Tetardtek/originsdigital
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f3e392ff1b3910b8ffe1106f8fb7b97da2a8aeff
originsdigital/backend/src/routes/auth.routes.ts
Tetardtek f3e392ff1b feat(backend): mount API routes + cookie-parser + CORS with credentials 
- index.ts: mount /api/auth, /api/videos, /api/playlists; add cookie-parser; CORS with credentials + FRONTEND_URL env
- auth.middleware: read token from Bearer header OR od_token httpOnly cookie
- routes: auth (session/logout/me), videos (level-gated), playlists (CRUD + share management)
- deps: cookie-parser + @types/cookie-parser
2026-03-14 07:10:47 +01:00

77 lines
2.1 KiB
TypeScript
Raw Blame History

import { Router, Request, Response } from "express";
import { requireAuth, AuthenticatedRequest } from "../middleware/auth.middleware";
const router = Router();
const COOKIE_NAME = "od_token";
const COOKIE_OPTIONS = {
httpOnly: true,
secure: process.env.NODE_ENV === "production",
sameSite: "strict" as const,
maxAge: 15 * 60 * 1000, // 15 min — durée de vie du token SuperOAuth
};
/**
* POST /api/auth/session
* Reçoit le token depuis le callback SuperOAuth,
* le valide, puis le pose en httpOnly cookie.
*/
router.post("/session", async (req: Request, res: Response): Promise<void> => {
const { token } = req.body as { token?: string };
if (!token) {
res.status(400).json({ success: false, error: "MISSING_TOKEN" });
return;
}
const superOAuthUrl = process.env.SUPER_OAUTH_URL;
if (!superOAuthUrl) {
res.status(500).json({ success: false, error: "INTERNAL_ERROR" });
return;
}
try {
const response = await fetch(`${superOAuthUrl}/api/auth/token/validate`, {
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({ token }),
});
const data = await response.json() as {
success: boolean;
data?: { valid: boolean; user?: object };
error?: string;
};
if (!response.ok || !data.data?.valid) {
res.status(401).json({ success: false, error: "INVALID_TOKEN" });
return;
}
res.cookie(COOKIE_NAME, token, COOKIE_OPTIONS);
res.json({ success: true, data: { user: data.data.user } });
} catch {
res.status(500).json({ success: false, error: "AUTH_SERVICE_UNAVAILABLE" });
}
});
/**
* POST /api/auth/logout
* Supprime le cookie de session.
*/
router.post("/logout", (_req: Request, res: Response): void => {
res.clearCookie(COOKIE_NAME);
res.json({ success: true });
});
/**
* GET /api/auth/me
* Retourne l'utilisateur courant (cookie ou Bearer).
*/
router.get("/me", requireAuth, (req: Request, res: Response): void => {
const { user } = req as AuthenticatedRequest;
res.json({ success: true, data: { user } });
});
export default router;
Reference in New Issue View Git Blame Copy Permalink