jackmechem/server-dash
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Security key support

Browse source
This commit is contained in:
Jack Mechem 2026-05-01 14:33:52 -07:00
parent ede90f8c7f
commit c991fe7b6d
6 changed files with 384 additions and 47 deletions
Download patch file Download diff file Expand all files Collapse all files

16
app/api/auth/login/route.ts
View file

@ -1,14 +1,14 @@
import { NextRequest, NextResponse } from "next/server";
export async function POST(req: NextRequest) {
const { username, password, totp } = await req.json();
const { username, password } = await req.json();
const res = await fetch("http://localhost:3001/auth/login", {
method: "POST",
headers: {
Authorization:
"Basic " +
Buffer.from(`${username}:${password}${totp}`).toString("base64"),
Buffer.from(`${username}:${password}`).toString("base64"),
},
});
@ -16,14 +16,6 @@ export async function POST(req: NextRequest) {
return NextResponse.json({ error: "Invalid credentials" }, { status: 401 });
}
const { token } = await res.json();
const response = NextResponse.json({ success: true });
response.cookies.set("token", token, {
httpOnly: true,
secure: true,
sameSite: "strict",
maxAge: 60 * 60 * 8,
path: "/",
});
return response;
// Returns { session_id, challenge } — browser completes the WebAuthn step
return NextResponse.json(await res.json());
}