feat: authentication

2026-03-25 16:04:40 +01:00
parent a935d61531
commit 5ca59b205e
11 changed files with 256 additions and 7 deletions
--- a/server/api/auth/sign-in.post.ts
+++ b/server/api/auth/sign-in.post.ts
@@ -0,0 +1,17 @@
+import { z } from "zod";
+import { env } from "#server/env";
+
+const bodySchema = z.object({
+  username: z.string(),
+  password: z.string(),
+});
+
+export default defineEventHandler(async (event) => {
+  const body = await readValidatedBody(event, bodySchema.parse);
+
+  if (body.username !== env.ADMIN_USERNAME || body.password !== env.ADMIN_PASSWORD) {
+    throw createError({ statusCode: 401, message: "Invalid credentials" });
+  }
+
+  await setUserSession(event, { user: { username: body.username } });
+});
--- a/server/api/auth/sign-out.post.ts
+++ b/server/api/auth/sign-out.post.ts
@@ -0,0 +1,3 @@
+export default defineEventHandler(async (event) => {
+  await clearUserSession(event);
+});