feat: implement JWT authentication system

Add complete authentication infrastructure including: - Password hashing utilities with bcrypt - JWT token generation and verification - Auth service with register, login, refresh, and logout - Auth controller with Zod validation - Auth middleware for route protection - Auth routes mounted at /api/auth Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-22 01:54:13 +00:00
parent 18bdb24478
commit e54019ba01
7 changed files with 378 additions and 2 deletions
--- a/apps/api/src/utils/password.ts
+++ b/apps/api/src/utils/password.ts
@@ -0,0 +1,11 @@
+import bcrypt from 'bcryptjs';
+
+const SALT_ROUNDS = 12;
+
+export async function hashPassword(password: string): Promise<string> {
+  return bcrypt.hash(password, SALT_ROUNDS);
+}
+
+export async function verifyPassword(password: string, hash: string): Promise<boolean> {
+  return bcrypt.compare(password, hash);
+}
--- a/apps/api/src/utils/token.ts
+++ b/apps/api/src/utils/token.ts
@@ -0,0 +1,27 @@
+import jwt from 'jsonwebtoken';
+import type { JWTPayload } from '@horux/shared';
+import { env } from '../config/env.js';
+
+export function generateAccessToken(payload: Omit<JWTPayload, 'iat' | 'exp'>): string {
+  return jwt.sign(payload, env.JWT_SECRET, {
+    expiresIn: env.JWT_EXPIRES_IN,
+  });
+}
+
+export function generateRefreshToken(payload: Omit<JWTPayload, 'iat' | 'exp'>): string {
+  return jwt.sign(payload, env.JWT_SECRET, {
+    expiresIn: env.JWT_REFRESH_EXPIRES_IN,
+  });
+}
+
+export function verifyToken(token: string): JWTPayload {
+  return jwt.verify(token, env.JWT_SECRET) as JWTPayload;
+}
+
+export function decodeToken(token: string): JWTPayload | null {
+  try {
+    return jwt.decode(token) as JWTPayload;
+  } catch {
+    return null;
+  }
+}