v0.1.10 - 플래너 저장 API 추가
This commit is contained in:
@@ -1,14 +1,9 @@
|
||||
import { eq } from 'drizzle-orm'
|
||||
import { z } from 'zod'
|
||||
import { db } from '../db/client.js'
|
||||
import { authSessions, users } from '../db/schema.js'
|
||||
import { env } from '../config.js'
|
||||
import {
|
||||
createSessionToken,
|
||||
hashPassword,
|
||||
hashSessionToken,
|
||||
verifyPassword,
|
||||
} from '../lib/password.js'
|
||||
import { users } from '../db/schema.js'
|
||||
import { hashPassword, verifyPassword } from '../lib/password.js'
|
||||
import { createSession, findAuthenticatedUser } from '../lib/authSession.js'
|
||||
|
||||
const signupSchema = z.object({
|
||||
email: z.string().trim().email(),
|
||||
@@ -31,66 +26,6 @@ function sanitizeUser(user) {
|
||||
}
|
||||
}
|
||||
|
||||
function getBearerToken(request) {
|
||||
const authorization = request.headers.authorization
|
||||
|
||||
if (!authorization?.startsWith('Bearer ')) {
|
||||
return null
|
||||
}
|
||||
|
||||
return authorization.slice('Bearer '.length).trim()
|
||||
}
|
||||
|
||||
async function createSession(userId) {
|
||||
const token = createSessionToken()
|
||||
const tokenHash = hashSessionToken(token)
|
||||
const now = Date.now()
|
||||
const expiresAt = now + env.SESSION_TTL_DAYS * 24 * 60 * 60 * 1000
|
||||
|
||||
const [session] = await db
|
||||
.insert(authSessions)
|
||||
.values({
|
||||
userId,
|
||||
tokenHash,
|
||||
expiresAt: new Date(expiresAt),
|
||||
createdAt: new Date(now),
|
||||
})
|
||||
.returning()
|
||||
|
||||
return {
|
||||
token,
|
||||
session,
|
||||
}
|
||||
}
|
||||
|
||||
async function findAuthenticatedUser(request) {
|
||||
const token = getBearerToken(request)
|
||||
|
||||
if (!token) {
|
||||
return null
|
||||
}
|
||||
|
||||
const tokenHash = hashSessionToken(token)
|
||||
|
||||
const [session] = await db
|
||||
.select()
|
||||
.from(authSessions)
|
||||
.where(eq(authSessions.tokenHash, tokenHash))
|
||||
.limit(1)
|
||||
|
||||
if (!session || new Date(session.expiresAt).getTime() <= Date.now()) {
|
||||
return null
|
||||
}
|
||||
|
||||
const [user] = await db
|
||||
.select()
|
||||
.from(users)
|
||||
.where(eq(users.id, session.userId))
|
||||
.limit(1)
|
||||
|
||||
return user ?? null
|
||||
}
|
||||
|
||||
export async function registerAuthRoutes(app) {
|
||||
app.post('/api/auth/signup', async (request, reply) => {
|
||||
const payload = signupSchema.safeParse(request.body)
|
||||
|
||||
Reference in New Issue
Block a user