umami/pages/api/auth/login.ts

import redis from '@umami/redis-client';
import debug from 'debug';
import { setAuthKey } from 'lib/auth';
import { secret } from 'lib/crypto';
import { useValidate } from 'lib/middleware';
import { NextApiRequestQueryBody, User } from 'lib/types';
import { NextApiResponse } from 'next';
import {
  checkPassword,
  createSecureToken,
  forbidden,
  methodNotAllowed,
  ok,
  unauthorized,
} from 'next-basics';
import { getUserByUsername } from 'queries';
import * as yup from 'yup';

const log = debug('umami:auth');

export interface LoginRequestBody {
  username: string;
  password: string;
}

export interface LoginResponse {
  token: string;
  user: User;
}

const schema = {
  POST: yup.object().shape({
    username: yup.string().required(),
    password: yup.string().required(),
  }),
};

export default async (
  req: NextApiRequestQueryBody<any, LoginRequestBody>,
  res: NextApiResponse<LoginResponse>,
) => {
  if (process.env.DISABLE_LOGIN) {
    return forbidden(res);
  }

  req.yup = schema;
  await useValidate(req, res);

  if (req.method === 'POST') {
    const { username, password } = req.body;

    const user = await getUserByUsername(username, { includePassword: true });

    if (user && checkPassword(password, user.password)) {
      if (redis.enabled) {
        const token = await setAuthKey(user);

        return ok(res, { token, user });
      }

      const token = createSecureToken({ userId: user.id }, secret());

      return ok(res, {
        token,
        user: { id: user.id, username: user.username, role: user.role, createdAt: user.createdAt },
      });
    }

    log('Login failed:', { username, user });

    return unauthorized(res, 'message.incorrect-username-password');
  }

  return methodNotAllowed(res);
};
Add api validations. 2023-08-20 05:23:15 +00:00			`import redis from '@umami/redis-client';`
Added login debugging. 2023-04-25 04:35:09 +00:00			`import debug from 'debug';`
Add api validations. 2023-08-20 05:23:15 +00:00			`import { setAuthKey } from 'lib/auth';`
			`import { secret } from 'lib/crypto';`
			`import { useValidate } from 'lib/middleware';`
			`import { NextApiRequestQueryBody, User } from 'lib/types';`
Refactored SSO process. 2023-04-05 06:29:54 +00:00			`import { NextApiResponse } from 'next';`
Refactor authentication and token handling. 2022-11-09 06:58:52 +00:00			`import {`
			`checkPassword,`
			`createSecureToken,`
Check for DISABLE_LOGIN on api route. 2023-08-02 18:56:42 +00:00			`forbidden,`
Add api validations. 2023-08-20 05:23:15 +00:00			`methodNotAllowed,`
			`ok,`
			`unauthorized,`
Refactor authentication and token handling. 2022-11-09 06:58:52 +00:00			`} from 'next-basics';`
Refactored queries. 2023-07-30 05:03:34 +00:00			`import { getUserByUsername } from 'queries';`
Add api validations. 2023-08-20 05:23:15 +00:00			`import * as yup from 'yup';`
Initial Typescript models. 2022-11-15 21:21:14 +00:00
Added login debugging. 2023-04-25 04:35:09 +00:00			`const log = debug('umami:auth');`

Initial Typescript models. 2022-11-15 21:21:14 +00:00			`export interface LoginRequestBody {`
			`username: string;`
			`password: string;`
			`}`

			`export interface LoginResponse {`
			`token: string;`
			`user: User;`
			`}`

Add api validations. 2023-08-20 05:23:15 +00:00			`const schema = {`
			`POST: yup.object().shape({`
			`username: yup.string().required(),`
			`password: yup.string().required(),`
			`}),`
			`};`

Initial Typescript models. 2022-11-15 21:21:14 +00:00			`export default async (`
			`req: NextApiRequestQueryBody<any, LoginRequestBody>,`
			`res: NextApiResponse<LoginResponse>,`
			`) => {`
Check for DISABLE_LOGIN on api route. 2023-08-02 18:56:42 +00:00			`if (process.env.DISABLE_LOGIN) {`
			`return forbidden(res);`
			`}`

Add api validations. 2023-08-20 05:23:15 +00:00			`req.yup = schema;`
			`await useValidate(req, res);`

Refactor authentication and token handling. 2022-11-09 06:58:52 +00:00			`if (req.method === 'POST') {`
			`const { username, password } = req.body;`
Cookie authentication. 2020-07-22 22:46:05 +00:00
Refactored queries. 2023-07-30 05:03:34 +00:00			`const user = await getUserByUsername(username, { includePassword: true });`
Check username/password. 2021-10-04 03:44:02 +00:00
Refactor authentication and token handling. 2022-11-09 06:58:52 +00:00			`if (user && checkPassword(password, user.password)) {`
			`if (redis.enabled) {`
Refactored SSO process. 2023-04-05 06:29:54 +00:00			`const token = await setAuthKey(user);`
Refactor authentication and token handling. 2022-11-09 06:58:52 +00:00
			`return ok(res, { token, user });`
			`}`

fix redis auth issue 2023-03-03 20:30:12 +00:00			`const token = createSecureToken({ userId: user.id }, secret());`
Added rev_id column. Updated redis calls. 2022-11-08 00:22:49 +00:00
Fix update user. 2023-04-13 19:08:53 +00:00			`return ok(res, {`
			`token,`
add user role to login response 2023-05-16 19:17:51 +00:00			`user: { id: user.id, username: user.username, role: user.role, createdAt: user.createdAt },`
Fix update user. 2023-04-13 19:08:53 +00:00			`});`
Added rev_id column. Updated redis calls. 2022-11-08 00:22:49 +00:00			`}`

Remove password from logging. 2023-04-25 05:00:40 +00:00			`log('Login failed:', { username, user });`
Added login debugging. 2023-04-25 04:35:09 +00:00
Updated language bundles with new keys. 2023-04-08 20:14:22 +00:00			`return unauthorized(res, 'message.incorrect-username-password');`
Cookie authentication. 2020-07-22 22:46:05 +00:00			`}`
Display page views and unique visitors. 2020-07-29 02:04:45 +00:00
Refactor authentication and token handling. 2022-11-09 06:58:52 +00:00			`return methodNotAllowed(res);`
Cookie authentication. 2020-07-22 22:46:05 +00:00			`};`