mirror of
https://github.com/kremalicious/umami.git
synced 2025-02-14 21:10:34 +01:00
8732d056dd
* Initial Typescript models. * Re-add realtime data * get distinct sessions for session metrics * Add queries for new schema. * Fix Typo. * Add some api/team endpoints. * Fix destructure error. * Fix getWebsites call. * Ignore typescript build errors. * Fix enum issue. * add clickhouse route to deleteWebsite * Fix Website auth. * Updated lint-staged config. * Add permission checks. * Add user role api. * Fix error when updating website. * Fix isAdmin check. Fix Schema. * Initial conversion to react-basics. * Remove user/team transfer from website update. * delete website in relational query * Fix login secure token creation. * Add event type to event. * Allow user to be added to team with role. * Updated login form. * Add Role to TeamUser. * Add database migration. * Refactored permissions check. Updated redis lib. * Feat/um 114 roles and permissions (#1683) * Auth checkpoint. * Merge branch 'dev' into feat/um-114-roles-and-permissions * Add 02 migration. * Added lib/types. * Updated schema. * Updated roles and permissions logic. * Implement react-basics styles. Fix queries. * Update website details layout. * Add 01 migration. * Fix admin create. * Update react-basics. Co-authored-by: Francis Cao <franciscao@gmail.com> Co-authored-by: Mike Cao <mike@mikecao.com> Co-authored-by: Mike Cao <moocao@gmail.com>
60 lines
1.3 KiB
TypeScript
60 lines
1.3 KiB
TypeScript
import {
|
|
ok,
|
|
unauthorized,
|
|
badRequest,
|
|
checkPassword,
|
|
createSecureToken,
|
|
methodNotAllowed,
|
|
getRandomChars,
|
|
} from 'next-basics';
|
|
import { getUser, User } from 'queries';
|
|
import { secret } from 'lib/crypto';
|
|
import redis from 'lib/redis';
|
|
import { NextApiRequestQueryBody } from 'lib/types';
|
|
import { NextApiResponse } from 'next';
|
|
|
|
export interface LoginRequestBody {
|
|
username: string;
|
|
password: string;
|
|
}
|
|
|
|
export interface LoginResponse {
|
|
token: string;
|
|
user: User;
|
|
}
|
|
|
|
export default async (
|
|
req: NextApiRequestQueryBody<any, LoginRequestBody>,
|
|
res: NextApiResponse<LoginResponse>,
|
|
) => {
|
|
if (req.method === 'POST') {
|
|
const { username, password } = req.body;
|
|
|
|
if (!username || !password) {
|
|
return badRequest(res);
|
|
}
|
|
|
|
const user = await getUser({ username }, { includePassword: true });
|
|
|
|
if (user && checkPassword(password, user.password)) {
|
|
if (redis.enabled) {
|
|
const key = `auth:${getRandomChars(32)}`;
|
|
|
|
await redis.set(key, user);
|
|
|
|
const token = createSecureToken({ key }, secret());
|
|
|
|
return ok(res, { token, user });
|
|
}
|
|
|
|
const token = createSecureToken(user.id, secret());
|
|
|
|
return ok(res, { token, user });
|
|
}
|
|
|
|
return unauthorized(res, 'Incorrect username and/or password.');
|
|
}
|
|
|
|
return methodNotAllowed(res);
|
|
};
|