Initial commit

5 files changed, 96 insertions, 0 deletions

diff --git a/app/src/routes/+page.svelte b/app/src/routes/+page.svelte
new file mode 100644
index 0000000..cc88df0
--- /dev/null
+++ b/app/src/routes/+page.svelte
@@ -0,0 +1,2 @@
+<h1>Welcome to SvelteKit</h1>
+<p>Visit <a href="https://svelte.dev/docs/kit">svelte.dev/docs/kit</a> to read the documentation</p>
diff --git a/app/src/routes/login/+page.server.ts b/app/src/routes/login/+page.server.ts
new file mode 100644
index 0000000..d011af9
--- /dev/null
+++ b/app/src/routes/login/+page.server.ts
@@ -0,0 +1,39 @@
+import { getUser } from "$lib/server/users";
+import { createSession } from "$lib/server/sessions";
+import { fail, redirect } from "@sveltejs/kit";
+import type { Actions } from "./$types";
+
+export const actions = {
+	default: async ({ url, cookies, request, locals: { dbConn } }) => {
+		const formData = Object.fromEntries(await request.formData()) as {
+			email?: string;
+			password?: string;
+		};
+		if (!formData.email || !formData.password) {
+			return fail(400, { failure: true, error: "Du skal udfylde alle felterne!" });
+		}
+
+		const user = await getUser(dbConn, formData.email, formData.password);
+		if (!user) {
+			// It's important that we don't leak _which_ value is missing.
+			return fail(404, { failure: true, error: "Forkert email/kodeord kombi!" });
+		}
+		console.debug("Found user %o", user);
+
+		// The user has proven that they posses the right credentials. In return they gain a session token, which can be used to authenticate future requests.
+		const session = await createSession(dbConn, user.id);
+		cookies.set("SESSION_ID", session.token, {
+			path: "/",
+			secure: true,
+			sameSite: "strict",
+		});
+		console.debug("Created session %o", session);
+
+		// If sent here from trying to access another page without session cookie.
+		if (url.searchParams.has("redirectTo")) {
+			return redirect(303, url.searchParams.get("redirectTo")!);
+		}
+
+		return { success: true };
+	},
+} satisfies Actions;
diff --git a/app/src/routes/login/+page.svelte b/app/src/routes/login/+page.svelte
new file mode 100644
index 0000000..3e3e3c7
--- /dev/null
+++ b/app/src/routes/login/+page.svelte
@@ -0,0 +1,33 @@
+<script lang="ts">
+	import { enhance } from "$app/forms";
+	import type { PageProps } from "./$types";
+	let { data, form }: PageProps = $props();
+</script>
+
+<svelte:head>
+	<title>Log ind</title>
+</svelte:head>
+
+<!-- If login completed successfully and we dont have ?redirectTo -->
+{#if form?.success}
+	<p>Du er nu logget ind!</p>
+{/if}
+
+<form method="POST" use:enhance>
+	{#if form?.failure}<p class="error">{form?.error}</p>{/if}
+	<label>
+		Email
+		<input name="email" type="email" />
+	</label>
+	<label>
+		Kodeord
+		<input name="password" type="password" />
+	</label>
+	<button>Log ind</button>
+</form>
+
+<style>
+	label {
+		display: block;
+	}
+</style>
diff --git a/app/src/routes/profile/+page.server.ts b/app/src/routes/profile/+page.server.ts
new file mode 100644
index 0000000..5c9b9d3
--- /dev/null
+++ b/app/src/routes/profile/+page.server.ts
@@ -0,0 +1,10 @@
+import type { PageServerLoad } from "./$types";
+import { redirect } from "@sveltejs/kit";
+
+export const load = (async ({ url, locals }) => {
+	if (!locals.user) {
+		redirect(303, `/login?redirectTo=${encodeURIComponent(url.toString())}`);
+	}
+
+	return { user: locals.user };
+}) satisfies PageServerLoad;
diff --git a/app/src/routes/profile/+page.svelte b/app/src/routes/profile/+page.svelte
new file mode 100644
index 0000000..0ee18f0
--- /dev/null
+++ b/app/src/routes/profile/+page.svelte
@@ -0,0 +1,12 @@
+<script lang="ts">
+	import type { PageProps } from "./$types";
+
+	const { data }: PageProps = $props();
+</script>
+
+<!-- svelte-ignore a11y_img_redundant_alt: That's not what 'picture' refers to... -->
+<img src="/profile_picture_standin.jpeg" width="255" height="255" alt="Dummy profile picture" />
+<p>Hej, {data.user.firstName} {data.user.lastName}!</p>
+
+<style>
+</style>