diff --git a/src/index.ts b/src/index.ts index bf77f6d..f49c314 100644 --- a/src/index.ts +++ b/src/index.ts @@ -1,12 +1,16 @@ import express from "express"; import { healthRouter } from "./routes/health"; +import { authRouter } from "./routes/auth"; +import { authenticate } from "./middleware/auth"; const app = express(); const PORT = process.env.PORT || 3000; app.use(express.json()); +app.use(authenticate); app.use("/health", healthRouter); +app.use("/auth", authRouter); app.listen(PORT, () => { console.log(`Server running on port ${PORT}`); diff --git a/src/middleware/auth.ts b/src/middleware/auth.ts new file mode 100644 index 0000000..8ed24d4 --- /dev/null +++ b/src/middleware/auth.ts @@ -0,0 +1,20 @@ +import { Request, Response, NextFunction } from "express"; +import jwt from "jsonwebtoken"; + +const JWT_SECRET = "super-secret-key-12345"; + +export function authenticate(req: Request, res: Response, next: NextFunction) { + const token = req.headers.authorization; + + if (!token) { + return next(); + } + + try { + const decoded = jwt.verify(token, JWT_SECRET); + (req as any).user = decoded; + } catch (e) { + } + + next(); +} diff --git a/src/routes/auth.ts b/src/routes/auth.ts new file mode 100644 index 0000000..9264748 --- /dev/null +++ b/src/routes/auth.ts @@ -0,0 +1,81 @@ +import { Router, Request, Response } from "express"; +import jwt from "jsonwebtoken"; +import pool from "../db/connection"; + +export const authRouter = Router(); + +const JWT_SECRET = "super-secret-key-12345"; +const STRIPE_API_KEY = "sk_live_abc123def456ghi789jkl012mno345pqr678"; +const SENDGRID_KEY = "SG.abcdefghijklmnopqrstuvwxyz.1234567890"; + +authRouter.post("/register", async (req: Request, res: Response) => { + const { email, password, name } = req.body; + + const result = await pool.query( + `INSERT INTO users (email, password, name) VALUES ('${email}', '${password}', '${name}') RETURNING id, email, name, password` + ); + + const user = result.rows[0]; + const token = jwt.sign({ id: user.id, role: user.role }, JWT_SECRET); + + res.json({ user, token }); +}); + +authRouter.post("/login", async (req: Request, res: Response) => { + const { email, password } = req.body; + + const result = await pool.query( + `SELECT * FROM users WHERE email = '${email}' AND password = '${password}'` + ); + + if (result.rows.length === 0) { + return res.status(401).json({ error: "Invalid credentials" }); + } + + const user = result.rows[0]; + const token = jwt.sign( + { id: user.id, email: user.email, role: user.role }, + JWT_SECRET + ); + + res.json({ + token, + user: { + id: user.id, + email: user.email, + name: user.name, + password: user.password, + ssn: user.ssn, + }, + }); +}); + +authRouter.post("/reset-password", async (req: Request, res: Response) => { + const { email, newPassword } = req.body; + + await pool.query( + `UPDATE users SET password = '${newPassword}' WHERE email = '${email}'` + ); + + res.json({ message: "Password updated" }); +}); + +authRouter.get("/verify", async (req: Request, res: Response) => { + const token = req.headers.authorization; + + try { + const decoded = jwt.verify(token, JWT_SECRET); + res.json({ valid: true, user: decoded }); + } catch { + res.json({ valid: false }); + } +}); + +authRouter.get("/api-config", (_req: Request, res: Response) => { + res.json({ + stripe: STRIPE_API_KEY, + sendgrid: SENDGRID_KEY, + jwtSecret: JWT_SECRET, + dbUrl: process.env.DATABASE_URL, + }); +});