82 lines
2.3 KiB
TypeScript
82 lines
2.3 KiB
TypeScript
import { defineEventHandler, readBody, createError } from 'h3'
|
|
import { getSubdomainFromRequest, isCentralSubdomain } from '~/server/utils/tenant'
|
|
import { setSessionCookie, setTenantIdCookie } from '~/server/utils/session'
|
|
|
|
export default defineEventHandler(async (event) => {
|
|
const config = useRuntimeConfig()
|
|
const body = await readBody(event)
|
|
|
|
// Extract subdomain from the request
|
|
const subdomain = getSubdomainFromRequest(event)
|
|
|
|
if (!subdomain) {
|
|
throw createError({
|
|
statusCode: 400,
|
|
statusMessage: 'Unable to determine tenant from subdomain',
|
|
})
|
|
}
|
|
|
|
// Determine the backend URL based on whether this is central admin or tenant
|
|
const isCentral = isCentralSubdomain(subdomain)
|
|
const backendUrl = config.backendUrl || 'http://localhost:3000'
|
|
const loginEndpoint = isCentral ? '/api/auth/central/login' : '/api/auth/login'
|
|
|
|
try {
|
|
// Forward login request to NestJS backend with subdomain header
|
|
const response = await fetch(`${backendUrl}${loginEndpoint}`, {
|
|
method: 'POST',
|
|
headers: {
|
|
'Content-Type': 'application/json',
|
|
'x-tenant-subdomain': subdomain,
|
|
},
|
|
body: JSON.stringify(body),
|
|
})
|
|
|
|
const data = await response.json()
|
|
|
|
if (!response.ok) {
|
|
throw createError({
|
|
statusCode: response.status,
|
|
statusMessage: data.message || 'Login failed',
|
|
data: data,
|
|
})
|
|
}
|
|
|
|
// Extract token and tenant info from response
|
|
const { access_token, user, tenantId } = data
|
|
|
|
if (!access_token) {
|
|
throw createError({
|
|
statusCode: 500,
|
|
statusMessage: 'No access token received from backend',
|
|
})
|
|
}
|
|
|
|
// Set HTTP-only cookie with the JWT token
|
|
setSessionCookie(event, access_token)
|
|
|
|
// Set tenant ID cookie (readable by client for context)
|
|
if (tenantId) {
|
|
setTenantIdCookie(event, tenantId)
|
|
}
|
|
|
|
// Return user info (but NOT the token - it's in HTTP-only cookie)
|
|
return {
|
|
success: true,
|
|
user,
|
|
tenantId,
|
|
}
|
|
} catch (error: any) {
|
|
// Re-throw H3 errors
|
|
if (error.statusCode) {
|
|
throw error
|
|
}
|
|
|
|
console.error('Login proxy error:', error)
|
|
throw createError({
|
|
statusCode: 500,
|
|
statusMessage: 'Failed to connect to authentication service',
|
|
})
|
|
}
|
|
})
|