From 31d2c5a29fdc100a290b5c442574be2c271dc1c2 Mon Sep 17 00:00:00 2001 From: Mannu Date: Sun, 10 May 2026 23:43:38 +0530 Subject: [PATCH] Fix signin SQL value handling --- src/app/api/auth/signin/route.ts | 55 +++++++++++++++----------------- 1 file changed, 25 insertions(+), 30 deletions(-) diff --git a/src/app/api/auth/signin/route.ts b/src/app/api/auth/signin/route.ts index a38aedf..68ead11 100644 --- a/src/app/api/auth/signin/route.ts +++ b/src/app/api/auth/signin/route.ts @@ -3,14 +3,15 @@ import { sql } from "@/db"; import { cookies } from "next/headers"; export async function POST(request: Request) { - const { email } = await request.json(); + const body = await request.json(); + const email = body?.email; if (!email) { return NextResponse.json({ error: "Email required" }, { status: 400 }); } try { - // Find user + // Find user - use parameterized query const users = await sql` SELECT u.id, u.email, fm.family_id as family_id FROM users u @@ -19,51 +20,48 @@ export async function POST(request: Request) { LIMIT 1 `; - if (!users || users.length === 0) { + const user = users?.[0]; + + if (!user) { return NextResponse.json({ error: "User not found" }, { status: 404 }); } - const user = users[0]; - const userId = user.id; - const familyId = user.family_id; - - // Create session in database + // Create session token const sessionToken = crypto.randomUUID(); const expires = new Date(); - expires.setDate(expires.getDate() + 30); // 30 days + expires.setDate(expires.getDate() + 30); + // Insert session await sql` INSERT INTO sessions (session_token, user_id, expires) - VALUES ${sql(sessionToken, userId, expires)} + VALUES (${sessionToken}, ${user.id}, ${expires.toISOString()}) `; // Get family info let family = null; - if (familyId) { + if (user.family_id) { const families = await sql` SELECT id, name, tier, max_children, max_members - FROM families WHERE id = ${familyId} + FROM families WHERE id = ${user.family_id} `; - if (families.length > 0) { - family = families[0]; - } + family = families?.[0]; } - // Create response with cookie + // Create response const response = NextResponse.json({ success: true, userId: user.id, email: user.email, - familyId: familyId, + familyId: user.family_id, family: family, }); - // Set session cookie (httpOnly, secure, sameSite) - response.cookies.set("session", sessionToken, { + // Set cookie + response.cookies.set("tia_session", sessionToken, { httpOnly: true, secure: process.env.NODE_ENV === "production", sameSite: "lax", - maxAge: 60 * 60 * 24 * 30, // 30 days + maxAge: 60 * 60 * 24 * 30, path: "/", }); @@ -74,17 +72,15 @@ export async function POST(request: Request) { } } -// GET current session export async function GET() { try { const cookieStore = await cookies(); - const sessionToken = cookieStore.get("session")?.value; + const sessionToken = cookieStore.get("tia_session")?.value; if (!sessionToken) { return NextResponse.json({ authenticated: false }); } - // Look up session const sessions = await sql` SELECT s.user_id, s.expires, u.email FROM sessions s @@ -93,13 +89,12 @@ export async function GET() { AND s.expires > NOW() `; - if (!sessions || sessions.length === 0) { + const session = sessions?.[0]; + + if (!session) { return NextResponse.json({ authenticated: false }); } - const session = sessions[0]; - - // Get family via family_members const members = await sql` SELECT fm.family_id, f.name as family_name, f.tier FROM family_members fm @@ -111,9 +106,9 @@ export async function GET() { authenticated: true, userId: session.user_id, email: session.email, - familyId: members[0]?.family_id, - familyName: members[0]?.family_name, - tier: members[0]?.tier, + familyId: members?.[0]?.family_id, + familyName: members?.[0]?.family_name, + tier: members?.[0]?.tier, }); } catch (error) { return NextResponse.json({ authenticated: false });