import { clearRefreshTokenCookie, setRefreshTokenCookie, } from '~/utils/cookie-utils' import { generateAccessToken, generateRefreshToken } from '~/utils/jwt-utils' import { forbiddenResponse } from '~/utils/response' export default defineEventHandler(async (event) => { const { password, username } = await readBody(event) if (!password || !username) { setResponseStatus(event, 400) return useResponseError( 'BadRequestException', 'Username and password are required', ) } const findUser = MOCK_USERS.find( (item) => item.username === username && item.password === password, ) if (!findUser) { clearRefreshTokenCookie(event) return forbiddenResponse(event, 'Username or password is incorrect.') } const accessToken = generateAccessToken(findUser) const refreshToken = generateRefreshToken(findUser) setRefreshTokenCookie(event, refreshToken) return useResponseSuccess({ ...findUser, accessToken, }) })