feat: authentication

server/api/auth/sign-in.post.ts

@@ -0,0 +1,17 @@
+import { z } from "zod";
+import { env } from "#server/env";
+
+const bodySchema = z.object({
+  username: z.string(),
+  password: z.string(),
+});
+
+export default defineEventHandler(async (event) => {
+  const body = await readValidatedBody(event, bodySchema.parse);
+
+  if (body.username !== env.ADMIN_USERNAME || body.password !== env.ADMIN_PASSWORD) {
+    throw createError({ statusCode: 401, message: "Invalid credentials" });
+  }
+
+  await setUserSession(event, { user: { username: body.username } });
+});