feat: token refresh, video upload, playlist routes complets
- auth: cookie od_token 7j, refresh token od_refresh 30j, POST /api/auth/refresh, GET /api/auth/me/optional - admin: POST /api/admin/videos/upload via multer (mp4/webm, 4Go max, UUID filename) - playlist: PATCH /:id, DELETE /:id, POST /:id/videos, DELETE /:id/videos/:videoId - env: UPLOADS_DIR documenté dans .env.example
This commit is contained in:
@@ -6,11 +6,20 @@ import { requireAuth, AuthenticatedRequest } from "../middleware/auth.middleware
|
||||
const router = Router();
|
||||
|
||||
const COOKIE_NAME = "od_token";
|
||||
const REFRESH_COOKIE_NAME = "od_refresh";
|
||||
|
||||
const COOKIE_OPTIONS = {
|
||||
httpOnly: true,
|
||||
secure: process.env.NODE_ENV === "production",
|
||||
sameSite: "strict" as const,
|
||||
maxAge: 15 * 60 * 1000,
|
||||
maxAge: 7 * 24 * 60 * 60 * 1000, // 7 jours
|
||||
};
|
||||
|
||||
const REFRESH_COOKIE_OPTIONS = {
|
||||
httpOnly: true,
|
||||
secure: process.env.NODE_ENV === "production",
|
||||
sameSite: "strict" as const,
|
||||
maxAge: 30 * 24 * 60 * 60 * 1000, // 30 jours
|
||||
};
|
||||
|
||||
/** Upsert user en DB depuis un profil SuperOAuth */
|
||||
@@ -53,7 +62,7 @@ router.post("/login", async (req: Request, res: Response): Promise<void> => {
|
||||
|
||||
const data = await response.json() as {
|
||||
success: boolean;
|
||||
data?: { user: { id: string; email: string | null; nickname: string }; tokens: { accessToken: string } };
|
||||
data?: { user: { id: string; email: string | null; nickname: string }; tokens: { accessToken: string; refreshToken?: string } };
|
||||
message?: string;
|
||||
};
|
||||
|
||||
@@ -65,6 +74,9 @@ router.post("/login", async (req: Request, res: Response): Promise<void> => {
|
||||
await upsertUser(data.data.user);
|
||||
|
||||
res.cookie(COOKIE_NAME, data.data.tokens.accessToken, COOKIE_OPTIONS);
|
||||
if (data.data.tokens.refreshToken) {
|
||||
res.cookie(REFRESH_COOKIE_NAME, data.data.tokens.refreshToken, REFRESH_COOKIE_OPTIONS);
|
||||
}
|
||||
res.json({ success: true, data: { user: data.data.user } });
|
||||
} catch {
|
||||
res.status(500).json({ success: false, error: "AUTH_SERVICE_UNAVAILABLE" });
|
||||
@@ -117,12 +129,61 @@ router.post("/session", async (req: Request, res: Response): Promise<void> => {
|
||||
}
|
||||
});
|
||||
|
||||
/**
|
||||
* POST /api/auth/refresh
|
||||
* Échange le refresh token contre un nouvel access token via SuperOAuth.
|
||||
*/
|
||||
router.post("/refresh", async (req: Request, res: Response): Promise<void> => {
|
||||
const refreshToken = (req.cookies as Record<string, string>)?.[REFRESH_COOKIE_NAME];
|
||||
|
||||
if (!refreshToken) {
|
||||
res.status(401).json({ success: false, error: "NO_REFRESH_TOKEN" });
|
||||
return;
|
||||
}
|
||||
|
||||
const superOAuthUrl = process.env.SUPER_OAUTH_URL;
|
||||
if (!superOAuthUrl) {
|
||||
res.status(500).json({ success: false, error: "INTERNAL_ERROR" });
|
||||
return;
|
||||
}
|
||||
|
||||
try {
|
||||
const response = await fetch(`${superOAuthUrl}/api/v1/auth/token/refresh`, {
|
||||
method: "POST",
|
||||
headers: { "Content-Type": "application/json" },
|
||||
body: JSON.stringify({ refreshToken }),
|
||||
});
|
||||
|
||||
const data = await response.json() as {
|
||||
success: boolean;
|
||||
data?: { tokens: { accessToken: string; refreshToken?: string }; user?: { id: string; email: string | null; nickname: string } };
|
||||
error?: string;
|
||||
};
|
||||
|
||||
if (!response.ok || !data.data?.tokens?.accessToken) {
|
||||
res.clearCookie(COOKIE_NAME);
|
||||
res.clearCookie(REFRESH_COOKIE_NAME);
|
||||
res.status(401).json({ success: false, error: "REFRESH_FAILED" });
|
||||
return;
|
||||
}
|
||||
|
||||
res.cookie(COOKIE_NAME, data.data.tokens.accessToken, COOKIE_OPTIONS);
|
||||
if (data.data.tokens.refreshToken) {
|
||||
res.cookie(REFRESH_COOKIE_NAME, data.data.tokens.refreshToken, REFRESH_COOKIE_OPTIONS);
|
||||
}
|
||||
res.json({ success: true, data: { user: data.data.user ?? null } });
|
||||
} catch {
|
||||
res.status(500).json({ success: false, error: "AUTH_SERVICE_UNAVAILABLE" });
|
||||
}
|
||||
});
|
||||
|
||||
/**
|
||||
* POST /api/auth/logout
|
||||
* Supprime le cookie de session.
|
||||
*/
|
||||
router.post("/logout", (_req: Request, res: Response): void => {
|
||||
res.clearCookie(COOKIE_NAME);
|
||||
res.clearCookie(REFRESH_COOKIE_NAME);
|
||||
res.json({ success: true });
|
||||
});
|
||||
|
||||
@@ -135,4 +196,47 @@ router.get("/me", requireAuth, (req: Request, res: Response): void => {
|
||||
res.json({ success: true, data: { user } });
|
||||
});
|
||||
|
||||
/**
|
||||
* GET /api/auth/me/optional
|
||||
* Retourne l'utilisateur courant ou null si non authentifié (pas de 401).
|
||||
*/
|
||||
router.get("/me/optional", async (req: Request, res: Response): Promise<void> => {
|
||||
const token =
|
||||
req.headers.authorization?.split(" ")[1] ??
|
||||
(req.cookies as Record<string, string>)?.od_token;
|
||||
|
||||
if (!token) {
|
||||
res.json({ success: true, data: { user: null } });
|
||||
return;
|
||||
}
|
||||
|
||||
const superOAuthUrl = process.env.SUPER_OAUTH_URL;
|
||||
if (!superOAuthUrl) {
|
||||
res.json({ success: true, data: { user: null } });
|
||||
return;
|
||||
}
|
||||
|
||||
try {
|
||||
const response = await fetch(`${superOAuthUrl}/api/v1/auth/token/validate`, {
|
||||
method: "POST",
|
||||
headers: { "Content-Type": "application/json" },
|
||||
body: JSON.stringify({ token }),
|
||||
});
|
||||
|
||||
const data = await response.json() as {
|
||||
success: boolean;
|
||||
data?: { valid: boolean; user?: object };
|
||||
};
|
||||
|
||||
if (!response.ok || !data.data?.valid || !data.data.user) {
|
||||
res.json({ success: true, data: { user: null } });
|
||||
return;
|
||||
}
|
||||
|
||||
res.json({ success: true, data: { user: data.data.user } });
|
||||
} catch {
|
||||
res.json({ success: true, data: { user: null } });
|
||||
}
|
||||
});
|
||||
|
||||
export default router;
|
||||
|
||||
Reference in New Issue
Block a user