This commit is contained in:
2026-06-25 12:05:53 -05:00
commit b58e50e423
141 changed files with 28190 additions and 0 deletions

57
server/auth.js Normal file
View File

@@ -0,0 +1,57 @@
import bcrypt from 'bcryptjs';
import jwt from 'jsonwebtoken';
import { db } from './db.js';
import { config } from './config.js';
export function signUser(user) {
return jwt.sign(
{ sub: user.id, email: user.email, role: user.role },
config.jwtSecret,
{ expiresIn: '12h' }
);
}
export function publicUser(row) {
if (!row) return null;
return {
id: row.id,
email: row.email,
displayName: row.display_name,
authProvider: row.auth_provider,
role: row.role,
theme: row.theme || 'dashtreme',
jobTitle: row.job_title || '',
phone: row.phone || '',
timezone: row.timezone || '',
avatarUrl: row.avatar_url || '',
updatedAt: row.updated_at || '',
createdAt: row.created_at
};
}
export function requireAuth(req, res, next) {
const header = req.get('authorization') || '';
const token = header.startsWith('Bearer ') ? header.slice(7) : '';
if (!token) return res.status(401).json({ error: 'Authentication required' });
try {
const payload = jwt.verify(token, config.jwtSecret);
const user = db.prepare('SELECT * FROM users WHERE id = ?').get(payload.sub);
if (!user) return res.status(401).json({ error: 'Invalid session' });
req.user = publicUser(user);
next();
} catch {
res.status(401).json({ error: 'Invalid session' });
}
}
export function requireAdmin(req, res, next) {
if (req.user?.role !== 'admin') return res.status(403).json({ error: 'Admin role required' });
next();
}
export function authenticateLocal(email, password) {
const user = db.prepare('SELECT * FROM users WHERE email = ? AND auth_provider = ?').get(email.toLowerCase(), 'local');
if (!user?.password_hash) return null;
if (!bcrypt.compareSync(password, user.password_hash)) return null;
return user;
}