| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748 |
- // app/api/auth/login/route.js
- import { NextResponse } from "next/server";
- import jwt from "jsonwebtoken";
- import users from "@/data/users";
- export async function POST(request) {
- const { username, password } = await request.json();
- const user = users.find((u) => u.username === username);
- if (!user || user.password !== password) {
- return NextResponse.json(
- { error: "Invalid username or password" },
- { status: 401, headers: { "Cache-Control": "no-store" } }
- );
- }
- const token = jwt.sign(
- {
- username: user.username,
- niederlassungId: user.id,
- role: user.role,
- },
- process.env.JWT_SECRET,
- { expiresIn: "1h" }
- );
- const redirectUrl =
- user.role === "admin" ? "/admin-view" : `/niederlassung/${user.id}`;
- const response = NextResponse.json({
- message: "Login successful",
- redirectUrl,
- });
- response.headers.set("Cache-Control", "no-store");
- // `secure: false` setzen, um sicherzustellen, dass der Cookie über HTTP funktioniert
- response.cookies.set("authToken", token, {
- httpOnly: true,
- secure: false, // Deaktiviert, um sicherzustellen, dass es auch über HTTP funktioniert
- sameSite: "Strict",
- maxAge: 3600, // 1 Stunde
- path: "/",
- });
- return response;
- }
|
