2025-07-09 17:57:49 +02:00
|
|
|
/*
|
|
|
|
|
SPDX-FileCopyrightText: © 2025 Hornwitser <code@hornwitser.no>
|
|
|
|
|
SPDX-License-Identifier: AGPL-3.0-or-later
|
|
|
|
|
*/
|
|
|
|
|
import { readAuthenticationMethods, readUsers } from "~/server/database";
|
|
|
|
|
|
|
|
|
|
export default defineEventHandler(async (event) => {
|
|
|
|
|
const runtimeConfig = useRuntimeConfig(event);
|
|
|
|
|
if (!runtimeConfig.public.authDemoEnabled) {
|
|
|
|
|
throw createError({
|
|
|
|
|
statusCode: 403,
|
|
|
|
|
statusMessage: "Forbidden",
|
|
|
|
|
message: "Demo authentication is disabled",
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const { name: slug } = await readBody(event);
|
|
|
|
|
|
|
|
|
|
if (typeof slug !== "string" || !slug) {
|
|
|
|
|
throw createError({
|
|
|
|
|
statusCode: 400,
|
|
|
|
|
statusMessage: "Bad Request",
|
|
|
|
|
message: "Missing name",
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
2025-09-20 23:04:16 +02:00
|
|
|
const authMethods = readAuthenticationMethods();
|
2025-07-09 17:57:49 +02:00
|
|
|
const method = authMethods.find(method => method.provider === "demo" && method.slug === slug);
|
|
|
|
|
let session;
|
|
|
|
|
if (method) {
|
2025-09-20 23:04:16 +02:00
|
|
|
const users = readUsers();
|
2025-07-09 17:57:49 +02:00
|
|
|
const account = users.find(user => !user.deleted && user.id === method.userId);
|
|
|
|
|
session = await setServerSession(event, account);
|
|
|
|
|
} else {
|
|
|
|
|
session = await setServerSession(event, undefined, "demo", slug, slug);
|
|
|
|
|
}
|
|
|
|
|
return await serverSessionToApi(event, session);
|
|
|
|
|
})
|
