Added Routes to permit user login and registration

2025-06-30 11:57:04 +00:00 · 2025-06-30 11:57:04 +00:00 · a0639f6094
commit a0639f6094
parent 4b63a236a3
2 changed files with 203 additions and 0 deletions
--- a/src/routes/api/login/+server.ts
+++ b/src/routes/api/login/+server.ts
@ -0,0 +1,96 @@
+import { error, json, text, type Cookies } from '@sveltejs/kit';
+import type { RequestHandler } from './$types';
+import { UserApp } from '$lib/classes/users';
+import { SessionApp } from '$lib/classes/sessions';
+import { AppData } from '$lib/classes/app-sessions';
+
+/***********************************************************
+ * 
+ * Author: Christian Risi 26/06/2025
+ * 
+ * 
+ * 
+ * 
+***********************************************************/
+
+export const POST: RequestHandler = async ({ request, locals, cookies }) => {
+
+    const req: Request = request
+    const local: App.Locals = locals
+    const cookie: Cookies = cookies
+
+    const session = local.session
+
+    if (session) {
+        // The user is providing valid credentials
+        // https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/403
+        return error(403, "Forbidden")
+    }
+
+
+    let userJson: { username: string, password: string }
+    let tmpJSON: any
+
+    try {
+        const tmpJson = await req.json()
+    } catch {
+        return error(400, "Bad Request")
+    }
+
+    if (!tmpJSON.username || !tmpJSON.password) {
+        return error(400, "Bad Request")
+    }
+
+    userJson = tmpJSON
+
+    // If this fails, should be a 500
+    const user = await UserApp.getUser(
+        userJson.username,
+        userJson.password
+    )
+
+    if (!user) {
+        return error(400, "The provided credentials are not correct")
+    }
+
+    const oldSession = SessionApp.getSessionFromUserID(
+        user.userID
+    )
+
+    // Iw we have no session, then probably a 500?
+    if (!oldSession) {
+        return error(500, "Internal Server Error")
+    }
+
+    const sessionCookie = await new AppData(
+        oldSession,
+        user
+    ).toCookie()
+
+    cookie.set(
+        "session",
+        sessionCookie,
+        {
+            path: "/"
+        }
+    )
+    
+    return text("OK")
+}
+
+
+export const fallback: RequestHandler = async ({ }) => {
+
+    // TODO: return method not allowed
+    const res = new Response(
+        null,
+        {
+            status: 405,
+            statusText: "Method Not Allowed",
+            headers: {
+                Allow: "POST"
+            }
+        }
+    )
+    return res
+};
--- a/src/routes/api/register/+server.ts
+++ b/src/routes/api/register/+server.ts
@ -0,0 +1,107 @@
+import { error, json, text, type Cookies } from '@sveltejs/kit';
+import type { RequestHandler } from './$types';
+import { UserApp, User } from '$lib/classes/users';
+import { SessionApp, Session } from '$lib/classes/sessions';
+import { AppData } from '$lib/classes/app-sessions';
+
+/***********************************************************
+ * 
+ * Author: Christian Risi 26/06/2025
+ * 
+ * 
+ * 
+ * 
+***********************************************************/
+
+export const POST: RequestHandler = async ({ request, locals, cookies }) => {
+
+    const req: Request = request
+    const local: App.Locals = locals
+    const cookie: Cookies = cookies
+
+    const session = local.session
+
+    if (session) {
+        // The user is providing valid credentials
+        // https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/403
+        return error(403, "Forbidden")
+    }
+
+
+    let userJson: { username: string, password: string }
+    let tmpJSON: any
+
+    try {
+        const tmpJson = await req.json()
+    } catch {
+        return error(400, "Bad Request")
+    }
+
+    if (!tmpJSON.username || !tmpJSON.password) {
+        return error(400, "Bad Request")
+    }
+
+    userJson = tmpJSON
+
+    // If this fails, should be a 400?
+    let user: User
+    try {
+        user = await UserApp.createUser(
+            userJson.username,
+            userJson.password
+        )
+    } catch {
+        return error(400, "The user already exists")
+    }
+
+
+    let newSession
+    try {
+        newSession = SessionApp.createSessionFromUserID(
+            user.userID
+        )
+    } catch {
+        return error(500, "Internal Server Error")
+    }
+
+
+    const sessionCookie = await new AppData(
+        newSession,
+        user
+    ).toCookie()
+
+    cookie.set(
+        "session",
+        sessionCookie,
+        {
+            path: "/"
+        }
+    )
+
+    const res = new Response(
+        null,
+        {
+            status: 201,
+            statusText: "Created",
+        }
+    )
+
+    return res
+
+}
+
+export const fallback: RequestHandler = async ({ request }) => {
+
+    // TODO: return method not allowed
+    const res = new Response(
+        null,
+        {
+            status: 405,
+            statusText: "Method Not Allowed",
+            headers: {
+                Allow: "POST"
+            }
+        }
+    )
+    return res
+};