Files
poshmanager/server/routes/authRoutes.js
2026-06-25 12:05:53 -05:00

19 lines
877 B
JavaScript

import { Router } from 'express';
import { entraCallback, entraLogin, login, me, password, profile, theme } from '../controllers/authController.js';
import { requireAuth } from '../middleware/auth.js';
import { rateLimit } from '../middleware/rateLimit.js';
export const authRoutes = Router();
// Throttle credential-guessing against the public login endpoint.
const loginLimiter = rateLimit({ windowMs: 60_000, max: 10, keyPrefix: 'login' });
// Session/profile endpoints. Local login is public; profile mutations require a valid JWT.
authRoutes.post('/login', loginLimiter, login);
authRoutes.get('/entra/login', entraLogin);
authRoutes.get('/entra/callback', entraCallback);
authRoutes.get('/me', requireAuth, me);
authRoutes.put('/profile', requireAuth, profile);
authRoutes.put('/theme', requireAuth, theme);
authRoutes.post('/change-password', requireAuth, password);