arithefirst/svchat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: Store session token in cookies

Browse Source
This commit is contained in:
April Hall 2025-02-09 20:55:39 -05:00
parent 37d13fd42b
commit fc4f482529
Signed by: arithefirst
GPG Key ID: 4508A15C4DB91C5B
2 changed files with 57 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
src/routes/login/+page.server.ts
View File

@ -1,9 +1,9 @@
import { dev } from '$app/environment';
import { auth } from '$lib/server/db/auth';
import { loginSchema } from '$lib/types/schema';
import { message, setError, superValidate, fail } from 'sveltekit-superforms';
import { fail, message, setError, superValidate } from 'sveltekit-superforms';
import { zod } from 'sveltekit-superforms/adapters';
import type { Actions } from './$types';
import { auth } from '$lib/server/db/auth';
import { APIError } from 'better-auth/api';
export const load = async () => {
const form = await superValidate(zod(loginSchema));
@ -11,7 +11,7 @@ export const load = async () => {
};
export const actions = {
login: async ({ request }) => {
login: async ({ request, cookies }) => {
const form = await superValidate(request, zod(loginSchema));
const email = form.data.email;
const password = form.data.password;
@ -20,22 +20,32 @@ export const actions = {
return fail(400, { form });
}
try {
await auth.api.signInEmail({
const signin = await auth.api.signInEmail({
body: {
email,
password,
},
asResponse: true,
});
} catch (e) {
if (e instanceof APIError) {
if (e.message === 'API Error: UNAUTHORIZED Invalid email or password') {
const setCookieHeader = signin.headers.get('set-cookie');
if (setCookieHeader) {
const parsedCookie = setCookieHeader.split(';')[0];
const [name, encodedValue] = parsedCookie.split('=');
// need to decode it first
const decodedValue = decodeURIComponent(encodedValue);
cookies.set(name, decodedValue, {
path: '/',
httpOnly: true,
sameSite: 'lax',
maxAge: 604800,
secure: !dev,
});
} else {
return setError(form, 'password', 'Invalid email or password', {
status: 401,
});
}
}
}
return message(form, 'Successfuly signed in.');
},

32
src/routes/signup/+page.server.ts
View File

@ -1,9 +1,9 @@
import { dev } from '$app/environment';
import { auth } from '$lib/server/db/auth';
import { signupSchema } from '$lib/types/schema';
import { message, setError, superValidate, fail } from 'sveltekit-superforms';
import { fail, message, setError, superValidate } from 'sveltekit-superforms';
import { zod } from 'sveltekit-superforms/adapters';
import type { Actions } from './$types';
import { auth } from '$lib/server/db/auth';
import { APIError } from 'better-auth/api';
export const load = async () => {
const form = await superValidate(zod(signupSchema));
@ -11,7 +11,7 @@ export const load = async () => {
};
export const actions = {
signup: async ({ request }) => {
signup: async ({ request, cookies }) => {
const form = await superValidate(request, zod(signupSchema));
const email = form.data.email;
const password = form.data.password;
@ -21,23 +21,33 @@ export const actions = {
return fail(400, { form });
}
try {
await auth.api.signUpEmail({
const signup = await auth.api.signUpEmail({
body: {
name,
email,
password,
},
asResponse: true,
});
} catch (e) {
if (e instanceof APIError) {
if (e.message === 'API Error: UNAUTHORIZED Invalid email or password') {
const setCookieHeader = signup.headers.get('set-cookie');
if (setCookieHeader) {
const parsedCookie = setCookieHeader.split(';')[0];
const [name, encodedValue] = parsedCookie.split('=');
// need to decode it first
const decodedValue = decodeURIComponent(encodedValue);
cookies.set(name, decodedValue, {
path: '/',
httpOnly: true,
sameSite: 'lax',
maxAge: 604800,
secure: !dev,
});
} else {
return setError(form, 'verify', 'Invalid email or password', {
status: 401,
});
}
}
}
return message(form, 'Successfuly signed in.');
},