fix: Store session token in cookies
This commit is contained in:
parent
37d13fd42b
commit
fc4f482529
GPG Key ID:
4508A15C4DB91C5B
@ -1,9 +1,9 @@
|
|||||||
|
import { dev } from '$app/environment';
|
||||||
|
import { auth } from '$lib/server/db/auth';
|
||||||
import { loginSchema } from '$lib/types/schema';
|
import { loginSchema } from '$lib/types/schema';
|
||||||
import { message, setError, superValidate, fail } from 'sveltekit-superforms';
|
import { fail, message, setError, superValidate } from 'sveltekit-superforms';
|
||||||
import { zod } from 'sveltekit-superforms/adapters';
|
import { zod } from 'sveltekit-superforms/adapters';
|
||||||
import type { Actions } from './$types';
|
import type { Actions } from './$types';
|
||||||
import { auth } from '$lib/server/db/auth';
|
|
||||||
import { APIError } from 'better-auth/api';
|
|
||||||
|
|
||||||
export const load = async () => {
|
export const load = async () => {
|
||||||
const form = await superValidate(zod(loginSchema));
|
const form = await superValidate(zod(loginSchema));
|
||||||
@ -11,7 +11,7 @@ export const load = async () => {
|
|||||||
};
|
};
|
||||||
|
|
||||||
export const actions = {
|
export const actions = {
|
||||||
login: async ({ request }) => {
|
login: async ({ request, cookies }) => {
|
||||||
const form = await superValidate(request, zod(loginSchema));
|
const form = await superValidate(request, zod(loginSchema));
|
||||||
const email = form.data.email;
|
const email = form.data.email;
|
||||||
const password = form.data.password;
|
const password = form.data.password;
|
||||||
@ -20,22 +20,32 @@ export const actions = {
|
|||||||
return fail(400, { form });
|
return fail(400, { form });
|
||||||
}
|
}
|
||||||
|
|
||||||
try {
|
const signin = await auth.api.signInEmail({
|
||||||
await auth.api.signInEmail({
|
|
||||||
body: {
|
body: {
|
||||||
email,
|
email,
|
||||||
password,
|
password,
|
||||||
},
|
},
|
||||||
|
asResponse: true,
|
||||||
});
|
});
|
||||||
} catch (e) {
|
|
||||||
if (e instanceof APIError) {
|
const setCookieHeader = signin.headers.get('set-cookie');
|
||||||
if (e.message === 'API Error: UNAUTHORIZED Invalid email or password') {
|
if (setCookieHeader) {
|
||||||
|
const parsedCookie = setCookieHeader.split(';')[0];
|
||||||
|
const [name, encodedValue] = parsedCookie.split('=');
|
||||||
|
// need to decode it first
|
||||||
|
const decodedValue = decodeURIComponent(encodedValue);
|
||||||
|
cookies.set(name, decodedValue, {
|
||||||
|
path: '/',
|
||||||
|
httpOnly: true,
|
||||||
|
sameSite: 'lax',
|
||||||
|
maxAge: 604800,
|
||||||
|
secure: !dev,
|
||||||
|
});
|
||||||
|
} else {
|
||||||
return setError(form, 'password', 'Invalid email or password', {
|
return setError(form, 'password', 'Invalid email or password', {
|
||||||
status: 401,
|
status: 401,
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
return message(form, 'Successfuly signed in.');
|
return message(form, 'Successfuly signed in.');
|
||||||
},
|
},
|
||||||
|
|||||||
@ -1,9 +1,9 @@
|
|||||||
|
import { dev } from '$app/environment';
|
||||||
|
import { auth } from '$lib/server/db/auth';
|
||||||
import { signupSchema } from '$lib/types/schema';
|
import { signupSchema } from '$lib/types/schema';
|
||||||
import { message, setError, superValidate, fail } from 'sveltekit-superforms';
|
import { fail, message, setError, superValidate } from 'sveltekit-superforms';
|
||||||
import { zod } from 'sveltekit-superforms/adapters';
|
import { zod } from 'sveltekit-superforms/adapters';
|
||||||
import type { Actions } from './$types';
|
import type { Actions } from './$types';
|
||||||
import { auth } from '$lib/server/db/auth';
|
|
||||||
import { APIError } from 'better-auth/api';
|
|
||||||
|
|
||||||
export const load = async () => {
|
export const load = async () => {
|
||||||
const form = await superValidate(zod(signupSchema));
|
const form = await superValidate(zod(signupSchema));
|
||||||
@ -11,7 +11,7 @@ export const load = async () => {
|
|||||||
};
|
};
|
||||||
|
|
||||||
export const actions = {
|
export const actions = {
|
||||||
signup: async ({ request }) => {
|
signup: async ({ request, cookies }) => {
|
||||||
const form = await superValidate(request, zod(signupSchema));
|
const form = await superValidate(request, zod(signupSchema));
|
||||||
const email = form.data.email;
|
const email = form.data.email;
|
||||||
const password = form.data.password;
|
const password = form.data.password;
|
||||||
@ -21,23 +21,33 @@ export const actions = {
|
|||||||
return fail(400, { form });
|
return fail(400, { form });
|
||||||
}
|
}
|
||||||
|
|
||||||
try {
|
const signup = await auth.api.signUpEmail({
|
||||||
await auth.api.signUpEmail({
|
|
||||||
body: {
|
body: {
|
||||||
name,
|
name,
|
||||||
email,
|
email,
|
||||||
password,
|
password,
|
||||||
},
|
},
|
||||||
|
asResponse: true,
|
||||||
});
|
});
|
||||||
} catch (e) {
|
|
||||||
if (e instanceof APIError) {
|
const setCookieHeader = signup.headers.get('set-cookie');
|
||||||
if (e.message === 'API Error: UNAUTHORIZED Invalid email or password') {
|
if (setCookieHeader) {
|
||||||
|
const parsedCookie = setCookieHeader.split(';')[0];
|
||||||
|
const [name, encodedValue] = parsedCookie.split('=');
|
||||||
|
// need to decode it first
|
||||||
|
const decodedValue = decodeURIComponent(encodedValue);
|
||||||
|
cookies.set(name, decodedValue, {
|
||||||
|
path: '/',
|
||||||
|
httpOnly: true,
|
||||||
|
sameSite: 'lax',
|
||||||
|
maxAge: 604800,
|
||||||
|
secure: !dev,
|
||||||
|
});
|
||||||
|
} else {
|
||||||
return setError(form, 'verify', 'Invalid email or password', {
|
return setError(form, 'verify', 'Invalid email or password', {
|
||||||
status: 401,
|
status: 401,
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
return message(form, 'Successfuly signed in.');
|
return message(form, 'Successfuly signed in.');
|
||||||
},
|
},
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user