Tetardtek/ClickerZ
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3ba10dad5f8ba2898979c069c71c34c701038ac8
ClickerZ/Backend/src/router.js
Tetardtek 91d1616dd7
Some checks failed
CI/CD — Build & Deploy / Build & Deploy (push) Failing after 25s
Details
feat: PKCE auth + CI/CD deploy 
- Frontend: PKCE flow (oauth.js, api.js centralized, cookie-based AuthContext)
- Backend: token introspection, cookies httpOnly, refresh endpoint
- Replaced localStorage JWT with httpOnly session cookies
- useSaveSync migrated to cookie auth
- cookie-parser added
- Gitea CI workflow (vps-runner pattern)
2026-03-24 13:01:15 +01:00

42 lines
1.6 KiB
JavaScript
Executable File
Raw Blame History

const express = require("express");
const router = express.Router();
// Import Controllers
const userControllers = require("./controllers/userControllers");
const authControllers = require("./controllers/authControllers");
const saveControllers = require("./controllers/saveControllers");
const verifyToken = require("./middlewares/verifyToken");
// Vérifie que le cookie session appartient au même utilisateur que :id
const verifySelf = (req, res, next) => {
if (String(req.user) !== String(req.params.id)) {
return res.status(403).json({ message: "Forbidden." });
}
return next();
};
// Auth — PKCE flow (cookie-based)
router.post("/auth/session", authControllers.session);
router.post("/auth/refresh", authControllers.refresh);
router.get("/auth/me", authControllers.me);
router.post("/auth/logout", authControllers.logout);
// User management
router.get("/users", verifyToken, userControllers.browse);
router.get("/users/:id", verifyToken, verifySelf, userControllers.read);
router.get("/users/:id/field", verifyToken, verifySelf, userControllers.read);
router.put("/users/:id", verifyToken, verifySelf, userControllers.edit);
router.post("/users", userControllers.add);
router.delete("/users/:id", verifyToken, verifySelf, userControllers.destroy);
router.post("/login", userControllers.login);
// Sync game state — cookie auth (was verifyOAuth, now same as verifyToken)
router.patch("/users/:id/coins", verifyToken, verifySelf, userControllers.updateCoins);
// Game saves — cookie auth
router.get("/save", verifyToken, saveControllers.load);
router.post("/save", verifyToken, saveControllers.save);
module.exports = router;
Reference in New Issue View Git Blame Copy Permalink