feat: implement JWT authentication system
Add complete authentication infrastructure including: - Password hashing utilities with bcrypt - JWT token generation and verification - Auth service with register, login, refresh, and logout - Auth controller with Zod validation - Auth middleware for route protection - Auth routes mounted at /api/auth Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Consultoria AS
80
apps/api/src/controllers/auth.controller.ts
Normal file
80
apps/api/src/controllers/auth.controller.ts
Normal file
@@ -0,0 +1,80 @@
|
||||
import type { Request, Response, NextFunction } from 'express';
|
||||
import { z } from 'zod';
|
||||
import * as authService from '../services/auth.service.js';
|
||||
import { AppError } from '../middlewares/error.middleware.js';
|
||||
|
||||
const registerSchema = z.object({
|
||||
empresa: z.object({
|
||||
nombre: z.string().min(2, 'Nombre de empresa requerido'),
|
||||
rfc: z.string().min(12).max(13, 'RFC inválido'),
|
||||
}),
|
||||
usuario: z.object({
|
||||
nombre: z.string().min(2, 'Nombre requerido'),
|
||||
email: z.string().email('Email inválido'),
|
||||
password: z.string().min(8, 'La contraseña debe tener al menos 8 caracteres'),
|
||||
}),
|
||||
});
|
||||
|
||||
const loginSchema = z.object({
|
||||
email: z.string().email('Email inválido'),
|
||||
password: z.string().min(1, 'Contraseña requerida'),
|
||||
});
|
||||
|
||||
export async function register(req: Request, res: Response, next: NextFunction) {
|
||||
try {
|
||||
const data = registerSchema.parse(req.body);
|
||||
const result = await authService.register(data);
|
||||
res.status(201).json(result);
|
||||
} catch (error) {
|
||||
if (error instanceof z.ZodError) {
|
||||
return next(new AppError(400, error.errors[0].message));
|
||||
}
|
||||
next(error);
|
||||
}
|
||||
}
|
||||
|
||||
export async function login(req: Request, res: Response, next: NextFunction) {
|
||||
try {
|
||||
const data = loginSchema.parse(req.body);
|
||||
const result = await authService.login(data);
|
||||
res.json(result);
|
||||
} catch (error) {
|
||||
if (error instanceof z.ZodError) {
|
||||
return next(new AppError(400, error.errors[0].message));
|
||||
}
|
||||
next(error);
|
||||
}
|
||||
}
|
||||
|
||||
export async function refresh(req: Request, res: Response, next: NextFunction) {
|
||||
try {
|
||||
const { refreshToken } = req.body;
|
||||
if (!refreshToken) {
|
||||
throw new AppError(400, 'Refresh token requerido');
|
||||
}
|
||||
const tokens = await authService.refreshTokens(refreshToken);
|
||||
res.json(tokens);
|
||||
} catch (error) {
|
||||
next(error);
|
||||
}
|
||||
}
|
||||
|
||||
export async function logout(req: Request, res: Response, next: NextFunction) {
|
||||
try {
|
||||
const { refreshToken } = req.body;
|
||||
if (refreshToken) {
|
||||
await authService.logout(refreshToken);
|
||||
}
|
||||
res.json({ message: 'Sesión cerrada exitosamente' });
|
||||
} catch (error) {
|
||||
next(error);
|
||||
}
|
||||
}
|
||||
|
||||
export async function me(req: Request, res: Response, next: NextFunction) {
|
||||
try {
|
||||
res.json({ user: req.user });
|
||||
} catch (error) {
|
||||
next(error);
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user