chore: initial Vector 2.0 monorepo
Ground-up TypeScript rewrite of the Vector hardware parts inventory
system. Ships the full roadmap (Phases 0-8) in one initial commit:
- pnpm + Turbo monorepo: apps/{api,web,e2e}, packages/{db,shared,ui,config}
- Express 5 + Prisma 5 + zod validation + JWT w/ refresh-token rotation
- React 19 + Vite + shadcn/ui + TanStack Query/Table + nuqs URL state
- Repair/RMA, tags, bulk ops, saved views, CSV audit export
- Analytics dashboard on Recharts + EOL tracking
- Signed webhook subscriptions (HMAC-SHA256) with in-process emitter
- Vitest unit tests (shared schemas, api services/helpers) + Playwright skeleton
- Gitea Actions CI (lint, typecheck, test+coverage, build) + Renovate
Deferred follow-ups: Postgres cutover (data-migration script ready),
BullMQ worker for webhook delivery, @react-pdf PDF export, CSV import wizard.
This commit is contained in:
@@ -0,0 +1,83 @@
|
||||
import type { CookieOptions, NextFunction, Request, Response } from 'express';
|
||||
import { prisma } from '@vector/db';
|
||||
import type { LoginRequest } from '@vector/shared';
|
||||
import { env } from '../env.js';
|
||||
import * as authService from '../services/auth.js';
|
||||
import { issueCsrfToken } from '../middleware/csrf.js';
|
||||
import { errors } from '../lib/http-error.js';
|
||||
|
||||
const accessCookieOpts: CookieOptions = {
|
||||
httpOnly: true,
|
||||
sameSite: 'lax',
|
||||
secure: env.NODE_ENV === 'production',
|
||||
path: '/',
|
||||
maxAge: authService.ACCESS_TOKEN_TTL_MS,
|
||||
};
|
||||
|
||||
const refreshCookieOpts: CookieOptions = {
|
||||
httpOnly: true,
|
||||
sameSite: 'lax',
|
||||
secure: env.NODE_ENV === 'production',
|
||||
path: '/api/auth',
|
||||
maxAge: authService.REFRESH_TOKEN_TTL_MS,
|
||||
};
|
||||
|
||||
function setAuthCookies(res: Response, tokens: authService.AuthTokens) {
|
||||
res.cookie('token', tokens.accessToken, accessCookieOpts);
|
||||
res.cookie('refresh', tokens.refreshToken, refreshCookieOpts);
|
||||
issueCsrfToken(res);
|
||||
}
|
||||
|
||||
function clearAuthCookies(res: Response) {
|
||||
res.clearCookie('token', { path: '/' });
|
||||
res.clearCookie('refresh', { path: '/api/auth' });
|
||||
res.clearCookie('csrf', { path: '/' });
|
||||
}
|
||||
|
||||
export async function login(req: Request, res: Response, next: NextFunction) {
|
||||
try {
|
||||
const { username, password } = req.validated!.body as LoginRequest;
|
||||
const { user, tokens } = await prisma.$transaction((tx) =>
|
||||
authService.login(tx, username, password),
|
||||
);
|
||||
setAuthCookies(res, tokens);
|
||||
res.json(user);
|
||||
} catch (err) {
|
||||
next(err);
|
||||
}
|
||||
}
|
||||
|
||||
export async function refresh(req: Request, res: Response, next: NextFunction) {
|
||||
try {
|
||||
const presented = req.cookies?.refresh;
|
||||
if (!presented) throw errors.unauthorized('Missing refresh token');
|
||||
const { user, tokens } = await prisma.$transaction((tx) =>
|
||||
authService.rotate(tx, presented),
|
||||
);
|
||||
setAuthCookies(res, tokens);
|
||||
res.json(user);
|
||||
} catch (err) {
|
||||
next(err);
|
||||
}
|
||||
}
|
||||
|
||||
export async function logout(req: Request, res: Response, next: NextFunction) {
|
||||
try {
|
||||
const presented = req.cookies?.refresh;
|
||||
await prisma.$transaction((tx) => authService.revoke(tx, presented));
|
||||
clearAuthCookies(res);
|
||||
res.json({ message: 'Logged out' });
|
||||
} catch (err) {
|
||||
next(err);
|
||||
}
|
||||
}
|
||||
|
||||
export async function me(req: Request, res: Response, next: NextFunction) {
|
||||
try {
|
||||
const user = await prisma.user.findUnique({ where: { id: req.user!.id } });
|
||||
if (!user) throw errors.unauthorized();
|
||||
res.json({ id: user.id, username: user.username, email: user.email, role: user.role });
|
||||
} catch (err) {
|
||||
next(err);
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user