Tetardtek/originsdigital
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: login email/password + proxy POST /api/auth/login → SuperOAuth
All checks were successful
CI/CD — Build & Deploy / Build & Deploy (push) Successful in 21s
Details

Browse Source 
- auth.routes : POST /api/auth/login proxie vers SuperOAuth, pose httpOnly cookie
- Factorisation upsertUser() partagé avec /session
- LoginPage : form email/password + séparateur + boutons OAuth provider
This commit is contained in:
Tetardtek
2026-03-14 10:26:25 +01:00
parent 7e3ee29b13
commit 324efcaa3d
2 changed files with 137 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

76
backend/src/routes/auth.routes.ts
View File

@@ -10,9 +10,67 @@ const COOKIE_OPTIONS = {
httpOnly: true,
secure: process.env.NODE_ENV === "production",
sameSite: "strict" as const,
maxAge: 15 * 60 * 1000, // 15 min — durée de vie du token SuperOAuth
maxAge: 15 * 60 * 1000,
};
/** Upsert user en DB depuis un profil SuperOAuth */
async function upsertUser(oauthUser: { id: string; email: string | null; nickname: string }): Promise<void> {
const userRepo = AppDataSource.getRepository(User);
let dbUser = await userRepo.findOne({ where: { superOAuthId: oauthUser.id } });
if (!dbUser) {
dbUser = userRepo.create({ superOAuthId: oauthUser.id, email: oauthUser.email, nickname: oauthUser.nickname });
} else {
dbUser.email = oauthUser.email;
dbUser.nickname = oauthUser.nickname;
}
await userRepo.save(dbUser);
}
/**
* POST /api/auth/login
* Proxy email/password vers SuperOAuth → pose le cookie httpOnly.
*/
router.post("/login", async (req: Request, res: Response): Promise<void> => {
const { email, password } = req.body as { email?: string; password?: string };
if (!email || !password) {
res.status(400).json({ success: false, error: "MISSING_CREDENTIALS" });
return;
}
const superOAuthUrl = process.env.SUPER_OAUTH_URL;
if (!superOAuthUrl) {
res.status(500).json({ success: false, error: "INTERNAL_ERROR" });
return;
}
try {
const response = await fetch(`${superOAuthUrl}/api/v1/auth/login`, {
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({ email, password }),
});
const data = await response.json() as {
success: boolean;
data?: { user: { id: string; email: string | null; nickname: string }; tokens: { accessToken: string } };
message?: string;
};
if (!response.ok || !data.data?.tokens?.accessToken) {
res.status(401).json({ success: false, error: "INVALID_CREDENTIALS" });
return;
}
await upsertUser(data.data.user);
res.cookie(COOKIE_NAME, data.data.tokens.accessToken, COOKIE_OPTIONS);
res.json({ success: true, data: { user: data.data.user } });
} catch {
res.status(500).json({ success: false, error: "AUTH_SERVICE_UNAVAILABLE" });
}
});
/**
* POST /api/auth/session
* Reçoit le token depuis le callback SuperOAuth,
@@ -50,21 +108,7 @@ router.post("/session", async (req: Request, res: Response): Promise<void> => {
return;
}
// Upsert user en DB — crée si premier login, met à jour email/nickname sinon
const oauthUser = data.data.user as { id: string; email: string | null; nickname: string };
const userRepo = AppDataSource.getRepository(User);
let dbUser = await userRepo.findOne({ where: { superOAuthId: oauthUser.id } });
if (!dbUser) {
dbUser = userRepo.create({
superOAuthId: oauthUser.id,
email: oauthUser.email,
nickname: oauthUser.nickname,
});
} else {
dbUser.email = oauthUser.email;
dbUser.nickname = oauthUser.nickname;
}
await userRepo.save(dbUser);
await upsertUser(data.data.user as { id: string; email: string | null; nickname: string });
res.cookie(COOKIE_NAME, token, COOKIE_OPTIONS);
res.json({ success: true, data: { user: data.data.user } });