started integrating auth with lucia

2025-07-31 08:04:54 +02:00 · 2024-10-01 20:48:03 -04:00 · 2024-10-01 20:48:03 -04:00 · fc5dca136f
commit fc5dca136f
parent a33a8d7367
20 changed files with 1341 additions and 61 deletions
--- a/server/auth/login.ts
+++ b/server/auth/login.ts
@ -0,0 +1,78 @@
+import { verify } from "@node-rs/argon2";
+import lucia from "@server/auth";
+import db from "@server/db";
+import { users } from "@server/db/schema";
+import HttpCode from "@server/types/HttpCode";
+import response from "@server/utils/response";
+import { eq } from "drizzle-orm";
+import { NextFunction, Request, Response } from "express";
+import createHttpError from "http-errors";
+import { z } from "zod";
+import { fromError } from "zod-validation-error";
+
+export const loginBodySchema = z.object({
+    email: z.string().email(),
+    password: z.string(),
+});
+
+export async function login(req: Request, res: Response, next: NextFunction) {
+    const parsedBody = loginBodySchema.safeParse(req.body);
+
+    if (!parsedBody.success) {
+        return next(
+            createHttpError(
+                HttpCode.BAD_REQUEST,
+                fromError(parsedBody.error).toString(),
+            ),
+        );
+    }
+
+    const { email, password } = parsedBody.data;
+
+    const existingUserRes = await db
+        .select()
+        .from(users)
+        .where(eq(users.email, email));
+    if (!existingUserRes || !existingUserRes.length) {
+        return next(
+            createHttpError(
+                HttpCode.BAD_REQUEST,
+                "A user with that email address does not exist",
+            ),
+        );
+    }
+
+    const existingUser = existingUserRes[0];
+
+    const validPassword = await verify(existingUser.passwordHash, password, {
+        memoryCost: 19456,
+        timeCost: 2,
+        outputLen: 32,
+        parallelism: 1,
+    });
+    if (!validPassword) {
+        await new Promise((resolve) => setTimeout(resolve, 500)); // delay to prevent brute force attacks
+        return next(
+            createHttpError(
+                HttpCode.BAD_REQUEST,
+                "The password you entered is incorrect",
+            ),
+        );
+    }
+
+    const session = await lucia.createSession(existingUser.id, {});
+    res.appendHeader(
+        "Set-Cookie",
+        lucia.createSessionCookie(session.id).serialize(),
+    );
+
+    return res.status(HttpCode.OK).send(
+        response<null>({
+            data: null,
+            success: true,
+            error: false,
+            message: "Logged in successfully",
+            status: HttpCode.OK,
+        }),
+    );
+}