✨ feat (auth): server side proxy login request

server/api/v1/authentication/login.post.ts

@@ -0,0 +1,43 @@
+import { useRuntimeConfig } from '#imports'
+import { getRequestURL, readBody, setCookie } from 'h3'
+
+export default defineEventHandler(async (event) => {
+  const body = await readBody(event)
+  const url = getRequestURL(event)
+  const config = useRuntimeConfig()
+
+  const apiOrigin = config.API_ORIGIN
+
+  const externalUrl = apiOrigin + url.pathname.replace(/^\/api/, '') + url.search
+
+  const resp = await fetch(externalUrl, {
+    method: 'POST',
+    body: JSON.stringify(body),
+    headers: {
+      'Content-Type': 'application/json',
+    },
+  })
+
+  if (resp.status === 200) {
+    const data = await resp.json()
+
+    if (data?.data?.accessToken) {
+      setCookie(event, 'authentication', data.data.accessToken, {
+        path: '/',
+        httpOnly: true,
+        sameSite: 'strict',
+        maxAge: 60 * 60 * 24,
+      })
+
+      delete data.data.accessToken
+      return data
+    }
+  }
+
+  return new Response(await resp.text(), {
+    status: resp.status,
+    headers: {
+      'Content-Type': resp.headers.get('content-type') || 'text/plain',
+    },
+  })
+})