Tools/SSL-Sniffer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added Routes to permit user login and registration

Browse Source
This commit is contained in:
Christian Risi 2025-06-30 11:57:04 +00:00
parent 4b63a236a3
commit a0639f6094
2 changed files with 203 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

96
src/routes/api/login/+server.ts Normal file
View File

@ -0,0 +1,96 @@
import { error, json, text, type Cookies } from '@sveltejs/kit';
import type { RequestHandler } from './$types';
import { UserApp } from '$lib/classes/users';
import { SessionApp } from '$lib/classes/sessions';
import { AppData } from '$lib/classes/app-sessions';
/***********************************************************
*
* Author: Christian Risi 26/06/2025
*
*
*
*
***********************************************************/
export const POST: RequestHandler = async ({ request, locals, cookies }) => {
const req: Request = request
const local: App.Locals = locals
const cookie: Cookies = cookies
const session = local.session
if (session) {
// The user is providing valid credentials
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/403
return error(403, "Forbidden")
}
let userJson: { username: string, password: string }
let tmpJSON: any
try {
const tmpJson = await req.json()
} catch {
return error(400, "Bad Request")
}
if (!tmpJSON.username || !tmpJSON.password) {
return error(400, "Bad Request")
}
userJson = tmpJSON
// If this fails, should be a 500
const user = await UserApp.getUser(
userJson.username,
userJson.password
)
if (!user) {
return error(400, "The provided credentials are not correct")
}
const oldSession = SessionApp.getSessionFromUserID(
user.userID
)
// Iw we have no session, then probably a 500?
if (!oldSession) {
return error(500, "Internal Server Error")
}
const sessionCookie = await new AppData(
oldSession,
user
).toCookie()
cookie.set(
"session",
sessionCookie,
{
path: "/"
}
)
return text("OK")
}
export const fallback: RequestHandler = async ({ }) => {
// TODO: return method not allowed
const res = new Response(
null,
{
status: 405,
statusText: "Method Not Allowed",
headers: {
Allow: "POST"
}
}
)
return res
};

107
src/routes/api/register/+server.ts Normal file
View File

@ -0,0 +1,107 @@
import { error, json, text, type Cookies } from '@sveltejs/kit';
import type { RequestHandler } from './$types';
import { UserApp, User } from '$lib/classes/users';
import { SessionApp, Session } from '$lib/classes/sessions';
import { AppData } from '$lib/classes/app-sessions';
/***********************************************************
*
* Author: Christian Risi 26/06/2025
*
*
*
*
***********************************************************/
export const POST: RequestHandler = async ({ request, locals, cookies }) => {
const req: Request = request
const local: App.Locals = locals
const cookie: Cookies = cookies
const session = local.session
if (session) {
// The user is providing valid credentials
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/403
return error(403, "Forbidden")
}
let userJson: { username: string, password: string }
let tmpJSON: any
try {
const tmpJson = await req.json()
} catch {
return error(400, "Bad Request")
}
if (!tmpJSON.username || !tmpJSON.password) {
return error(400, "Bad Request")
}
userJson = tmpJSON
// If this fails, should be a 400?
let user: User
try {
user = await UserApp.createUser(
userJson.username,
userJson.password
)
} catch {
return error(400, "The user already exists")
}
let newSession
try {
newSession = SessionApp.createSessionFromUserID(
user.userID
)
} catch {
return error(500, "Internal Server Error")
}
const sessionCookie = await new AppData(
newSession,
user
).toCookie()
cookie.set(
"session",
sessionCookie,
{
path: "/"
}
)
const res = new Response(
null,
{
status: 201,
statusText: "Created",
}
)
return res
}
export const fallback: RequestHandler = async ({ request }) => {
// TODO: return method not allowed
const res = new Response(
null,
{
status: 405,
statusText: "Method Not Allowed",
headers: {
Allow: "POST"
}
}
)
return res
};