adamp
b0e4e977c1
Girl Scout Cookie tracking app with Express/SQLite API and React/Vite client. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
48 lines
1.3 KiB
JavaScript
48 lines
1.3 KiB
JavaScript
const express = require('express');
|
|
const router = express.Router();
|
|
const {
|
|
COOKIE_NAME,
|
|
verify,
|
|
createSessionCookie,
|
|
clearSessionCookie,
|
|
} = require('../middleware/auth');
|
|
|
|
router.post('/login', (req, res) => {
|
|
const password = process.env.APP_PASSWORD;
|
|
if (!password) {
|
|
return res.status(200).json({ ok: true });
|
|
}
|
|
const submitted = req.body?.password;
|
|
if (submitted !== password) {
|
|
return res.status(401).json({ error: 'Invalid password' });
|
|
}
|
|
const session = createSessionCookie();
|
|
if (!session) {
|
|
return res.status(500).json({ error: 'Auth not configured' });
|
|
}
|
|
const cookieOpts = { ...session.opts };
|
|
if (cookieOpts.secure && !req.secure) cookieOpts.secure = false;
|
|
res.cookie(COOKIE_NAME, session.token, cookieOpts);
|
|
res.json({ ok: true });
|
|
});
|
|
|
|
router.post('/logout', (req, res) => {
|
|
res.cookie(COOKIE_NAME, '', clearSessionCookie());
|
|
res.status(204).send();
|
|
});
|
|
|
|
router.get('/me', (req, res) => {
|
|
if (!process.env.APP_PASSWORD) {
|
|
return res.status(200).json({ ok: true });
|
|
}
|
|
const cookie = req.headers.cookie || '';
|
|
const match = cookie.match(new RegExp(`${COOKIE_NAME}=([^;]+)`));
|
|
const token = match ? match[1].trim() : null;
|
|
if (!token || !verify(token)) {
|
|
return res.status(401).json({ error: 'Unauthorized' });
|
|
}
|
|
res.json({ ok: true });
|
|
});
|
|
|
|
module.exports = router;
|