Initial
This commit is contained in:
18
server/routes/authRoutes.js
Normal file
18
server/routes/authRoutes.js
Normal file
@@ -0,0 +1,18 @@
|
||||
import { Router } from 'express';
|
||||
import { entraCallback, entraLogin, login, me, password, profile, theme } from '../controllers/authController.js';
|
||||
import { requireAuth } from '../middleware/auth.js';
|
||||
import { rateLimit } from '../middleware/rateLimit.js';
|
||||
|
||||
export const authRoutes = Router();
|
||||
|
||||
// Throttle credential-guessing against the public login endpoint.
|
||||
const loginLimiter = rateLimit({ windowMs: 60_000, max: 10, keyPrefix: 'login' });
|
||||
|
||||
// Session/profile endpoints. Local login is public; profile mutations require a valid JWT.
|
||||
authRoutes.post('/login', loginLimiter, login);
|
||||
authRoutes.get('/entra/login', entraLogin);
|
||||
authRoutes.get('/entra/callback', entraCallback);
|
||||
authRoutes.get('/me', requireAuth, me);
|
||||
authRoutes.put('/profile', requireAuth, profile);
|
||||
authRoutes.put('/theme', requireAuth, theme);
|
||||
authRoutes.post('/change-password', requireAuth, password);
|
||||
Reference in New Issue
Block a user