import { Router, Request, Response } from "express"; import { requireAuth, AuthenticatedRequest } from "../middleware/auth.middleware"; const router = Router(); const COOKIE_NAME = "od_token"; const COOKIE_OPTIONS = { httpOnly: true, secure: process.env.NODE_ENV === "production", sameSite: "strict" as const, maxAge: 15 * 60 * 1000, // 15 min — durée de vie du token SuperOAuth }; /** * POST /api/auth/session * Reçoit le token depuis le callback SuperOAuth, * le valide, puis le pose en httpOnly cookie. */ router.post("/session", async (req: Request, res: Response): Promise => { const { token } = req.body as { token?: string }; if (!token) { res.status(400).json({ success: false, error: "MISSING_TOKEN" }); return; } const superOAuthUrl = process.env.SUPER_OAUTH_URL; if (!superOAuthUrl) { res.status(500).json({ success: false, error: "INTERNAL_ERROR" }); return; } try { const response = await fetch(`${superOAuthUrl}/api/auth/token/validate`, { method: "POST", headers: { "Content-Type": "application/json" }, body: JSON.stringify({ token }), }); const data = await response.json() as { success: boolean; data?: { valid: boolean; user?: object }; error?: string; }; if (!response.ok || !data.data?.valid) { res.status(401).json({ success: false, error: "INVALID_TOKEN" }); return; } res.cookie(COOKIE_NAME, token, COOKIE_OPTIONS); res.json({ success: true, data: { user: data.data.user } }); } catch { res.status(500).json({ success: false, error: "AUTH_SERVICE_UNAVAILABLE" }); } }); /** * POST /api/auth/logout * Supprime le cookie de session. */ router.post("/logout", (_req: Request, res: Response): void => { res.clearCookie(COOKIE_NAME); res.json({ success: true }); }); /** * GET /api/auth/me * Retourne l'utilisateur courant (cookie ou Bearer). */ router.get("/me", requireAuth, (req: Request, res: Response): void => { const { user } = req as AuthenticatedRequest; res.json({ success: true, data: { user } }); }); export default router;