feat(backend): mount API routes + cookie-parser + CORS with credentials

- index.ts: mount /api/auth, /api/videos, /api/playlists; add cookie-parser; CORS with credentials + FRONTEND_URL env - auth.middleware: read token from Bearer header OR od_token httpOnly cookie - routes: auth (session/logout/me), videos (level-gated), playlists (CRUD + share management) - deps: cookie-parser + @types/cookie-parser
2026-03-14 07:10:47 +01:00
parent 71d90eb133
commit f3e392ff1b
7 changed files with 401 additions and 8 deletions
--- a/backend/src/middleware/auth.middleware.ts
+++ b/backend/src/middleware/auth.middleware.ts
@@ -29,7 +29,9 @@ export const requireAuth = async (
  res: Response,
  next: NextFunction
 ): Promise<void> => {
-  const token = req.headers.authorization?.split(" ")[1];
+  const token =
+    req.headers.authorization?.split(" ")[1] ??
+    (req.cookies as Record<string, string>)?.od_token;

  if (!token) {
    res.status(401).json({ success: false, error: "UNAUTHORIZED", message: "Access token required" });