admin Bereich korrigiert
This commit is contained in:
titver968
@@ -1,29 +1,59 @@
|
|||||||
import { json } from '@sveltejs/kit';
|
// src/routes/api/admin/login/+server.ts
|
||||||
import type { RequestHandler } from './$types';
|
import type { RequestHandler } from './$types';
|
||||||
import { PrismaClient } from '@prisma/client';
|
|
||||||
import bcrypt from 'bcryptjs';
|
import bcrypt from 'bcryptjs';
|
||||||
|
import { PrismaClient } from '@prisma/client';
|
||||||
|
|
||||||
const prisma = new PrismaClient();
|
const prisma = new PrismaClient();
|
||||||
|
|
||||||
|
//const ADMIN_PASSWORD_HASH = 'your-hashed-password-here'; // Ersetze mit deinem Hash
|
||||||
|
|
||||||
|
const adminRecord = await prisma.admin.findUnique({ where: { id: 1 } });
|
||||||
|
if (!adminRecord || !adminRecord.password) {
|
||||||
|
throw new Error('Admin password hash not found in database');
|
||||||
|
} else {
|
||||||
|
console.log('Admin password hash loaded successfully');
|
||||||
|
}
|
||||||
|
const ADMIN_PASSWORD_HASH = adminRecord.password;
|
||||||
|
|
||||||
export const POST: RequestHandler = async ({ request, cookies }) => {
|
export const POST: RequestHandler = async ({ request, cookies }) => {
|
||||||
const { passwort } = await request.json();
|
try {
|
||||||
|
const { passwort } = await request.json();
|
||||||
|
|
||||||
const admin = await prisma.admin.findUnique({ where: { id: 1 } });
|
if (!passwort) {
|
||||||
if (!admin) {
|
return new Response(
|
||||||
return json({ error: 'Kein Admin gefunden' }, { status: 500 });
|
JSON.stringify({ message: 'Passwort erforderlich' }),
|
||||||
|
{ status: 400, headers: { 'Content-Type': 'application/json' } }
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
// Hier solltest du den Hash aus der Datenbank oder Umgebungsvariable laden
|
||||||
|
const isValid = await bcrypt.compare(passwort, ADMIN_PASSWORD_HASH);
|
||||||
|
|
||||||
|
if (isValid) {
|
||||||
|
// Setze konsistenten Cookie-Namen
|
||||||
|
cookies.set('admin-auth', 'authenticated', {
|
||||||
|
path: '/',
|
||||||
|
httpOnly: true,
|
||||||
|
secure: process.env.NODE_ENV === 'production',
|
||||||
|
sameSite: 'strict',
|
||||||
|
maxAge: 60 * 60 * 24 // 24 Stunden
|
||||||
|
});
|
||||||
|
|
||||||
|
return new Response(
|
||||||
|
JSON.stringify({ success: true }),
|
||||||
|
{ status: 200, headers: { 'Content-Type': 'application/json' } }
|
||||||
|
);
|
||||||
|
} else {
|
||||||
|
return new Response(
|
||||||
|
JSON.stringify({ message: 'Falsches Passwort' }),
|
||||||
|
{ status: 401, headers: { 'Content-Type': 'application/json' } }
|
||||||
|
);
|
||||||
|
}
|
||||||
|
} catch (error) {
|
||||||
|
console.error('Login error:', error);
|
||||||
|
return new Response(
|
||||||
|
JSON.stringify({ message: 'Serverfehler' }),
|
||||||
|
{ status: 500, headers: { 'Content-Type': 'application/json' } }
|
||||||
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
const isValid = await bcrypt.compare(passwort, admin.password);
|
|
||||||
if (!isValid) {
|
|
||||||
return json({ error: 'Falsches Passwort' }, { status: 401 });
|
|
||||||
}
|
|
||||||
|
|
||||||
cookies.set('admin_session', 'true', {
|
|
||||||
path: '/',
|
|
||||||
httpOnly: true,
|
|
||||||
sameSite: 'strict',
|
|
||||||
maxAge: 60 * 60 * 4 // 4 Stunden
|
|
||||||
});
|
|
||||||
|
|
||||||
return json({ success: true });
|
|
||||||
};
|
};
|
||||||
Reference in New Issue
Block a user