move API routes as cleanup
This commit is contained in:
50
src/routes/api/user/register/+server.ts
Normal file
50
src/routes/api/user/register/+server.ts
Normal file
@ -0,0 +1,50 @@
|
||||
import type { RequestHandler } from '@sveltejs/kit';
|
||||
import { error } from '@sveltejs/kit';
|
||||
import { hash } from 'argon2';
|
||||
import { randomBytes } from 'crypto';
|
||||
import { ALLOW_REGISTRATION } from '$env/static/private';
|
||||
import { PEPPER } from '$env/static/private';
|
||||
|
||||
import { User } from '../../../../models/User';
|
||||
import { dbConnect, dbDisconnect } from '../../../../utils/db';
|
||||
|
||||
// header: use for bearer token for now
|
||||
// recipe json in body
|
||||
export const POST: RequestHandler = async ({request}) => {
|
||||
if(ALLOW_REGISTRATION){
|
||||
const {username, password} = await request.json()
|
||||
const salt = randomBytes(32).toString('hex'); // Generate a random salt
|
||||
|
||||
const pass_hash = await hashPassword(password + PEPPER, salt)
|
||||
await dbConnect();
|
||||
try{
|
||||
await User.create({
|
||||
username: username,
|
||||
pass_hash: pass_hash,
|
||||
salt: salt,
|
||||
access: [],
|
||||
})
|
||||
}catch(e){
|
||||
await dbDisconnect();
|
||||
throw error(400, e);
|
||||
}
|
||||
await dbDisconnect();
|
||||
return new Response(JSON.stringify({message: "User added successfully"}),
|
||||
{status: 200}
|
||||
);
|
||||
}
|
||||
else{
|
||||
throw error(401, "user registration currently closed")
|
||||
}
|
||||
|
||||
|
||||
};
|
||||
|
||||
async function hashPassword(password, salt) {
|
||||
try {
|
||||
const hashedPassword = await hash(password, salt); // Hash the password with the salt and pepper
|
||||
return hashedPassword;
|
||||
} catch (error) {
|
||||
console.error('Error hashing password:', error);
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user