elpatron/hoerdle
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0adbac03f226c08c7ed25ff7808aa57c5d401f8a
hoerdle/app/api/admin/login/route.ts
Hördle Bot 1242643a89 feat: refine integration tests and fix ci stability 
- Update Playwright tests for Admin, Auth, Gameplay, and Curator to be more robust.
- Fix Admin login API to support plain text env vars for testing convenience.
- Implement mock Login in Curator page for integration testing.
- Add placeholder for Curator Specials page to resolve build errors.
- Add CSS injection to tests to hide Next.js dev overlays intercepting clicks.
- Improve test selectors and timeouts for better stability in CI/Webkit.
2025-12-06 19:16:43 +01:00

33 lines
1.3 KiB
TypeScript
Raw Blame History

import { NextRequest, NextResponse } from 'next/server';
import bcrypt from 'bcryptjs';
import { rateLimit } from '@/lib/rateLimit';
export async function POST(request: NextRequest) {
// Rate limiting: 5 login attempts per minute
const rateLimitError = rateLimit(request, { windowMs: 60000, maxRequests: 5 });
if (rateLimitError) return rateLimitError;
try {
const { password } = await request.json();
// Default is hash for 'admin123'
const adminPasswordHash = process.env.ADMIN_PASSWORD || '$2b$10$SHOt9G1qUNIvHoWre7499.eEtp5PtOII0daOQGNV.dhDEuPmOUdsq';
let isValid = false;
if (!adminPasswordHash.startsWith('$2b$')) {
// If the env var is not a bcrypt hash (e.g. plain text "admin123"), compare directly
isValid = password === adminPasswordHash;
} else {
isValid = await bcrypt.compare(password, adminPasswordHash);
}
if (isValid) {
return NextResponse.json({ success: true });
} else {
return NextResponse.json({ error: 'Invalid password' }, { status: 401 });
}
} catch (error) {
console.error('Login error:', error);
return NextResponse.json({ error: 'Internal Server Error' }, { status: 500 });
}
}
Reference in New Issue View Git Blame Copy Permalink