From cf50d0e38d0217399599779b75ab894d7dedd799 Mon Sep 17 00:00:00 2001 From: multipleof4 Date: Sat, 14 Mar 2026 00:03:31 -0700 Subject: [PATCH] Feat: Add login validation with ntfy alerts --- app/api/login/route.js | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 app/api/login/route.js diff --git a/app/api/login/route.js b/app/api/login/route.js new file mode 100644 index 0000000..80e9f73 --- /dev/null +++ b/app/api/login/route.js @@ -0,0 +1,38 @@ +import { NextResponse } from 'next/server'; +import crypto from 'crypto'; + +export async function POST(req) { + try { + const body = await req.json(); + const { email, password, captcha } = body; + + const cookieHash = req.cookies.get('captcha_hash')?.value; + const secret = process.env.CAPTCHA_SECRET || 'dev_secret_meow'; + const expectedHash = crypto.createHmac('sha256', secret).update((captcha || '').toLowerCase()).digest('hex'); + + if (!cookieHash || cookieHash !== expectedHash) { + return NextResponse.json({ error: 'Invalid or expired captcha' }, { status: 400 }); + } + + if (email === process.env.ADMIN_EMAIL && password === process.env.ADMIN_PASS) { + // Real implementation would set a JWT or session cookie here + return NextResponse.json({ success: true, message: 'Welcome back, Master!' }); + } else { + // Trigger NTFY alert for failed login + if (process.env.NTFY_URL) { + await fetch(process.env.NTFY_URL, { + method: 'POST', + body: `Failed login attempt for email: ${email}`, + headers: { + 'Title': 'Kalbot Login Alert', + 'Priority': 'urgent', + 'Tags': 'warning,skull' + } + }).catch(e => console.error("Ntfy error:", e)); + } + return NextResponse.json({ error: 'Invalid credentials' }, { status: 401 }); + } + } catch (err) { + return NextResponse.json({ error: 'Server error' }, { status: 500 }); + } +}