Enrollment + almost all auth

2026-01-03 20:18:39 +00:00
parent 0ad2451dd4
commit a0ed517047
40 changed files with 3559 additions and 31 deletions
--- a/app/api/login/route.ts
+++ b/app/api/login/route.ts
@@ -1,9 +1,7 @@
 import { NextResponse } from "next/server";
 import bcrypt from "bcrypt";
 import { prisma } from "@/lib/prisma";
-
-const COOKIE_NAME = "mis_session";
-const SESSION_DAYS = 7;
+import { buildSessionCookieOptions, COOKIE_NAME, SESSION_DAYS } from "@/lib/auth/sessionCookie";

 export async function POST(req: Request) {
  const body = await req.json().catch(() => ({}));
@@ -20,6 +18,10 @@ export async function POST(req: Request) {
    return NextResponse.json({ ok: false, error: "Invalid credentials" }, { status: 401 });
  }

+  if (!user.emailVerifiedAt) {
+    return NextResponse.json({ ok: false, error: "Email not verified" }, { status: 403 });
+  }
+
  const ok = await bcrypt.compare(password, user.passwordHash);
  if (!ok) {
    return NextResponse.json({ ok: false, error: "Invalid credentials" }, { status: 401 });
@@ -47,14 +49,7 @@ export async function POST(req: Request) {
  });

  const res = NextResponse.json({ ok: true, next });
-
-  res.cookies.set(COOKIE_NAME, session.id, {
-    httpOnly: true,
-    sameSite: "lax",
-    secure: false, // set true once HTTPS only
-    path: "/",
-    maxAge: SESSION_DAYS * 24 * 60 * 60,
-  });
+  res.cookies.set(COOKIE_NAME, session.id, buildSessionCookieOptions(req));

  return res;
 }