import { error, redirect } from '@sveltejs/kit'; import bcrypt from 'bcryptjs'; import type { Actions } from './$types'; import { addYears } from 'date-fns'; import { collections } from '$lib/server/db'; export const actions: Actions = { default: async (event) => { const data = await event.request.formData(); if (!data || !data.get('email') || !data.get('password')) { throw error(400, 'Pas de login renseigné'); } const email = data.get('email')!.toString().trim(); const user = await collections.users.findOne( { email }, { collation: { locale: 'en', strength: 1 } } ); if (!user) { throw error(404, "Utilisateur non trouvé pour l'email: " + email); } const password = data.get('password')!.toString().trim(); if (!(await bcrypt.compare(password as string, user.hash))) { throw error(401, 'Mauvais mot de passe'); } let token = user.token; if (!token) { token = crypto.randomUUID(); await collections.users.updateOne({ _id: user._id }, { $set: { token } }); } event.cookies.set('bergereToken', token, { path: '/', sameSite: 'lax', secure: true, httpOnly: true, expires: addYears(new Date(), 3) }); if (event.url.searchParams.get('suivant')) { throw redirect(303, event.url.searchParams.get('suivant')!); } return { success: true }; } };