feat: V2 with TypeScript

server/src/controllers/auth/login-with-token.ts

@@ -0,0 +1,32 @@
+import { type RequestHandler } from 'express'
+import jwt from '../../utils/jwt'
+import Account from '../../models/Account'
+
+const loginWithToken: RequestHandler = async (req, res, next) => {
+  try {
+    const { uid } = req.auth || {}
+
+    // Get account from DB, password is not verified because we're already token-authorized at this point
+    const account = await Account.findOne({ _id: uid }).select('-password')
+
+    if (!account) {
+      return next({
+        statusCode: 400,
+        message: 'Bad credentials',
+      })
+    }
+
+    // Generate access token
+    const token = jwt.signToken({ uid: account._id, role: account.role })
+
+    res.status(200).json({
+      message: 'Succesfully got account',
+      data: account,
+      token,
+    })
+  } catch (error) {
+    next(error)
+  }
+}
+
+export default loginWithToken

server/src/controllers/auth/login.ts

@@ -0,0 +1,59 @@
+import { type RequestHandler } from 'express'
+import joi from '../../utils/joi'
+import jwt from '../../utils/jwt'
+import crypt from '../../utils/crypt'
+import Account from '../../models/Account'
+
+const login: RequestHandler = async (req, res, next) => {
+  try {
+    const validationError = await joi.validate(
+      {
+        username: joi.instance.string().required(),
+        password: joi.instance.string().required(),
+      },
+      req.body
+    )
+
+    if (validationError) {
+      return next(validationError)
+    }
+
+    const { username, password } = req.body
+
+    // Get account from DB, and verify existance
+    const account = await Account.findOne({ username })
+
+    if (!account) {
+      return next({
+        statusCode: 400,
+        message: 'Bad credentials',
+      })
+    }
+
+    // Verify password hash
+    const passOk = crypt.validate(password, account.password)
+
+    if (!passOk) {
+      return next({
+        statusCode: 400,
+        message: 'Bad credentials',
+      })
+    }
+
+    // Generate access token
+    const token = jwt.signToken({ uid: account._id, role: account.role })
+
+    // Remove password from response data
+    const { password: _, ...accountData } = account.toObject()
+
+    res.status(200).json({
+      message: 'Succesfully logged-in',
+      data: accountData,
+      token,
+    })
+  } catch (error) {
+    next(error)
+  }
+}
+
+export default login

server/src/controllers/auth/register.ts

@@ -0,0 +1,56 @@
+import { type RequestHandler } from 'express'
+import joi from '../../utils/joi'
+import jwt from '../../utils/jwt'
+import crypt from '../../utils/crypt'
+import Account from '../../models/Account'
+
+const register: RequestHandler = async (req, res, next) => {
+  try {
+    const validationError = await joi.validate(
+      {
+        username: joi.instance.string().required(),
+        password: joi.instance.string().required(),
+      },
+      req.body
+    )
+
+    if (validationError) {
+      return next(validationError)
+    }
+
+    const { username, password } = req.body
+
+    // Verify account username as unique
+    const found = await Account.findOne({ username })
+
+    if (found) {
+      return next({
+        statusCode: 400,
+        message: 'An account already exists with that "username"',
+      })
+    }
+
+    // Encrypt password
+    const hash = crypt.hash(password)
+
+    // Create account
+    const account = new Account({ username, password: hash })
+    await account.save()
+
+    // Generate access token
+    const token = jwt.signToken({ uid: account._id, role: account.role })
+
+    // Exclude password from response
+    const { password: _, ...data } = account.toObject()
+
+    res.status(201).json({
+      message: 'Succesfully registered',
+      data,
+      token,
+    })
+  } catch (error) {
+    next(error)
+  }
+}
+
+export default register