jason
53 lines
1.7 KiB
TypeScript
53 lines
1.7 KiB
TypeScript
import { NextResponse, type NextRequest } from "next/server";
|
|
import { z } from "zod";
|
|
import { prisma } from "@/lib/prisma";
|
|
import { verifyPassword } from "@/lib/password";
|
|
import { createSession } from "@/lib/session";
|
|
import { audit } from "@/lib/audit";
|
|
import { clientIp, userAgent } from "@/lib/request";
|
|
|
|
const Body = z.object({
|
|
email: z.string().email(),
|
|
password: z.string().min(1),
|
|
});
|
|
|
|
export async function POST(req: NextRequest) {
|
|
const parsed = Body.safeParse(await req.json().catch(() => ({})));
|
|
if (!parsed.success) {
|
|
return NextResponse.json({ error: "Invalid email or password" }, { status: 400 });
|
|
}
|
|
|
|
const { email, password } = parsed.data;
|
|
const user = await prisma.user.findUnique({ where: { email } });
|
|
|
|
const ip = clientIp(req);
|
|
const ua = userAgent(req);
|
|
|
|
if (!user || user.role !== "admin" || !user.active || !user.passwordHash) {
|
|
await audit({ action: "login_failed", entity: "User", entityId: user?.id, ipAddress: ip });
|
|
return NextResponse.json({ error: "Invalid email or password" }, { status: 401 });
|
|
}
|
|
|
|
const ok = await verifyPassword(password, user.passwordHash);
|
|
if (!ok) {
|
|
await audit({ action: "login_failed", entity: "User", entityId: user.id, ipAddress: ip });
|
|
return NextResponse.json({ error: "Invalid email or password" }, { status: 401 });
|
|
}
|
|
|
|
await createSession({
|
|
userId: user.id,
|
|
role: "admin",
|
|
userAgent: ua,
|
|
ipAddress: ip,
|
|
});
|
|
|
|
await prisma.user.update({
|
|
where: { id: user.id },
|
|
data: { lastLoginAt: new Date(), failedAttempts: 0, lockedUntil: null },
|
|
});
|
|
|
|
await audit({ actorId: user.id, action: "login", entity: "User", entityId: user.id, ipAddress: ip });
|
|
|
|
return NextResponse.json({ ok: true, redirect: "/admin" });
|
|
}
|