mirror of
https://github.com/Crazyco-xyz/48hr.email.git
synced 2026-01-09 11:19:36 +01:00
150 lines
No EOL
4.5 KiB
JavaScript
150 lines
No EOL
4.5 KiB
JavaScript
const express = require('express')
|
|
const router = express.Router()
|
|
const { body, validationResult } = require('express-validator')
|
|
const { ApiError } = require('../middleware/error-handler')
|
|
|
|
/**
|
|
* Authentication API Routes
|
|
* POST /register - Register new user
|
|
* POST /login - Login user
|
|
* POST /logout - Logout user
|
|
* GET /session - Get current session info
|
|
*/
|
|
function createAuthRouter(dependencies) {
|
|
const { authService, config } = dependencies
|
|
|
|
// Check if auth is enabled
|
|
if (!authService || !config.user.authEnabled) {
|
|
router.all('*', (req, res) => {
|
|
res.apiError('Authentication is disabled', 'AUTH_DISABLED', 503)
|
|
})
|
|
return router
|
|
}
|
|
|
|
/**
|
|
* POST /register - Register new user
|
|
*/
|
|
router.post('/register',
|
|
body('username').trim().isLength({ min: 3, max: 20 }).matches(/^[a-zA-Z0-9_]+$/),
|
|
body('password').isLength({ min: 8 }),
|
|
async(req, res, next) => {
|
|
try {
|
|
const errors = validationResult(req)
|
|
if (!errors.isEmpty()) {
|
|
return res.apiError('Invalid username or password format', 'VALIDATION_ERROR', 400)
|
|
}
|
|
|
|
const { username, password } = req.body
|
|
|
|
// Attempt to create user
|
|
const result = await authService.register(username, password)
|
|
|
|
if (!result.success) {
|
|
return res.apiError(result.error, 'REGISTRATION_FAILED', 400)
|
|
}
|
|
|
|
// Create session
|
|
req.session.userId = result.user.id
|
|
req.session.username = username
|
|
req.session.isAuthenticated = true
|
|
req.session.createdAt = Date.now()
|
|
|
|
res.apiSuccess({
|
|
userId: result.user.id,
|
|
username: username,
|
|
message: 'Registration successful'
|
|
}, 201)
|
|
} catch (error) {
|
|
next(error)
|
|
}
|
|
}
|
|
)
|
|
|
|
/**
|
|
* POST /login - Login user
|
|
*/
|
|
router.post('/login',
|
|
body('username').trim().notEmpty(),
|
|
body('password').notEmpty(),
|
|
async(req, res, next) => {
|
|
try {
|
|
const errors = validationResult(req)
|
|
if (!errors.isEmpty()) {
|
|
return res.apiError('Username and password are required', 'VALIDATION_ERROR', 400)
|
|
}
|
|
|
|
const { username, password } = req.body
|
|
|
|
// Authenticate user
|
|
const result = await authService.login(username, password)
|
|
|
|
if (!result.success) {
|
|
return res.apiError('Invalid username or password', 'INVALID_CREDENTIALS', 401)
|
|
}
|
|
|
|
// Regenerate session to prevent fixation
|
|
req.session.regenerate((err) => {
|
|
if (err) {
|
|
return next(err)
|
|
}
|
|
|
|
req.session.userId = result.user.id
|
|
req.session.username = username
|
|
req.session.isAuthenticated = true
|
|
req.session.createdAt = Date.now()
|
|
|
|
res.apiSuccess({
|
|
userId: result.user.id,
|
|
username: username,
|
|
message: 'Login successful'
|
|
})
|
|
})
|
|
} catch (error) {
|
|
next(error)
|
|
}
|
|
}
|
|
)
|
|
|
|
/**
|
|
* POST /logout - Logout user
|
|
*/
|
|
router.post('/logout', (req, res, next) => {
|
|
try {
|
|
if (!req.session || !req.session.isAuthenticated) {
|
|
return res.apiError('Not logged in', 'NOT_AUTHENTICATED', 401)
|
|
}
|
|
|
|
req.session.destroy((err) => {
|
|
if (err) {
|
|
return next(err)
|
|
}
|
|
|
|
res.apiSuccess({ message: 'Logout successful' })
|
|
})
|
|
} catch (error) {
|
|
next(error)
|
|
}
|
|
})
|
|
|
|
/**
|
|
* GET /session - Get current session info
|
|
*/
|
|
router.get('/session', (req, res) => {
|
|
if (req.session && req.session.isAuthenticated && req.session.userId) {
|
|
res.apiSuccess({
|
|
authenticated: true,
|
|
userId: req.session.userId,
|
|
username: req.session.username,
|
|
createdAt: req.session.createdAt
|
|
})
|
|
} else {
|
|
res.apiSuccess({
|
|
authenticated: false
|
|
})
|
|
}
|
|
})
|
|
|
|
return router
|
|
}
|
|
|
|
module.exports = createAuthRouter |