feat(auth): bearer token desteği ve çoklu origin ayarı ekle

- Authorization header ile Bearer token kimlik doğrulaması eklendi - Token'ların localStorage'da saklanması desteği eklendi - WEB_ALLOWED_ORIGINS ve WEB_ALLOWED_HOSTS konfigürasyonları eklendi - Loop işlerinde profileId ve profileName alanları eklendi - CORS ve Vite sunucusu için çoklu origin desteği sağlandı
2026-01-04 15:20:12 +03:00
parent 45946e7c8e
commit 712af0c898
14 changed files with 85 additions and 18 deletions
--- a/apps/server/src/auth/auth.middleware.ts
+++ b/apps/server/src/auth/auth.middleware.ts
@@ -2,7 +2,10 @@ import { Request, Response, NextFunction } from "express";
 import { verifyToken } from "./auth.service"

 export const requireAuth = (req: Request, res: Response, next: NextFunction) => {
-  const token = req.cookies?.["qbuffer_token"];
+  const cookieToken = req.cookies?.["qbuffer_token"];
+  const authHeader = req.headers.authorization;
+  const bearer = authHeader?.startsWith("Bearer ") ? authHeader.slice(7) : undefined;
+  const token = cookieToken || bearer;
  if (!token) {
    return res.status(401).json({ error: "Unauthorized" });
  }
--- a/apps/server/src/auth/auth.routes.ts
+++ b/apps/server/src/auth/auth.routes.ts
@@ -5,6 +5,13 @@ import { isDev } from "../config"

 const router = Router();

+const getAuthToken = (req: any) => {
+  const cookieToken = req.cookies?.["qbuffer_token"];
+  const header = req.headers?.authorization as string | undefined;
+  const bearer = header?.startsWith("Bearer ") ? header.slice(7) : undefined;
+  return cookieToken || bearer;
+};
+
 const loginLimiter = rateLimit({
  windowMs: 60_000,
  max: 5,
@@ -28,7 +35,7 @@ router.post("/login", loginLimiter, async (req, res) => {
    secure: !isDev,
    maxAge: 60 * 24 * 60 * 60 * 1000,
  });
-  return res.json({ username: user.username });
+  return res.json({ username: user.username, token });
 });

 router.post("/logout", (_req, res) => {
@@ -41,7 +48,7 @@ router.post("/logout", (_req, res) => {
 });

 router.get("/me", (req, res) => {
-  const token = req.cookies?.["qbuffer_token"];
+  const token = getAuthToken(req);
  if (!token) {
    return res.status(401).json({ error: "Unauthorized" });
  }
@@ -54,7 +61,7 @@ router.get("/me", (req, res) => {
 });

 router.get("/socket-token", (req, res) => {
-  const token = req.cookies?.["qbuffer_token"];
+  const token = getAuthToken(req);
  if (!token) {
    return res.status(401).json({ error: "Unauthorized" });
  }