Initial commit

2025-12-01 14:49:17 +00:00
commit 3480888eaa
92 changed files with 16631 additions and 0 deletions
--- a/app/api/auth/login/route.ts
+++ b/app/api/auth/login/route.ts
@@ -0,0 +1,62 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { generateAccessToken, generateRefreshToken, validateAdminCredentials } from '@/lib/auth/utils';
+
+export async function POST(request: NextRequest) {
+  try {
+    const body = await request.json();
+    const { username, password } = body;
+
+    if (!username || !password) {
+      return NextResponse.json(
+        { error: 'Username and password are required' },
+        { status: 400 }
+      );
+    }
+
+    // Validate credentials
+    if (!validateAdminCredentials(username, password)) {
+      return NextResponse.json(
+        { error: 'Invalid credentials' },
+        { status: 401 }
+      );
+    }
+
+    // Generate tokens
+    const accessToken = generateAccessToken(username);
+    const refreshToken = generateRefreshToken(username);
+
+    // Create response
+    const response = NextResponse.json({
+      success: true,
+      user: { username },
+      accessToken,
+      refreshToken,
+    });
+
+    // Set cookies
+    const cookieOptions = {
+      httpOnly: true,
+      secure: process.env.NODE_ENV === 'production',
+      sameSite: 'lax' as const,
+      path: '/',
+    };
+
+    response.cookies.set('access_token', accessToken, {
+      ...cookieOptions,
+      maxAge: 72 * 60 * 60, // 72 hours
+    });
+
+    response.cookies.set('refresh_token', refreshToken, {
+      ...cookieOptions,
+      maxAge: 30 * 24 * 60 * 60, // 30 days
+    });
+
+    return response;
+  } catch (error) {
+    console.error('Login error:', error);
+    return NextResponse.json(
+      { error: 'Login failed' },
+      { status: 500 }
+    );
+  }
+}
--- a/app/api/auth/logout/route.ts
+++ b/app/api/auth/logout/route.ts
@@ -0,0 +1,13 @@
+import { NextRequest, NextResponse } from 'next/server';
+
+export async function POST(request: NextRequest) {
+  const response = NextResponse.json({
+    success: true,
+    message: 'Logged out successfully'
+  });
+
+  response.cookies.delete('access_token');
+  response.cookies.delete('refresh_token');
+
+  return response;
+}
--- a/app/api/auth/me/route.ts
+++ b/app/api/auth/me/route.ts
@@ -0,0 +1,34 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { verifyAccessToken } from '@/lib/auth/utils';
+
+export async function GET(request: NextRequest) {
+  try {
+    const token = request.cookies.get('access_token')?.value;
+
+    if (!token) {
+      return NextResponse.json(
+        { error: 'Not authenticated' },
+        { status: 401 }
+      );
+    }
+
+    const payload = verifyAccessToken(token);
+    if (!payload) {
+      return NextResponse.json(
+        { error: 'Invalid or expired token' },
+        { status: 401 }
+      );
+    }
+
+    return NextResponse.json({
+      success: true,
+      user: { username: payload.username },
+    });
+  } catch (error) {
+    console.error('Auth error:', error);
+    return NextResponse.json(
+      { error: 'Authentication failed' },
+      { status: 500 }
+    );
+  }
+}
--- a/app/api/auth/refresh/route.ts
+++ b/app/api/auth/refresh/route.ts
@@ -0,0 +1,75 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { generateAccessToken, generateRefreshToken, verifyRefreshToken } from '@/lib/auth/utils';
+
+export async function POST(request: NextRequest) {
+  try {
+    // Get refresh token from cookie or body
+    let refreshToken: string | undefined;
+
+    const cookieToken = request.cookies.get('refresh_token')?.value;
+    if (cookieToken) {
+      refreshToken = cookieToken;
+    } else {
+      try {
+        const body = await request.json();
+        refreshToken = body.refreshToken;
+      } catch {
+        // No body or invalid JSON, continue without it
+        refreshToken = undefined;
+      }
+    }
+
+    if (!refreshToken) {
+      return NextResponse.json(
+        { error: 'No refresh token provided' },
+        { status: 401 }
+      );
+    }
+
+    // Verify refresh token
+    const payload = verifyRefreshToken(refreshToken);
+    if (!payload) {
+      return NextResponse.json(
+        { error: 'Invalid or expired refresh token' },
+        { status: 401 }
+      );
+    }
+
+    // Generate new tokens
+    const newAccessToken = generateAccessToken(payload.username);
+    const newRefreshToken = generateRefreshToken(payload.username);
+
+    // Create response
+    const response = NextResponse.json({
+      success: true,
+      accessToken: newAccessToken,
+      refreshToken: newRefreshToken,
+    });
+
+    // Set new cookies
+    const cookieOptions = {
+      httpOnly: true,
+      secure: process.env.NODE_ENV === 'production',
+      sameSite: 'lax' as const,
+      path: '/',
+    };
+
+    response.cookies.set('access_token', newAccessToken, {
+      ...cookieOptions,
+      maxAge: 72 * 60 * 60, // 72 hours
+    });
+
+    response.cookies.set('refresh_token', newRefreshToken, {
+      ...cookieOptions,
+      maxAge: 30 * 24 * 60 * 60, // 30 days
+    });
+
+    return response;
+  } catch (error) {
+    console.error('Refresh error:', error);
+    return NextResponse.json(
+      { error: 'Token refresh failed' },
+      { status: 500 }
+    );
+  }
+}