pihka-al/server/api/auth/sign-in.post.ts

import { z } from "zod";
import { env } from "#server/env";

const bodySchema = z.object({
  username: z.string(),
  password: z.string(),
});

export default defineEventHandler(async (event) => {
  const body = await readValidatedBody(event, bodySchema.parse);

  if (body.username !== env.ADMIN_USERNAME || body.password !== env.ADMIN_PASSWORD) {
    throw createError({ statusCode: 401, message: "Invalid credentials" });
  }

  await setUserSession(event, { user: { username: body.username } });
});