first commit

apps/server/src/auth/auth.routes.ts

@@ -0,0 +1,64 @@
+import { Router } from "express";
+import rateLimit from "express-rate-limit";
+import { signToken, verifyCredentials, verifyToken } from "./auth.service"
+import { isDev } from "../config"
+
+const router = Router();
+
+const loginLimiter = rateLimit({
+  windowMs: 60_000,
+  max: 5,
+  standardHeaders: true,
+  legacyHeaders: false,
+});
+
+router.post("/login", loginLimiter, async (req, res) => {
+  const { username, password } = req.body ?? {};
+  if (!username || !password) {
+    return res.status(400).json({ error: "Missing credentials" });
+  }
+  const user = await verifyCredentials(username, password);
+  if (!user) {
+    return res.status(401).json({ error: "Invalid credentials" });
+  }
+  const token = signToken({ username: user.username });
+  res.cookie("qbuffer_token", token, {
+    httpOnly: true,
+    sameSite: "lax",
+    secure: !isDev,
+  });
+  return res.json({ username: user.username });
+});
+
+router.post("/logout", (_req, res) => {
+  res.clearCookie("qbuffer_token");
+  return res.json({ ok: true });
+});
+
+router.get("/me", (req, res) => {
+  const token = req.cookies?.["qbuffer_token"];
+  if (!token) {
+    return res.status(401).json({ error: "Unauthorized" });
+  }
+  try {
+    const payload = verifyToken(token);
+    return res.json({ ok: true, username: payload.username });
+  } catch (error) {
+    return res.status(401).json({ error: "Unauthorized" });
+  }
+});
+
+router.get("/socket-token", (req, res) => {
+  const token = req.cookies?.["qbuffer_token"];
+  if (!token) {
+    return res.status(401).json({ error: "Unauthorized" });
+  }
+  try {
+    verifyToken(token);
+    return res.json({ token });
+  } catch (error) {
+    return res.status(401).json({ error: "Unauthorized" });
+  }
+});
+
+export default router;