feat(auth): add login server action with validation and redirect

POSTs to /v1/auth/login, validates email/password server-side, redirects to ?redirect param or /planner on success. Returns generic error on bad credentials to prevent enumeration. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-02 16:20:02 +02:00
parent c27c97ff7d
commit 73acc0c638
2 changed files with 161 additions and 0 deletions
--- a/frontend/src/routes/(public)/login/+page.server.ts
+++ b/frontend/src/routes/(public)/login/+page.server.ts
@@ -0,0 +1,41 @@
+import { redirect, fail } from '@sveltejs/kit';
+import { apiClient } from '$lib/server/api';
+import type { Actions } from './$types';
+
+export const actions = {
+	default: async ({ request, url, fetch }) => {
+		const formData = await request.formData();
+		const email = (formData.get('email') ?? '').toString().trim();
+		const password = (formData.get('password') ?? '').toString();
+
+		const errors: Record<string, string> = {};
+
+		const emailPattern = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
+		if (!emailPattern.test(email)) {
+			errors.email = 'Ungültige E-Mail-Adresse';
+		}
+
+		if (!password) {
+			errors.password = 'Passwort ist erforderlich';
+		}
+
+		if (Object.keys(errors).length > 0) {
+			return fail(400, { errors, email });
+		}
+
+		const api = apiClient(fetch);
+		const { error } = await api.POST('/v1/auth/login', {
+			body: { email, password }
+		});
+
+		if (error) {
+			return fail(400, {
+				errors: { form: 'E-Mail oder Passwort ist falsch.' },
+				email
+			});
+		}
+
+		const redirectTo = url.searchParams.get('redirect') || '/planner';
+		redirect(303, redirectTo);
+	}
+} satisfies Actions;