19 lines
877 B
JavaScript
19 lines
877 B
JavaScript
import { Router } from 'express';
|
|
import { entraCallback, entraLogin, login, me, password, profile, theme } from '../controllers/authController.js';
|
|
import { requireAuth } from '../middleware/auth.js';
|
|
import { rateLimit } from '../middleware/rateLimit.js';
|
|
|
|
export const authRoutes = Router();
|
|
|
|
// Throttle credential-guessing against the public login endpoint.
|
|
const loginLimiter = rateLimit({ windowMs: 60_000, max: 10, keyPrefix: 'login' });
|
|
|
|
// Session/profile endpoints. Local login is public; profile mutations require a valid JWT.
|
|
authRoutes.post('/login', loginLimiter, login);
|
|
authRoutes.get('/entra/login', entraLogin);
|
|
authRoutes.get('/entra/callback', entraCallback);
|
|
authRoutes.get('/me', requireAuth, me);
|
|
authRoutes.put('/profile', requireAuth, profile);
|
|
authRoutes.put('/theme', requireAuth, theme);
|
|
authRoutes.post('/change-password', requireAuth, password);
|