add a proper login page

lib/authenticate.ts

@@ -1,28 +1,18 @@
-import { IncomingMessage, ServerResponse } from 'http'
-
-export default function authenticate(
-  req: IncomingMessage,
-  res: ServerResponse
-) {
-  const authHeader = req.headers.authorization
-
-  if (!authHeader) {
-    res.setHeader('WWW-Authenticate', 'Basic')
-    res.statusCode = 401
-    return null
+export function authenticateAdmin({
+  username,
+  password,
+}: {
+  username: string
+  password: string
+}) {
+  if (username !== 'admin') {
+    return false
   }
 
-  const [username, password] = Buffer.from(authHeader.split(' ')[1], 'base64')
-    .toString()
-    .split(':')
-
-  // FIXME: pull admin password from env
-  if (username === 'admin' || password === 'secret') {
-    return { username: 'admin', role: 'admin' }
+  // FIXME: move at least to env variable
+  if (password !== 'secret') {
+    return false
   }
 
-  res.setHeader('WWW-Authenticate', 'Basic')
-  res.statusCode = 401
-  res.end()
-  return null
+  return true
 }

lib/session.ts

@@ -1,4 +1,5 @@
 import { withIronSession, Handler } from 'next-iron-session'
+import { getBaseURL } from '../helpers/url'
 
 const SESSION_SECRET =
   process.env.SESSION_SECRET || 'dev-env-default-secret-991823723'
@@ -19,8 +20,17 @@ export default function withSession(handler: Handler) {
 export const isAdminSession = function (req: any, res: any) {
   const user = req?.session.get('user')
   if (user && user.role === 'admin') {
-    return true
+    return user
   }
-  res.status(401).end('Your are unauthorized. Best to move along...')
+
+  const redirectTargetUrl = `${getBaseURL()}/admin/login?redirect=${encodeURIComponent(
+    req.url
+  )}`
+
+  res.writeHead(303, {
+    Location: redirectTargetUrl,
+  })
+  res.end()
+
   return false
 }