q-buffer/apps/server/src/auth/auth.routes.ts

import { Router } from "express";
import { signToken, verifyCredentials, verifyToken } from "./auth.service"
import { isDev } from "../config"
import { loginLimiter } from "../middleware/rate-limiter"

const router = Router();

const getAuthToken = (req: any) => {
  const cookieToken = req.cookies?.["qbuffer_token"];
  const header = req.headers?.authorization as string | undefined;
  const bearer = header?.startsWith("Bearer ") ? header.slice(7) : undefined;
  return cookieToken || bearer;
};

router.post("/login", loginLimiter, async (req, res) => {
  const { username, password } = req.body ?? {};
  if (!username || !password) {
    return res.status(400).json({ error: "Missing credentials" });
  }
  const user = await verifyCredentials(username, password);
  if (!user) {
    return res.status(401).json({ error: "Invalid credentials" });
  }
  const token = signToken({ username: user.username });
  res.cookie("qbuffer_token", token, {
    httpOnly: true,
    sameSite: "lax",
    secure: !isDev,
    maxAge: 60 * 24 * 60 * 60 * 1000,
  });
  return res.json({ username: user.username, token });
});

router.post("/logout", (_req, res) => {
  res.clearCookie("qbuffer_token", {
    httpOnly: true,
    sameSite: "lax",
    secure: !isDev,
  });
  return res.json({ ok: true });
});

router.get("/me", (req, res) => {
  const token = getAuthToken(req);
  if (!token) {
    return res.status(401).json({ error: "Unauthorized" });
  }
  try {
    const payload = verifyToken(token);
    return res.json({ ok: true, username: payload.username });
  } catch (error) {
    return res.status(401).json({ error: "Unauthorized" });
  }
});

router.get("/socket-token", (req, res) => {
  const token = getAuthToken(req);
  if (!token) {
    return res.status(401).json({ error: "Unauthorized" });
  }
  try {
    verifyToken(token);
    return res.json({ token });
  } catch (error) {
    return res.status(401).json({ error: "Unauthorized" });
  }
});

export default router;