From a0639f6094de15d2a375184b9a15d7509a1061ca Mon Sep 17 00:00:00 2001
From: Christian Risi <75698846+CnF-Gris@users.noreply.github.com>
Date: Mon, 30 Jun 2025 11:57:04 +0000
Subject: [PATCH] Added Routes to permit user login and registration

---
 src/routes/api/login/+server.ts    |  96 ++++++++++++++++++++++++++
 src/routes/api/register/+server.ts | 107 +++++++++++++++++++++++++++++
 2 files changed, 203 insertions(+)
 create mode 100644 src/routes/api/login/+server.ts
 create mode 100644 src/routes/api/register/+server.ts

diff --git a/src/routes/api/login/+server.ts b/src/routes/api/login/+server.ts
new file mode 100644
index 0000000..4a70f0b
--- /dev/null
+++ b/src/routes/api/login/+server.ts
@@ -0,0 +1,96 @@
+import { error, json, text, type Cookies } from '@sveltejs/kit';
+import type { RequestHandler } from './$types';
+import { UserApp } from '$lib/classes/users';
+import { SessionApp } from '$lib/classes/sessions';
+import { AppData } from '$lib/classes/app-sessions';
+
+/***********************************************************
+ * 
+ * Author: Christian Risi 26/06/2025
+ * 
+ * 
+ * 
+ * 
+***********************************************************/
+
+export const POST: RequestHandler = async ({ request, locals, cookies }) => {
+
+    const req: Request = request
+    const local: App.Locals = locals
+    const cookie: Cookies = cookies
+
+    const session = local.session
+
+    if (session) {
+        // The user is providing valid credentials
+        // https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/403
+        return error(403, "Forbidden")
+    }
+
+
+    let userJson: { username: string, password: string }
+    let tmpJSON: any
+
+    try {
+        const tmpJson = await req.json()
+    } catch {
+        return error(400, "Bad Request")
+    }
+
+    if (!tmpJSON.username || !tmpJSON.password) {
+        return error(400, "Bad Request")
+    }
+
+    userJson = tmpJSON
+
+    // If this fails, should be a 500
+    const user = await UserApp.getUser(
+        userJson.username,
+        userJson.password
+    )
+
+    if (!user) {
+        return error(400, "The provided credentials are not correct")
+    }
+
+    const oldSession = SessionApp.getSessionFromUserID(
+        user.userID
+    )
+
+    // Iw we have no session, then probably a 500?
+    if (!oldSession) {
+        return error(500, "Internal Server Error")
+    }
+
+    const sessionCookie = await new AppData(
+        oldSession,
+        user
+    ).toCookie()
+
+    cookie.set(
+        "session",
+        sessionCookie,
+        {
+            path: "/"
+        }
+    )
+    
+    return text("OK")
+}
+
+
+export const fallback: RequestHandler = async ({ }) => {
+
+    // TODO: return method not allowed
+    const res = new Response(
+        null,
+        {
+            status: 405,
+            statusText: "Method Not Allowed",
+            headers: {
+                Allow: "POST"
+            }
+        }
+    )
+    return res
+};
\ No newline at end of file
diff --git a/src/routes/api/register/+server.ts b/src/routes/api/register/+server.ts
new file mode 100644
index 0000000..8ae0abc
--- /dev/null
+++ b/src/routes/api/register/+server.ts
@@ -0,0 +1,107 @@
+import { error, json, text, type Cookies } from '@sveltejs/kit';
+import type { RequestHandler } from './$types';
+import { UserApp, User } from '$lib/classes/users';
+import { SessionApp, Session } from '$lib/classes/sessions';
+import { AppData } from '$lib/classes/app-sessions';
+
+/***********************************************************
+ * 
+ * Author: Christian Risi 26/06/2025
+ * 
+ * 
+ * 
+ * 
+***********************************************************/
+
+export const POST: RequestHandler = async ({ request, locals, cookies }) => {
+
+    const req: Request = request
+    const local: App.Locals = locals
+    const cookie: Cookies = cookies
+
+    const session = local.session
+
+    if (session) {
+        // The user is providing valid credentials
+        // https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/403
+        return error(403, "Forbidden")
+    }
+
+
+    let userJson: { username: string, password: string }
+    let tmpJSON: any
+
+    try {
+        const tmpJson = await req.json()
+    } catch {
+        return error(400, "Bad Request")
+    }
+
+    if (!tmpJSON.username || !tmpJSON.password) {
+        return error(400, "Bad Request")
+    }
+
+    userJson = tmpJSON
+
+    // If this fails, should be a 400?
+    let user: User
+    try {
+        user = await UserApp.createUser(
+            userJson.username,
+            userJson.password
+        )
+    } catch {
+        return error(400, "The user already exists")
+    }
+
+
+    let newSession
+    try {
+        newSession = SessionApp.createSessionFromUserID(
+            user.userID
+        )
+    } catch {
+        return error(500, "Internal Server Error")
+    }
+
+
+    const sessionCookie = await new AppData(
+        newSession,
+        user
+    ).toCookie()
+
+    cookie.set(
+        "session",
+        sessionCookie,
+        {
+            path: "/"
+        }
+    )
+
+    const res = new Response(
+        null,
+        {
+            status: 201,
+            statusText: "Created",
+        }
+    )
+
+    return res
+
+}
+
+export const fallback: RequestHandler = async ({ request }) => {
+
+    // TODO: return method not allowed
+    const res = new Response(
+        null,
+        {
+            status: 405,
+            statusText: "Method Not Allowed",
+            headers: {
+                Allow: "POST"
+            }
+        }
+    )
+    return res
+};
\ No newline at end of file