wtf man

1 files changed, 25 insertions, 11 deletions

diff --git a/src/lib/db/index.ts b/src/lib/db/index.ts
index 9897af8..3d46fd9 100644
--- a/src/lib/db/index.ts
+++ b/src/lib/db/index.ts
@@ -1,7 +1,7 @@
 import Database from "bun:sqlite";
-import { getDBOffset, wordFactorial } from "@/lib/utils";
-import type { AddSense, AddWord, State } from "@/lib/types";
-import { DEFAULT_SRS } from "@/lib/services/srs";
+import { getDBOffset, wordFactorial } from "../utils";
+import type { AddSense, AddWord, State } from "../types";
+import { DEFAULT_SRS } from "../services/srs";
 
 const PAGE_SIZE = 100;
 
@@ -32,11 +32,17 @@ class DatabaseHandler {
   fetchCookie(coki: string) {
     const query = this.db.query(
       `
-        SELECT * FROM cookies
-        WHERE cookie = ?
+        SELECT u.id, u.name, c.expiry FROM cookies as c
+        JOIN users as u ON u.id = c.user
+        WHERE c.cookie = ?
       `,
     );
-    const res = query.get(coki);
+    const res = query.get(coki) as {
+      id: number;
+      name: string;
+      expiry: number;
+    };
+    console.log("cokifetch", { coki, res });
     return res;
   }
   setCookie(coki: string, user: number, expiry: number) {
@@ -577,14 +583,22 @@ class DatabaseHandler {
       return { error: `${e}` };
     }
   }
-  loginUser(name: string, creds: string) {
+  async loginUser(name: string, creds: string) {
     const query = this.db.query(`
-    SELECT id FROM users
-    WHERE name = ? AND creds = ?
+    SELECT * FROM users
+    WHERE name = ?
   `);
-    const row = query.get(name, creds) as { id: number } | null;
+    const row = query.get(name) as {
+      id: number;
+      name: string;
+      creds: string;
+    } | null;
     if (!row) return { error: "not found" };
-    else return { ok: row.id };
+    else {
+      const ok = await Bun.password.verify(creds, row.creds);
+      if (!ok) return { error: "Wrong password" };
+      else return { ok: row.id };
+    }
   }
   addCat(category: string) {
     const queryString = `