From f9aae20f91a4858a683f9d573e531978c5982dc1 Mon Sep 17 00:00:00 2001
From: Bradley Shellnut <bradleyshellnut@protonmail.com>
Date: Thu, 12 May 2022 23:19:30 -0700
Subject: [PATCH] Fix login page endpoint, implement session passing, redirect
 on protected routes and login.

---
 src/app.d.ts                                 |  8 +-
 src/hooks.ts                                 | 33 +++++++
 src/lib/api.ts                               |  3 +-
 src/routes/auth/login/index.svelte           | 96 ++++++++++----------
 src/routes/auth/login/{login.ts => index.ts} |  2 -
 src/routes/auth/register/index.svelte        | 94 +++++++++++--------
 src/routes/protected/index.svelte            | 27 ++++++
 7 files changed, 170 insertions(+), 93 deletions(-)
 create mode 100644 src/hooks.ts
 rename src/routes/auth/login/{login.ts => index.ts} (95%)
 create mode 100644 src/routes/protected/index.svelte

diff --git a/src/app.d.ts b/src/app.d.ts
index 121720c..7b24d58 100644
--- a/src/app.d.ts
+++ b/src/app.d.ts
@@ -3,8 +3,12 @@
 // See https://kit.svelte.dev/docs/types#app
 // for information about these interfaces
 declare namespace App {
-	// interface Locals {}
+	interface Locals {
+		user?: { username: string }
+	}
 	// interface Platform {}
-	// interface Session {}
+	interface Session {
+		user?: { username: string }
+	}
 	// interface Stuff {}
 }
diff --git a/src/hooks.ts b/src/hooks.ts
new file mode 100644
index 0000000..c5517e0
--- /dev/null
+++ b/src/hooks.ts
@@ -0,0 +1,33 @@
+import type { GetSession, Handle } from "@sveltejs/kit"
+import * as cookie from 'cookie'
+
+import { db } from '$lib/database'
+
+export const handle: Handle = async ({ event, resolve }) => {
+  const cookieHeader = event.request.headers.get('cookie')
+  const cookies = cookie.parse(cookieHeader ?? '')
+
+  if (!cookies.session) {
+    return await resolve(event)
+  }
+
+  const session = await db.user.findUnique({
+    where: { id: cookies.session },
+  })
+
+  if (session) {
+    event.locals.user = { username: session.username }
+  }
+
+  return await resolve(event)
+}
+
+export const getSession: GetSession = ({ locals }) => {
+  if (!locals.user) return {}
+
+  return {
+    user: {
+      username: locals.user.username
+    }
+  }
+}
\ No newline at end of file
diff --git a/src/lib/api.ts b/src/lib/api.ts
index d4931c6..96db1a3 100644
--- a/src/lib/api.ts
+++ b/src/lib/api.ts
@@ -8,8 +8,7 @@ export async function send(form: HTMLFormElement): Send {
   const response = await fetch(form.action, {
     method: form.method,
     body: new FormData(form),
-    headers: { accept: 'application/json' }
+    headers: { accept: 'application/json' },
   })
-
   return await response.json()
 }
\ No newline at end of file
diff --git a/src/routes/auth/login/index.svelte b/src/routes/auth/login/index.svelte
index a3ef9d0..fa45ace 100644
--- a/src/routes/auth/login/index.svelte
+++ b/src/routes/auth/login/index.svelte
@@ -1,57 +1,57 @@
-<script lang="ts">
-  import { session } from '$app/stores'
-  import { send } from '$lib/api'
+<script context="module" lang="ts">
+	export const load: Load = ({ session, props }) => {
+		if (session.user) {
+			return {
+				status: 302,
+				redirect: '/'
+			};
+		}
 
-  export let error: string
-
-  async function login(event: SubmitEvent) {
-    const formEl = event.target as HTMLFormElement
-    const response = await send(formEl)
-
-    if (response.error) {
-      error = response.error
-    }
-
-    $session.user = response.user
-
-    formEl.reset()
-  }
+		return { props };
+	};
 </script>
 
-<form
-  on:submit|preventDefault={login}
-  method="post"
-  autocomplete="off"
->
-  <div>
-    <label for="username">Username</label>
-    <input
-      id="username"
-      name="username"
-      type="username"
-      required
-    />
-  </div>
+<script lang="ts">
+	import { session } from '$app/stores';
+	import { send } from '$lib/api';
+	import type { Load } from '@sveltejs/kit';
 
-  <div>
-    <label for="password">Password</label>
-    <input
-      id="password"
-      name="password"
-      type="password"
-      required
-    />
-  </div>
+	export let error: string;
 
-  {#if error}
-    <p class="error">{error}</p>
-  {/if}
+	async function login(event: SubmitEvent) {
+		const formEl = event.target as HTMLFormElement;
+		const response = await send(formEl);
 
