First pass

src/pages/api/auth/login.ts

@@ -0,0 +1,33 @@
+import type { APIRoute } from 'astro';
+import { db } from '../../../db';
+import { users } from '../../../db/schema';
+import { verifyPassword, createSession } from '../../../lib/auth';
+import { eq } from 'drizzle-orm';
+
+export const POST: APIRoute = async ({ request, cookies, redirect }) => {
+  const formData = await request.formData();
+  const email = formData.get('email')?.toString();
+  const password = formData.get('password')?.toString();
+
+  if (!email || !password) {
+    return new Response('Missing fields', { status: 400 });
+  }
+
+  const user = await db.select().from(users).where(eq(users.email, email)).get();
+
+  if (!user || !(await verifyPassword(password, user.passwordHash))) {
+    return new Response('Invalid email or password', { status: 400 });
+  }
+
+  const { sessionId, expiresAt } = await createSession(user.id);
+
+  cookies.set('session_id', sessionId, {
+    path: '/',
+    httpOnly: true,
+    secure: import.meta.env.PROD,
+    sameSite: 'lax',
+    expires: expiresAt,
+  });
+
+  return redirect('/dashboard');
+};