app.post('/api/auth/login', async (req, res) => const email, password = req.body; const user = await User.findOne( email ); if (!user) return res.status(401).json( message: 'Invalid credentials' );
res.cookie('token', token, httpOnly: true, secure: process.env.NODE_ENV === 'production', sameSite: 'strict', maxAge: 7 * 24 * 60 * 60 * 1000 ); wepik.com login
const isValid = await bcrypt.compare(password, user.passwordHash); if (!isValid) return res.status(401).json( message: 'Invalid credentials' ); password = req.body