diff options
Diffstat (limited to 'app/Controllers/Http/Dashboard/LoginController.ts')
-rw-r--r-- | app/Controllers/Http/Dashboard/LoginController.ts | 81 |
1 files changed, 81 insertions, 0 deletions
diff --git a/app/Controllers/Http/Dashboard/LoginController.ts b/app/Controllers/Http/Dashboard/LoginController.ts new file mode 100644 index 0000000..ffb9eeb --- /dev/null +++ b/app/Controllers/Http/Dashboard/LoginController.ts | |||
@@ -0,0 +1,81 @@ | |||
1 | import type { HttpContextContract } from '@ioc:Adonis/Core/HttpContext'; | ||
2 | import { schema, rules, validator } from '@ioc:Adonis/Core/Validator'; | ||
3 | import User from 'App/Models/User'; | ||
4 | import crypto from 'node:crypto'; | ||
5 | import { handleVerifyAndReHash } from '../../../../helpers/PasswordHash'; | ||
6 | |||
7 | export default class LoginController { | ||
8 | /** | ||
9 | * Display the login form | ||
10 | */ | ||
11 | public async show({ view }: HttpContextContract) { | ||
12 | return view.render('dashboard/login'); | ||
13 | } | ||
14 | |||
15 | /** | ||
16 | * Login a user | ||
17 | */ | ||
18 | public async login({ | ||
19 | request, | ||
20 | response, | ||
21 | auth, | ||
22 | session, | ||
23 | }: HttpContextContract) { | ||
24 | try { | ||
25 | await validator.validate({ | ||
26 | schema: schema.create({ | ||
27 | mail: schema.string([rules.email(), rules.required()]), | ||
28 | password: schema.string([rules.required()]), | ||
29 | }), | ||
30 | data: request.only(['mail', 'password']), | ||
31 | }); | ||
32 | } catch { | ||
33 | session.flash({ | ||
34 | type: 'danger', | ||
35 | message: 'Invalid mail or password', | ||
36 | }); | ||
37 | session.flashExcept(['password']); | ||
38 | |||
39 | return response.redirect('/user/login'); | ||
40 | } | ||
41 | |||
42 | try { | ||
43 | const { mail, password } = request.all(); | ||
44 | |||
45 | // Check if user with email exists | ||
46 | const user = await User.query().where('email', mail).first(); | ||
47 | if (!user?.email) { | ||
48 | throw new Error('User credentials not valid (Invalid email)'); | ||
49 | } | ||
50 | |||
51 | const hashedPassword = crypto | ||
52 | .createHash('sha256') | ||
53 | .update(password) | ||
54 | .digest('base64'); | ||
55 | |||
56 | // Verify password | ||
57 | let isMatchedPassword = false; | ||
58 | try { | ||
59 | isMatchedPassword = await handleVerifyAndReHash(user, hashedPassword); | ||
60 | } catch (error) { | ||
61 | return response.internalServerError({ message: error.message }); | ||
62 | } | ||
63 | |||
64 | if (!isMatchedPassword) { | ||
65 | throw new Error('User credentials not valid (Invalid password)'); | ||
66 | } | ||
67 | |||
68 | await auth.use('web').login(user); | ||
69 | |||
70 | return response.redirect('/user/account'); | ||
71 | } catch { | ||
72 | session.flash({ | ||
73 | type: 'danger', | ||
74 | message: 'Invalid mail or password', | ||
75 | }); | ||
76 | session.flashExcept(['password']); | ||
77 | |||
78 | return response.redirect('/user/login'); | ||
79 | } | ||
80 | } | ||
81 | } | ||