61 lines
1.6 KiB
TypeScript
61 lines
1.6 KiB
TypeScript
import { NextRequest, NextResponse } from 'next/server'
|
|
import { cookies } from 'next/headers'
|
|
import { login, createToken } from '@/lib/auth'
|
|
import { loginSchema } from '@/lib/validations'
|
|
import { prisma } from '@/lib/db'
|
|
import { loginLimiter, getClientIp, rateLimitResponse } from '@/lib/rate-limit'
|
|
|
|
export async function POST(request: NextRequest) {
|
|
try {
|
|
const ip = getClientIp(request)
|
|
const rl = loginLimiter.check(ip)
|
|
if (!rl.success) return rateLimitResponse(rl.resetAt)
|
|
|
|
const body = await request.json()
|
|
|
|
const validated = loginSchema.safeParse(body)
|
|
if (!validated.success) {
|
|
return NextResponse.json(
|
|
{ error: 'Ungültige Eingabedaten' },
|
|
{ status: 400 }
|
|
)
|
|
}
|
|
|
|
const { email, password } = validated.data
|
|
const result = await login(email, password)
|
|
|
|
if (!result.success || !result.user) {
|
|
return NextResponse.json(
|
|
{ error: result.error || 'Login fehlgeschlagen' },
|
|
{ status: 401 }
|
|
)
|
|
}
|
|
|
|
// Update lastLoginAt
|
|
try {
|
|
await (prisma as any).user.update({
|
|
where: { id: result.user.id },
|
|
data: { lastLoginAt: new Date() },
|
|
})
|
|
} catch {}
|
|
|
|
const token = await createToken(result.user)
|
|
|
|
;(await cookies()).set('auth-token', token, {
|
|
httpOnly: true,
|
|
secure: process.env.NODE_ENV === 'production',
|
|
sameSite: 'lax',
|
|
maxAge: 60 * 60 * 24, // 24 hours
|
|
path: '/',
|
|
})
|
|
|
|
return NextResponse.json({ user: result.user })
|
|
} catch (error) {
|
|
console.error('Login error:', error)
|
|
return NextResponse.json(
|
|
{ error: 'Interner Serverfehler' },
|
|
{ status: 500 }
|
|
)
|
|
}
|
|
}
|