-  <button type="submit">Sign In</button>
+		if (response.error) {
+			error = response.error;
+		}
+
+		$session.user = response.user;
+
+		formEl.reset();
+	}
+</script>
+
+<form on:submit|preventDefault={login} method="post" autocomplete="off">
+	<div>
+		<label for="username">Username</label>
+		<input id="username" name="username" type="username" required />
+	</div>
+
+	<div>
+		<label for="password">Password</label>
+		<input id="password" name="password" type="password" required />
+	</div>
+
+	{#if error}
+		<p class="error">{error}</p>
+	{/if}
+
+	<button type="submit">Sign In</button>
 </form>
 
 <style>
-  .error {
-    color: tomato;
-  }
-</style>
\ No newline at end of file
+	.error {
+		color: tomato;
+	}
+</style>
diff --git a/src/routes/auth/login/login.ts b/src/routes/auth/login/index.ts
similarity index 95%
rename from src/routes/auth/login/login.ts
rename to src/routes/auth/login/index.ts
index f90c02b..69d58b3 100644
--- a/src/routes/auth/login/login.ts
+++ b/src/routes/auth/login/index.ts
@@ -7,9 +7,7 @@ import { db } from '$lib/database'
 export const post: RequestHandler = async ({ request }) => {
   const form = await request.formData()
   const username = form.get('username')
-  console.log('username', username);
   const password = form.get('password')
-  console.log('password', password);
 
   if (
     typeof username !== 'string' ||
diff --git a/src/routes/auth/register/index.svelte b/src/routes/auth/register/index.svelte
index 35b23a6..fc2283c 100644
--- a/src/routes/auth/register/index.svelte
+++ b/src/routes/auth/register/index.svelte
@@ -1,55 +1,71 @@
+<script context="module" lang="ts">
+	export const load: Load = ({ session, props }) => {
+		if (session.user) {
+			return {
+				status: 302,
+				redirect: '/'
+			};
+		}
+
+		return { props };
+	};
+</script>
+
 <script type="ts">
-  import {send} from '$lib/api';
+	import { send } from '$lib/api';
+	import type { Load } from '@sveltejs/kit';
 
-  export let error: string;
-  export let success: string;
+	export let error: string;
+	export let success: string;
 
-  async function register(event: SubmitEvent) {
-    error = ''
+	async function register(event: SubmitEvent) {
+		error = '';
 
-    const formEl = event.target as HTMLFormElement
-    const response = await send(formEl)
+		const formEl = event.target as HTMLFormElement;
+		const response = await send(formEl);
 
-    if (response.error) {
-      error = response.error
-    }
+		if (response.error) {
+			error = response.error;
+		}
 
-    if (response.success) {
-      success = response.success
-    }
+		if (response.success) {
+			success = response.success;
+		}
 
-    formEl.reset()
-  }
+		formEl.reset();
+	}
 </script>
 
 <form on:submit|preventDefault={register} method="post" autocomplete="off">
-  <div>
-    <label for="username">Username
-      <input id="username" name="username" type="text" required />
-    </label>
-  </div>
-  <div>
-    <label for="password">Password
-      <input id="password" name="password" type="password" required />
-    </label>
-  </div>
+	<div>
+		<label for="username"
+			>Username
+			<input id="username" name="username" type="text" required />
+		</label>
+	</div>
+	<div>
+		<label for="password"
+			>Password
+			<input id="password" name="password" type="password" required />
+		</label>
+	</div>
 
-  {#if error}
-    <p class="error">{error}</p>
-  {/if}
+	{#if error}
+		<p class="error">{error}</p>
+	{/if}
 
-  {#if success}
-    <div>
-      <p>Thank you for signing up!</p>
-      <p><a href="/auth/login">You can log in.</a></p>
-    </div>
-  {/if}
+	{#if success}
+		<div>
+			<p>Thank you for signing up!</p>
+			<p><a href="/auth/login">You can log in.</a></p>
+		</div>
+	{/if}
 
-  <button type="submit">Sign Up</button>
+	<button type="submit">Sign Up</button>
 </form>
 
 <style>
-  .error {
-    color: tomato;
-  }
-</style>
\ No newline at end of file
+	.error {
+		color: tomato;
+	}
+</style>
diff --git a/src/routes/protected/index.svelte b/src/routes/protected/index.svelte
new file mode 100644
index 0000000..144f832
--- /dev/null
+++ b/src/routes/protected/index.svelte
@@ -0,0 +1,27 @@
+<script context="module" lang="ts">
+	import type { Load } from '@sveltejs/kit';
+
+	export const load: Load = ({ session }) => {
+		if (!session.user) {
+			return {
+				status: 302,
+				redirect: '/auth/login'
+			};
+		}
+
+		return {
+			status: 200,
+			props: {
+				user: session.user.username
+			}
+		};
+	};
+</script>
+
+<script lang="ts">
+	export let user: string;
+</script>
+
+<h1>Protected</h1>
+
+<p>Weclome {user}</p>