+	"trailingComma": "none",
+	"printWidth": 100
+}
--- a/README.md
+++ b/README.md
@ -0,0 +1,38 @@
+# create-svelte
+
+Everything you need to build a Svelte project, powered by [`create-svelte`](https://github.com/sveltejs/kit/tree/master/packages/create-svelte).
+
+## Creating a project
+
+If you're seeing this, you've probably already done this step. Congrats!
+
+```bash
+# create a new project in the current directory
+npm init svelte
+
+# create a new project in my-app
+npm init svelte my-app
+```
+
+## Developing
+
+Once you've created a project and installed dependencies with `npm install` (or `pnpm install` or `yarn`), start a development server:
+
+```bash
+npm run dev
+
+# or start the server and open the app in a new browser tab
+npm run dev -- --open
+```
+
+## Building
+
+To create a production version of your app:
+
+```bash
+npm run build
+```
+
+You can preview the production build with `npm run preview`.
+
+> To deploy your app, you may need to install an [adapter](https://kit.svelte.dev/docs/adapters) for your target environment.
--- a/package.json
+++ b/package.json
@ -0,0 +1,41 @@
+{
+  "name": "sveltekit-auth-cookies",
+  "version": "0.0.1",
+  "scripts": {
+    "dev": "svelte-kit dev",
+    "build": "svelte-kit build",
+    "package": "svelte-kit package",
+    "preview": "svelte-kit preview",
+    "prepare": "svelte-kit sync",
+    "test": "playwright test",
+    "check": "svelte-check --tsconfig ./tsconfig.json",
+    "check:watch": "svelte-check --tsconfig ./tsconfig.json --watch",
+    "lint": "prettier --ignore-path .gitignore --check --plugin-search-dir=. . && eslint --ignore-path .gitignore .",
+    "format": "prettier --ignore-path .gitignore --write --plugin-search-dir=. ."
+  },
+  "devDependencies": {
+    "@playwright/test": "^1.21.0",
+    "@sveltejs/adapter-auto": "next",
+    "@sveltejs/kit": "next",
+    "@types/bcrypt": "^5.0.0",
+    "@types/cookie": "^0.5.1",
+    "@typescript-eslint/eslint-plugin": "^5.10.1",
+    "@typescript-eslint/parser": "^5.10.1",
+    "eslint": "^8.12.0",
+    "eslint-config-prettier": "^8.3.0",
+    "eslint-plugin-svelte3": "^4.0.0",
+    "prettier": "^2.5.1",
+    "prettier-plugin-svelte": "^2.5.0",
+    "svelte": "^3.44.0",
+    "svelte-check": "^2.2.6",
+    "svelte-preprocess": "^4.10.1",
+    "tslib": "^2.3.1",
+    "typescript": "~4.6.2"
+  },
+  "type": "module",
+  "dependencies": {
+    "@prisma/client": "^3.14.0",
+    "bcrypt": "^5.0.1",
+    "cookie": "^0.5.0"
+  }
+}
--- a/playwright.config.ts
+++ b/playwright.config.ts
@ -0,0 +1,10 @@
+import type { PlaywrightTestConfig } from '@playwright/test';
+
+const config: PlaywrightTestConfig = {
+	webServer: {
+		command: 'npm run build && npm run preview',
+		port: 3000
+	}
+};
+
+export default config;
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
--- a/prisma/dev.db
+++ b/prisma/dev.db
--- a/prisma/schema.prisma
+++ b/prisma/schema.prisma
@ -0,0 +1,19 @@
+// This is your Prisma schema file,
+// learn more about it in the docs: https://pris.ly/d/prisma-schema
+
+generator client {
+  provider = "prisma-client-js"
+}
+
+datasource db {
+  provider = "sqlite"
+  url      = env("DATABASE_URL")
+}
+
+model User {
+  id           String   @id @default(uuid())
+  createdAt    DateTime @default(now())
+  updatedAt    DateTime @updatedAt
+  username     String   @unique
+  passwordHash String
+}
--- a/src/app.d.ts
+++ b/src/app.d.ts
@ -0,0 +1,10 @@
+/// <reference types="@sveltejs/kit" />
+
+// See https://kit.svelte.dev/docs/types#app
+// for information about these interfaces
+declare namespace App {
+	// interface Locals {}
+	// interface Platform {}
+	// interface Session {}
+	// interface Stuff {}
+}
--- a/src/app.html
+++ b/src/app.html
@ -0,0 +1,77 @@
+<!DOCTYPE html>
+<html lang="en">
+	<head>
+    <meta charset="utf-8" />
+    <meta
+      name="viewport"
+      content="width=device-width, initial-scale=1"
+    />
+    <link rel="icon" href="https://fav.farm/🍪" />
+    <style>
+      body {
+        padding: 1rem;
+        font-family: sans-serif;
+        color: hsl(220 20% 98%);
+        background-color: hsl(220 20% 10%);
+      }
+
+      form {
+        margin: 2rem 0;
+        display: grid;
+        justify-content: start;
+        row-gap: 1rem;
+      }
+
+      label {
