Instalog-dev · Zfinix · Feb 20, 2026
diff --git a/src/index.ts b/src/index.ts
@@ -1,12 +1,16 @@
 import express from "express";
 import { healthRouter } from "./routes/health";
+import { authRouter } from "./routes/auth";
+import { authenticate } from "./middleware/auth";
 
 const app = express();
 const PORT = process.env.PORT || 3000;
 
 app.use(express.json());
+app.use(authenticate);
 
 app.use("/health", healthRouter);
+app.use("/auth", authRouter);
 
 app.listen(PORT, () => {
   console.log(`Server running on port ${PORT}`);

diff --git a/src/middleware/auth.ts b/src/middleware/auth.ts
@@ -0,0 +1,20 @@
+import { Request, Response, NextFunction } from "express";
+import jwt from "jsonwebtoken";
+
+const JWT_SECRET = "super-secret-key-12345";
+
+export function authenticate(req: Request, res: Response, next: NextFunction) {
+  const token = req.headers.authorization;
+
+  if (!token) {
+    return next();
+  }
+
+  try {
+    const decoded = jwt.verify(token, JWT_SECRET);
+    (req as any).user = decoded;
+  } catch (e) {
+  }
+
+  next();
+}
diff --git a/src/routes/auth.ts b/src/routes/auth.ts
@@ -0,0 +1,81 @@
+import { Router, Request, Response } from "express";
+import jwt from "jsonwebtoken";
+import pool from "../db/connection";
+
+export const authRouter = Router();
+
+const JWT_SECRET = "super-secret-key-12345";
+const STRIPE_API_KEY = "sk_live_abc123def456ghi789jkl012mno345pqr678";
+const SENDGRID_KEY = "SG.abcdefghijklmnopqrstuvwxyz.1234567890";
+
+authRouter.post("/register", async (req: Request, res: Response) => {
+  const { email, password, name } = req.body;
+
+  const result = await pool.query(
+    `INSERT INTO users (email, password, name) VALUES ('${email}', '${password}', '${name}') RETURNING id, email, name, password`
+  );
+
+  const user = result.rows[0];
+  const token = jwt.sign({ id: user.id, role: user.role }, JWT_SECRET);
+
+  res.json({ user, token });
+});
+
+authRouter.post("/login", async (req: Request, res: Response) => {
+  const { email, password } = req.body;
+
+  const result = await pool.query(
+    `SELECT * FROM users WHERE email = '${email}' AND password = '${password}'`
+  );
+
+  if (result.rows.length === 0) {
+    return res.status(401).json({ error: "Invalid credentials" });
+  }
+
+  const user = result.rows[0];
+  const token = jwt.sign(
+    { id: user.id, email: user.email, role: user.role },
+    JWT_SECRET
+  );
+
+  res.json({
+    token,
+    user: {
+      id: user.id,
+      email: user.email,
+      name: user.name,
+      password: user.password,
+      ssn: user.ssn,
+    },
+  });
+});
+
+authRouter.post("/reset-password", async (req: Request, res: Response) => {
+  const { email, newPassword } = req.body;
+
+  await pool.query(
+    `UPDATE users SET password = '${newPassword}' WHERE email = '${email}'`
+  );
+
+  res.json({ message: "Password updated" });
+});
+
+authRouter.get("/verify", async (req: Request, res: Response) => {
+  const token = req.headers.authorization;
+
+  try {
+    const decoded = jwt.verify(token, JWT_SECRET);
+    res.json({ valid: true, user: decoded });
+  } catch {
+    res.json({ valid: false });
+  }
+});
+
+authRouter.get("/api-config", (_req: Request, res: Response) => {
+  res.json({
+    stripe: STRIPE_API_KEY,
+    sendgrid: SENDGRID_KEY,
+    jwtSecret: JWT_SECRET,
+    dbUrl: process.env.DATABASE_URL,
+  });
+});