Marcel Raddatz
61249af086
- Add secure: true to cookies.set() in login and signup actions - Add tests verifying JSESSIONID is forwarded to browser on successful login and signup Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
52 lines
1.5 KiB
TypeScript
52 lines
1.5 KiB
TypeScript
import { redirect, fail } from '@sveltejs/kit';
|
|
import { apiClient } from '$lib/server/api';
|
|
import type { Actions } from './$types';
|
|
|
|
export const actions = {
|
|
default: async ({ request, fetch, cookies }) => {
|
|
const formData = await request.formData();
|
|
const displayName = (formData.get('displayName') ?? '').toString().trim();
|
|
const email = (formData.get('email') ?? '').toString().trim();
|
|
const password = (formData.get('password') ?? '').toString();
|
|
|
|
const errors: Record<string, string> = {};
|
|
|
|
if (!displayName) {
|
|
errors.displayName = 'Name ist erforderlich';
|
|
}
|
|
|
|
const emailPattern = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
|
|
if (!emailPattern.test(email)) {
|
|
errors.email = 'Ungültige E-Mail-Adresse';
|
|
}
|
|
|
|
if (password.length < 8) {
|
|
errors.password = 'Mindestens 8 Zeichen';
|
|
}
|
|
|
|
if (Object.keys(errors).length > 0) {
|
|
return fail(400, { errors, displayName, email });
|
|
}
|
|
|
|
const api = apiClient(fetch);
|
|
const { error, response } = await api.POST('/v1/auth/signup', {
|
|
body: { displayName, email, password }
|
|
});
|
|
|
|
if (error) {
|
|
return fail(400, {
|
|
errors: { form: 'Registrierung fehlgeschlagen. Bitte versuche es erneut.' },
|
|
displayName,
|
|
email
|
|
});
|
|
}
|
|
|
|
const sessionId = response.headers.get('set-cookie')?.match(/JSESSIONID=([^;]+)/i)?.[1];
|
|
if (sessionId) {
|
|
cookies.set('JSESSIONID', sessionId, { path: '/', httpOnly: true, sameSite: 'lax', secure: true });
|
|
}
|
|
|
|
throw redirect(303, '/household/setup');
|
|
}
|
|
} satisfies Actions;
|