+        display: block;
+        margin-bottom: 0.4rem;
+        color: hsl(220 20% 80%);
+      }
+
+      input,
+      button {
+        padding: 1rem;
+        font: inherit;
+        color: inherit;
+        background-color: hsl(220 20% 20%);
+        border: none;
+        border-radius: 1rem;
+        border: 1px solid hsl(220 20% 28%);
+      }
+
+      button {
+        margin-top: 0.4rem;
+        font-weight: 700;
+        cursor: pointer;
+        max-width: 140px;
+      }
+
+      nav {
+        display: flex;
+        gap: 1rem;
+        margin-bottom: 2rem;
+      }
+
+      a {
+        color: inherit;
+      }
+
+      nav a {
+        font-weight: 700;
+        text-decoration: none;
+      }
+
+      nav a:hover {
+        text-decoration: underline;
+      }
+
+      .error {
+        font-weight: 700;
+      }
+    </style>
+		%svelte.head%
+	</head>
+	<body>
+		<div>%svelte.body%</div>
+	</body>
+</html>
--- a/src/lib/api.ts
+++ b/src/lib/api.ts
@ -0,0 +1,15 @@
+type Send = Promise<{
+  error?: string
+  success?: string
+  user?: { username: string }
+}>
+
+export async function send(form: HTMLFormElement): Send {
+  const response = await fetch(form.action, {
+    method: form.method,
+    body: new FormData(form),
+    headers: { accept: 'application/json' }
+  })
+
+  return await response.json()
+}
--- a/src/lib/database.ts
+++ b/src/lib/database.ts
@ -0,0 +1,3 @@
+import prisma from '@prisma/client'
+
+export const db = new prisma.PrismaClient()
--- a/src/routes/__layout.svelte
+++ b/src/routes/__layout.svelte
@ -0,0 +1,14 @@
+<svelte:head>
+  <title>SvelteKit Auth</title>
+</svelte:head>
+
+<nav>
+  <a href="/">Home</a>
+  <a href="/auth/login">Login</a>
+  <a href="/auth/register">Register</a>
+
+  <a href="/protected">Admin</a>
+  <a href="/auth/logout">Log out</a>
+</nav>
+
+<slot />
--- a/src/routes/auth/login/index.svelte
+++ b/src/routes/auth/login/index.svelte
@ -0,0 +1,57 @@
+<script lang="ts">
+  import { session } from '$app/stores'
+  import { send } from '$lib/api'
+
+  export let error: string
+
+  async function login(event: SubmitEvent) {
+    const formEl = event.target as HTMLFormElement
+    const response = await send(formEl)
+
+    if (response.error) {
+      error = response.error
+    }
+
+    $session.user = response.user
+
+    formEl.reset()
+  }
+</script>
+
+<form
+  on:submit|preventDefault={login}
+  method="post"
+  autocomplete="off"
+>
+  <div>
+    <label for="username">Username</label>
+    <input
+      id="username"
+      name="username"
+      type="username"
+      required
+    />
+  </div>
+
+  <div>
+    <label for="password">Password</label>
+    <input
+      id="password"
+      name="password"
+      type="password"
+      required
+    />
+  </div>
+
+  {#if error}
+    <p class="error">{error}</p>
+  {/if}
+
+  <button type="submit">Sign In</button>
+</form>
+
+<style>
+  .error {
+    color: tomato;
+  }
+</style>
--- a/src/routes/auth/login/login.ts
+++ b/src/routes/auth/login/login.ts
@ -0,0 +1,75 @@
+import type { RequestHandler } from '@sveltejs/kit'
+import * as bcrypt from 'bcrypt'
+import * as cookie from 'cookie'
+
+import { db } from '$lib/database'
+
+export const post: RequestHandler = async ({ request }) => {
+  const form = await request.formData()
+  const username = form.get('username')
+  console.log('username', username);
+  const password = form.get('password')
+  console.log('password', password);
+
+  if (
+    typeof username !== 'string' ||
+    typeof password !== 'string'
+  ) {
+    return {
+      status: 400,
+      body: {
+        error: 'Enter a valid username and password.',
+      },
+    }
+  }
+
+  if (!username || !password) {
+    return {
+      status: 400,
+      body: {
+        error: 'Username and password is required.',
+      },
+    }
+  }
+
+  const user = await db.user.findUnique({
+    where: { username },
+  })
+  const passwordMatch =
+    user &&
+    (await bcrypt.compare(password, user.passwordHash))
+
+  if (!user || !passwordMatch) {
+    return {
+      status: 400,
+      body: {
+        error: 'You entered the wrong credentials.',
+      },
+    }
+  }
+
+  return {
+    status: 200,
+    body: {
+      // for updating the session on the client
+      user: { username },
