Feat: Add login validation with ntfy alerts

2026-03-16 21:41:02 +00:00 · 2026-03-14 00:03:31 -07:00
parent 8fd72e6611
commit cf50d0e38d
1 changed files with 38 additions and 0 deletions
--- a/app/api/login/route.js
+++ b/app/api/login/route.js
@@ -0,0 +1,38 @@
+import { NextResponse } from 'next/server';
+import crypto from 'crypto';
+
+export async function POST(req) {
+    try {
+        const body = await req.json();
+        const { email, password, captcha } = body;
+        
+        const cookieHash = req.cookies.get('captcha_hash')?.value;
+        const secret = process.env.CAPTCHA_SECRET || 'dev_secret_meow';
+        const expectedHash = crypto.createHmac('sha256', secret).update((captcha || '').toLowerCase()).digest('hex');
+
+        if (!cookieHash || cookieHash !== expectedHash) {
+            return NextResponse.json({ error: 'Invalid or expired captcha' }, { status: 400 });
+        }
+
+        if (email === process.env.ADMIN_EMAIL && password === process.env.ADMIN_PASS) {
+            // Real implementation would set a JWT or session cookie here
+            return NextResponse.json({ success: true, message: 'Welcome back, Master!' });
+        } else {
+            // Trigger NTFY alert for failed login
+            if (process.env.NTFY_URL) {
+                await fetch(process.env.NTFY_URL, {
+                    method: 'POST',
+                    body: `Failed login attempt for email: ${email}`,
+                    headers: {
+                        'Title': 'Kalbot Login Alert',
+                        'Priority': 'urgent',
+                        'Tags': 'warning,skull'
+                    }
+                }).catch(e => console.error("Ntfy error:", e));
+            }
+            return NextResponse.json({ error: 'Invalid credentials' }, { status: 401 });
+        }
+    } catch (err) {
+        return NextResponse.json({ error: 'Server error' }, { status: 500 });
+    }
+}