brainstorming/server/api/auth/login.post.ts

import { checkPassword, createSession } from '../../utils/auth'

export default defineEventHandler(async (event) => {
  const { password } = await readBody(event)
  if (!password || !checkPassword(password)) {
    throw createError({ statusCode: 401, statusMessage: 'Invalid password' })
  }
  const token = createSession()
  setCookie(event, 'session', token, {
    httpOnly: true,
    secure: true,
    sameSite: 'strict',
    maxAge: 86400,
    path: '/',
  })
  return { ok: true }
})