+      success: 'Success.',
+    },
+    headers: {
+      'Set-Cookie': cookie.serialize('session', user.id, {
+        // send cookie for every page
+        path: '/',
+        // server side only cookie so you can't use `document.cookie`
+        httpOnly: true,
+        // only requests from same site can send cookies
+        // and serves to protect from CSRF
+        // https://developer.mozilla.org/en-US/docs/Glossary/CSRF
+        sameSite: 'strict',
+        // only sent over HTTPS
+        secure: process.env.NODE_ENV === 'production',
+        // set cookie to expire after a month
+        maxAge: 60 * 60 * 24 * 30,
+      }),
+    },
+  }
+}
--- a/src/routes/auth/register/index.svelte
+++ b/src/routes/auth/register/index.svelte
@ -0,0 +1,55 @@
+<script type="ts">
+  import {send} from '$lib/api';
+
+  export let error: string;
+  export let success: string;
+
+  async function register(event: SubmitEvent) {
+    error = ''
+
+    const formEl = event.target as HTMLFormElement
+    const response = await send(formEl)
+
+    if (response.error) {
+      error = response.error
+    }
+
+    if (response.success) {
+      success = response.success
+    }
+
+    formEl.reset()
+  }
+</script>
+
+<form on:submit|preventDefault={register} method="post" autocomplete="off">
+  <div>
+    <label for="username">Username
+      <input id="username" name="username" type="text" required />
+    </label>
+  </div>
+  <div>
+    <label for="password">Password
+      <input id="password" name="password" type="password" required />
+    </label>
+  </div>
+
+  {#if error}
+    <p class="error">{error}</p>
+  {/if}
+
+  {#if success}
+    <div>
+      <p>Thank you for signing up!</p>
+      <p><a href="/auth/login">You can log in.</a></p>
+    </div>
+  {/if}
+
+  <button type="submit">Sign Up</button>
+</form>
+
+<style>
+  .error {
+    color: tomato;
+  }
+</style>
--- a/src/routes/auth/register/index.ts
+++ b/src/routes/auth/register/index.ts
@ -0,0 +1,50 @@
+import type { RequestHandler } from "@sveltejs/kit"
+import * as bcrypt from 'bcrypt';
+
+import { db } from "$lib/database"
+
+export const post: RequestHandler = async ({request}) => {
+  const form = await request.formData()
+  const username = form.get('username')
+  const password = form.get('password')
+
+  if (typeof username !== 'string' || typeof password !== 'string') {
+    return {
+      status: 400,
+      body: {
+        error: 'Something went horribly wrong.'
+      }
+    }
+  }
+
+  if (!username || !password) {
+    return {
+      status: 400,
+      body: {
+        error: 'Username and password are required'
+      }
+    }
+  }
+
+  try {
+    await db.user.create({
+      data: {
+        username,
+        passwordHash: await bcrypt.hash(password, 10),
+      }
+    })
+
+    return {
+      status: 200,
+      body: { success: 'Success.' }
+    }
+  } catch (error) {
+    return {
+      status: 400,
+      body: {
+        error: 'User already exists.'
+      }
+    }
+  }
+
+}
--- a/src/routes/index.svelte
+++ b/src/routes/index.svelte
@ -0,0 +1 @@
+<h1>Public</h1>
--- a/static/favicon.png
+++ b/static/favicon.png
--- a/svelte.config.js
+++ b/svelte.config.js
@ -0,0 +1,15 @@
+import adapter from '@sveltejs/adapter-auto';
+import preprocess from 'svelte-preprocess';
+
+/** @type {import('@sveltejs/kit').Config} */
+const config = {
+	// Consult https://github.com/sveltejs/svelte-preprocess
+	// for more information about preprocessors
+	preprocess: preprocess(),
+
+	kit: {
+		adapter: adapter()
+	}
+};
+
+export default config;
--- a/tests/test.ts
+++ b/tests/test.ts
@ -0,0 +1,6 @@
+import { expect, test } from '@playwright/test';
+
+test('index page has expected h1', async ({ page }) => {
+	await page.goto('/');
+	expect(await page.textContent('h1')).toBe('Welcome to SvelteKit');
+});
--- a/tsconfig.json
+++ b/tsconfig.json
@ -0,0 +1,17 @@
+{
+	"extends": "./.svelte-kit/tsconfig.json",
+	"compilerOptions": {
+		"allowJs": true,
+		"checkJs": true,
+		"esModuleInterop": true,
+		"forceConsistentCasingInFileNames": true,
+		"lib": ["es2020", "DOM"],
+		"moduleResolution": "node",
+		"module": "es2020",
+		"resolveJsonModule": true,
+		"skipLibCheck": true,
+		"sourceMap": true,
+		"strict": true,
+		"target": "es2020"
+	}
+}