176 lines
3.8 KiB
JavaScript
176 lines
3.8 KiB
JavaScript
/**
|
|
* Authentication Routes
|
|
*
|
|
* Handles login, logout, token refresh, and user info endpoints
|
|
*/
|
|
|
|
import { Router } from 'express';
|
|
import { createToken, verifyToken, decodeToken, getTokenExpiresIn } from '../utils/jwt-utils.js';
|
|
|
|
export function createAuthRouter({ secret, adminPassword } = {}) {
|
|
const router = Router();
|
|
|
|
/**
|
|
* POST /auth/login
|
|
* Login with admin password to receive JWT token
|
|
*/
|
|
router.post('/login', (req, res) => {
|
|
const { password } = req.body;
|
|
|
|
// Validate input
|
|
if (!password) {
|
|
return res.status(400).json({
|
|
error: 'Password is required',
|
|
code: 'MISSING_PASSWORD'
|
|
});
|
|
}
|
|
|
|
// Validate password
|
|
if (password !== adminPassword) {
|
|
return res.status(401).json({
|
|
error: 'Invalid password',
|
|
code: 'INVALID_PASSWORD'
|
|
});
|
|
}
|
|
|
|
try {
|
|
// Create token with admin permissions
|
|
const token = createToken(
|
|
{
|
|
isAdmin: true,
|
|
permissions: ['admin', 'gamemaster-edit'],
|
|
loginTime: new Date().toISOString()
|
|
},
|
|
secret,
|
|
7 * 24 * 60 * 60 // 7 days
|
|
);
|
|
|
|
res.json({
|
|
success: true,
|
|
token,
|
|
expiresIn: 7 * 24 * 60 * 60,
|
|
user: {
|
|
isAdmin: true,
|
|
permissions: ['admin', 'gamemaster-edit']
|
|
}
|
|
});
|
|
} catch (err) {
|
|
res.status(500).json({
|
|
error: 'Failed to create token',
|
|
code: 'TOKEN_CREATION_ERROR'
|
|
});
|
|
}
|
|
});
|
|
|
|
/**
|
|
* POST /auth/verify
|
|
* Verify that a token is valid
|
|
*/
|
|
router.post('/verify', (req, res) => {
|
|
const { token } = req.body;
|
|
|
|
if (!token) {
|
|
return res.status(400).json({
|
|
error: 'Token is required',
|
|
code: 'MISSING_TOKEN'
|
|
});
|
|
}
|
|
|
|
try {
|
|
const decoded = verifyToken(token, secret);
|
|
const expiresIn = getTokenExpiresIn(token);
|
|
|
|
res.json({
|
|
valid: true,
|
|
user: {
|
|
isAdmin: decoded.isAdmin,
|
|
permissions: decoded.permissions
|
|
},
|
|
expiresIn: Math.floor(expiresIn / 1000),
|
|
expiresAt: new Date(Date.now() + expiresIn)
|
|
});
|
|
} catch (err) {
|
|
return res.status(401).json({
|
|
valid: false,
|
|
error: err.message,
|
|
code: 'INVALID_TOKEN'
|
|
});
|
|
}
|
|
});
|
|
|
|
/**
|
|
* POST /auth/refresh
|
|
* Refresh an existing token
|
|
*/
|
|
router.post('/refresh', (req, res) => {
|
|
const { token } = req.body;
|
|
|
|
if (!token) {
|
|
return res.status(400).json({
|
|
error: 'Token is required',
|
|
code: 'MISSING_TOKEN'
|
|
});
|
|
}
|
|
|
|
try {
|
|
const decoded = verifyToken(token, secret);
|
|
|
|
// Create new token with same payload but extended expiration
|
|
const newToken = createToken(
|
|
{
|
|
isAdmin: decoded.isAdmin,
|
|
permissions: decoded.permissions,
|
|
loginTime: decoded.loginTime
|
|
},
|
|
secret,
|
|
7 * 24 * 60 * 60 // 7 days
|
|
);
|
|
|
|
res.json({
|
|
success: true,
|
|
token: newToken,
|
|
expiresIn: 7 * 24 * 60 * 60
|
|
});
|
|
} catch (err) {
|
|
return res.status(401).json({
|
|
error: err.message,
|
|
code: 'INVALID_TOKEN'
|
|
});
|
|
}
|
|
});
|
|
|
|
/**
|
|
* GET /auth/user
|
|
* Get current user info (requires valid token via middleware)
|
|
*/
|
|
router.get('/user', (req, res) => {
|
|
if (!req.user) {
|
|
return res.status(401).json({
|
|
error: 'Not authenticated',
|
|
code: 'NOT_AUTHENTICATED'
|
|
});
|
|
}
|
|
|
|
res.json({
|
|
user: {
|
|
isAdmin: req.user.isAdmin,
|
|
permissions: req.user.permissions,
|
|
loginTime: req.user.loginTime
|
|
}
|
|
});
|
|
});
|
|
|
|
/**
|
|
* POST /auth/logout
|
|
* Logout (token is invalidated on client side)
|
|
*/
|
|
router.post('/logout', (req, res) => {
|
|
res.json({
|
|
success: true,
|
|
message: 'Logged out successfully'
|
|
});
|
|
});
|
|
|
|
return router;
|
|
}
|