27 lines
1.0 KiB
TypeScript
27 lines
1.0 KiB
TypeScript
import { NextRequest, NextResponse } from 'next/server';
|
|
import bcrypt from 'bcryptjs';
|
|
import { rateLimit } from '@/lib/rateLimit';
|
|
|
|
export async function POST(request: NextRequest) {
|
|
// Rate limiting: 5 login attempts per minute
|
|
const rateLimitError = rateLimit(request, { windowMs: 60000, maxRequests: 5 });
|
|
if (rateLimitError) return rateLimitError;
|
|
|
|
try {
|
|
const { password } = await request.json();
|
|
// Default is hash for 'admin123'
|
|
const adminPasswordHash = process.env.ADMIN_PASSWORD || '$2b$10$SHOt9G1qUNIvHoWre7499.eEtp5PtOII0daOQGNV.dhDEuPmOUdsq';
|
|
|
|
const isValid = await bcrypt.compare(password, adminPasswordHash);
|
|
|
|
if (isValid) {
|
|
return NextResponse.json({ success: true });
|
|
} else {
|
|
return NextResponse.json({ error: 'Invalid password' }, { status: 401 });
|
|
}
|
|
} catch (error) {
|
|
console.error('Login error:', error);
|
|
return NextResponse.json({ error: 'Internal Server Error' }, { status: 500 });
|
|
}
|
|
}
|