initial version of the app

app/api/auth/login/route.ts

@@ -0,0 +1,65 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { db } from '@/lib/db';
+import { users } from '@/lib/db/schema';
+import { eq } from 'drizzle-orm';
+import bcrypt from 'bcryptjs';
+import { createSession } from '@/lib/session';
+import { logActivity, ACTIONS, ENTITY_TYPES } from '@/lib/activity-logger';
+
+export async function POST(request: NextRequest) {
+	try {
+		const { email, password } = await request.json();
+
+		if (!email || !password) {
+			return NextResponse.json({ error: 'Email and password are required' }, { status: 400 });
+		}
+
+		// Find user by email
+		const user = await db.select().from(users).where(eq(users.email, email)).limit(1);
+
+		if (user.length === 0) {
+			return NextResponse.json({ error: 'Invalid credentials' }, { status: 401 });
+		}
+
+		// Verify password
+		const isValid = await bcrypt.compare(password, user[0].password);
+
+		if (!isValid) {
+			return NextResponse.json({ error: 'Invalid credentials' }, { status: 401 });
+		}
+
+		// Create session
+		await createSession({
+			userId: user[0].id,
+			email: user[0].email,
+			role: user[0].role as 'user' | 'admin',
+		});
+
+		// Log the login activity
+		await logActivity({
+			userId: user[0].id,
+			action: ACTIONS.USER_LOGIN,
+			entityType: ENTITY_TYPES.USER,
+			entityId: user[0].id,
+			details: {
+				email: user[0].email,
+				role: user[0].role,
+			},
+			request,
+		});
+
+		return NextResponse.json({
+			user: {
+				id: user[0].id,
+				email: user[0].email,
+				name: user[0].name,
+				surname: user[0].surname,
+				role: user[0].role,
+			},
+			message: 'Login successful',
+		});
+	} catch (error) {
+		console.error('Login error:', error);
+		return NextResponse.json({ error: 'Internal server error' }, { status: 500 });
+	}
+}