website/src/routes/admin/login/+server.ts

import type { RequestHandler } from '@sveltejs/kit';
import { Admin } from '$lib/server/database';
import { env as publicEnv } from '$env/dynamic/public';
import { env } from '$env/dynamic/private';
import { addSession } from '$lib/server/session';

export const POST = (async ({ request, cookies }) => {
	const data = await request.formData();
	const username = data.get('username') as string | null;
	const password = data.get('password') as string | null;

	if (username == null || password == null) {
		return new Response(null, {
			status: 403
		});
	}

	if (
		env.ADMIN_USER &&
		env.ADMIN_PASSWORD &&
		username == env.ADMIN_USER &&
		password == env.ADMIN_PASSWORD
	) {
		cookies.set('session', addSession(), {
			path: `${publicEnv.PUBLIC_BASE_PATH}/admin`,
			maxAge: 60 * 60 * 24 * 90,
			httpOnly: true,
			secure: true
		});
		return new Response();
	}

	const user = await Admin.findOne({ where: { username: username } });
	if (user && user.validatePassword(password)) {
		cookies.set('session', addSession(), {
			path: `${publicEnv.PUBLIC_BASE_PATH}/admin`,
			maxAge: 60 * 60 * 24 * 90,
			httpOnly: true,
			secure: true
		});
		return new Response();
	} else {
		return new Response(null, {
			status: 403
		});
	}
}) satisfies RequestHandler;