37 lines
1.1 KiB
JavaScript
37 lines
1.1 KiB
JavaScript
async function fetchCsrfToken() {
|
|
const res = await fetch('/api/csrf-token', { credentials: 'same-origin' });
|
|
if (!res.ok) throw new Error('Failed to fetch CSRF token');
|
|
const data = await res.json();
|
|
return data.csrfToken;
|
|
}
|
|
|
|
document.getElementById('login-form').addEventListener('submit', async (e) => {
|
|
e.preventDefault();
|
|
const password = document.getElementById('password').value;
|
|
const errorEl = document.getElementById('error');
|
|
errorEl.classList.remove('visible');
|
|
|
|
try {
|
|
const csrfToken = await fetchCsrfToken();
|
|
const res = await fetch('/login', {
|
|
method: 'POST',
|
|
credentials: 'same-origin',
|
|
headers: {
|
|
'Content-Type': 'application/json',
|
|
'x-csrf-token': csrfToken
|
|
},
|
|
body: JSON.stringify({ password })
|
|
});
|
|
if (res.ok) {
|
|
window.location.href = '/';
|
|
} else {
|
|
const data = await res.json().catch(() => ({}));
|
|
errorEl.textContent = data.error || 'Invalid password';
|
|
errorEl.classList.add('visible');
|
|
}
|
|
} catch (err) {
|
|
errorEl.textContent = 'Login failed. Please try again.';
|
|
errorEl.classList.add('visible');
|
|
}
|
|
});
|