jason/mrp-qrcode
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b98837a72c769f5cfdf0b9afc7a68056466860e6
mrp-qrcode/app/api/auth/operator/login/route.ts
T
jason b98837a72c stage 1
2026-04-20 15:49:01 -05:00

81 lines
2.6 KiB
TypeScript
Raw Blame History

import { NextResponse, type NextRequest } from "next/server";
import { z } from "zod";
import { prisma } from "@/lib/prisma";
import { verifyPin, isValidPin } from "@/lib/password";
import { createSession } from "@/lib/session";
import { env } from "@/lib/env";
import { audit } from "@/lib/audit";
import { clientIp, userAgent } from "@/lib/request";
const Body = z.object({
operatorId: z.string().min(1),
pin: z.string().regex(/^\d{4}$/, "PIN must be 4 digits"),
});
export async function POST(req: NextRequest) {
const parsed = Body.safeParse(await req.json().catch(() => ({})));
if (!parsed.success) {
return NextResponse.json({ error: "Invalid PIN" }, { status: 400 });
}
const { operatorId, pin } = parsed.data;
if (!isValidPin(pin)) {
return NextResponse.json({ error: "Invalid PIN" }, { status: 400 });
}
const ip = clientIp(req);
const ua = userAgent(req);
const user = await prisma.user.findUnique({ where: { id: operatorId } });
if (!user || user.role !== "operator" || !user.active || !user.pinHash) {
await audit({ action: "login_failed", entity: "User", entityId: user?.id, ipAddress: ip });
return NextResponse.json({ error: "Invalid PIN" }, { status: 401 });
}
if (user.lockedUntil && user.lockedUntil.getTime() > Date.now()) {
const mins = Math.ceil((user.lockedUntil.getTime() - Date.now()) / 60000);
return NextResponse.json(
{ error: `Account locked. Try again in ${mins} minute${mins === 1 ? "" : "s"}.` },
{ status: 423 },
);
}
const ok = await verifyPin(pin, user.pinHash);
if (!ok) {
const attempts = user.failedAttempts + 1;
const shouldLock = attempts >= env.PIN_MAX_ATTEMPTS;
await prisma.user.update({
where: { id: user.id },
data: {
failedAttempts: shouldLock ? 0 : attempts,
lockedUntil: shouldLock ? new Date(Date.now() + env.PIN_LOCKOUT_MINUTES * 60_000) : null,
},
});
await audit({ action: "login_failed", entity: "User", entityId: user.id, ipAddress: ip });
return NextResponse.json(
{
error: shouldLock
? `Too many attempts. Locked for ${env.PIN_LOCKOUT_MINUTES} minutes.`
: "Invalid PIN",
},
{ status: shouldLock ? 423 : 401 },
);
}
await createSession({
userId: user.id,
role: "operator",
userAgent: ua,
ipAddress: ip,
});
await prisma.user.update({
where: { id: user.id },
data: { lastLoginAt: new Date(), failedAttempts: 0, lockedUntil: null },
});
await audit({ actorId: user.id, action: "login", entity: "User", entityId: user.id, ipAddress: ip });
return NextResponse.json({ ok: true, redirect: "/op" });
}
Reference in New Issue View Git Blame Copy Permalink