Faroe

Sign in

This page uses the JavaScript SDK.

Get the user from your database with the email and use Faroe.verifyUserPassword() to authenticate a user with email and password. We recommend doing some basic input validation with verifyEmailInput() and verifyPasswordInput(). Pass the user's client IP address to enable IP-based rate limiting.

If successful, get the user from the Faroe user ID and create a new session.

// Everything not imported is something you need to define yourself.
import { verifyEmailInput, FaroeError } from "@faroe/sdk";

import type { FaroeUser } from "@faroe/sdk";

async function handleLoginRequest(
    request: HTTPRequest,
    response: HTTPResponse
): Promise<void> {
    const clientIP = request.headers.get("X-Forwarded-For");

    let email: string;
    let password: string;
    // ...

    // Normalize input.
	email = email.toLowerCase();

    if (!verifyEmailInput(email)) {
        response.writeHeader(400);
        response.write("Please enter a valid email address.");
        return;
    }

    const user = await getUserFromEmail(email);
    if (user === null) {
        response.writeHeader(400);
        response.write("Account does not exist.");
        return;
    }

    let faroeUser: FaroeUser;
    try {
        faroeUser = await faroe.verifyUserPassword(user.faroeId, password, clientIP);
    } catch (e) {
        if (e instanceof FaroeError && e.code === "INCORRECT_PASSWORD") {
            response.writeHeader(400);
            response.write("Incorrect password.");
            return;
        }
        if (e instanceof FaroeError && e.code === "TOO_MANY_REQUESTS") {
            response.writeHeader(429);
            response.write("Please try again later.");
            return;
        }
        response.writeHeader(500);
        response.write("An unknown error occurred. Please try again later.");
        return;
    }

    const session = await createSession(user.id, null);

    // ...
}