FINISHED

src/pages/api/auth/login.ts

@@ -1,33 +1,37 @@
-import type { APIRoute } from 'astro';
-import { db } from '../../../db';
-import { users } from '../../../db/schema';
-import { verifyPassword, createSession } from '../../../lib/auth';
-import { eq } from 'drizzle-orm';
+import type { APIRoute } from "astro";
+import { db } from "../../../db";
+import { users } from "../../../db/schema";
+import { verifyPassword, createSession } from "../../../lib/auth";
+import { eq } from "drizzle-orm";
 
 export const POST: APIRoute = async ({ request, cookies, redirect }) => {
   const formData = await request.formData();
-  const email = formData.get('email')?.toString();
-  const password = formData.get('password')?.toString();
+  const email = formData.get("email")?.toString();
+  const password = formData.get("password")?.toString();
 
   if (!email || !password) {
-    return new Response('Missing fields', { status: 400 });
+    return redirect("/login?error=missing_fields");
   }
 
-  const user = await db.select().from(users).where(eq(users.email, email)).get();
+  const user = await db
+    .select()
+    .from(users)
+    .where(eq(users.email, email))
+    .get();
 
   if (!user || !(await verifyPassword(password, user.passwordHash))) {
-    return new Response('Invalid email or password', { status: 400 });
+    return redirect("/login?error=invalid_credentials");
   }
 
   const { sessionId, expiresAt } = await createSession(user.id);
 
-  cookies.set('session_id', sessionId, {
-    path: '/',
+  cookies.set("session_id", sessionId, {
+    path: "/",
     httpOnly: true,
     secure: import.meta.env.PROD,
-    sameSite: 'lax',
+    sameSite: "lax",
     expires: expiresAt,
   });
 
-  return redirect('/dashboard');
+  return redirect("/dashboard");
 };