feat: create auth

cherman23 · cherman23 · commit a178364fa945 · 2025-10-07T21:28:21.000-04:00
diff --git a/package.json b/package.json
@@ -21,6 +21,8 @@
     },
     "dependencies": {
         "@prisma/client": "6.15.0",
+        "bcrypt": "^6.0.0",
+        "jose": "^6.1.0",
         "next": "15.5.2",
         "prisma": "^6.15.0",
         "react": "19.1.0",
@@ -30,6 +32,7 @@
     "devDependencies": {
         "@eslint/eslintrc": "^3",
         "@tailwindcss/postcss": "^4",
+        "@types/bcrypt": "^6.0.0",
         "@types/node": "^22",
         "@types/react": "^19",
         "@types/react-dom": "^19",
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
diff --git a/prisma/migrations/20251008012125_add_password_to_user/migration.sql b/prisma/migrations/20251008012125_add_password_to_user/migration.sql
@@ -0,0 +1,8 @@
+/*
+  Warnings:
+
+  - Added the required column `hashedPassword` to the `User` table without a default value. This is not possible if the table is not empty.
+
+*/
+-- AlterTable
+ALTER TABLE "public"."User" ADD COLUMN     "hashedPassword" TEXT NOT NULL;
diff --git a/prisma/schema.prisma b/prisma/schema.prisma
@@ -9,31 +9,32 @@ datasource db {
 }
 
 model Organization {
-  id        String   @id @unique @default(uuid())
-  name      String
-  createdAt DateTime @default(now())
-  updatedAt DateTime @updatedAt
-  createdById String @unique
-  createdBy User @relation("CreatedOrganization", fields: [createdById], references: [id])
-  users              User[] @relation("UserOrganization")
+  id                 String               @id @unique @default(uuid())
+  name               String
+  createdAt          DateTime             @default(now())
+  updatedAt          DateTime             @updatedAt
+  createdById        String               @unique
+  createdBy          User                 @relation("CreatedOrganization", fields: [createdById], references: [id])
+  users              User[]               @relation("UserOrganization")
   positions          Position[]
   candidates         Candidate[]
   AssessmentTemplate AssessmentTemplate[]
   TaskTemplate       TaskTemplate[]
 }
 
 model User {
-  id           String        @id @unique @default(uuid())
-  name         String
-  email        String       @unique
-  orgId        String?
-  createdAt    DateTime     @default(now())
-  updatedAt    DateTime     @updatedAt
-  organization Organization? @relation("UserOrganization", fields: [orgId], references: [id])
+  id                  String        @id @unique @default(uuid())
+  name                String
+  email               String        @unique
+  orgId               String?
+  hashedPassword      String
+  createdAt           DateTime      @default(now())
+  updatedAt           DateTime      @updatedAt
+  organization        Organization? @relation("UserOrganization", fields: [orgId], references: [id])
   createdOrganization Organization? @relation("CreatedOrganization")
-  userRoles    UserRole[]
-  Review       Review[]
-  Comment      Comment[]
+  userRoles           UserRole[]
+  Review              Review[]
+  Comment             Comment[]
 }
 
 model Role {
diff --git a/src/app/api/auth/login/route.ts b/src/app/api/auth/login/route.ts
@@ -0,0 +1,37 @@
+import { type NextRequest } from 'next/server';
+import { sargeApiError, sargeApiResponse } from '@/lib/responses';
+import { login } from '@/lib/auth/auth-service';
+import { InvalidInputError } from '@/lib/schemas/errors';
+
+export async function POST(request: NextRequest) {
+    try {
+        const body = await request.json();
+
+        if (!body.email || !body.password) {
+            return sargeApiError('Email and password are required', 400);
+        }
+
+        const user = await login({
+            email: body.email,
+            password: body.password,
+        });
+
+        return sargeApiResponse(user, 200);
+    } catch (error) {
+        if (error instanceof InvalidInputError) {
+            return sargeApiError(error.message, 400);
+        }
+
+        const message = error instanceof Error ? error.message : String(error);
+
+        if (message.includes('Invalid credentials')) {
+            return sargeApiError('Invalid email or password', 401);
+        }
+
+        if (message.includes('Login implementation needed')) {
+            return sargeApiError('Authentication not yet configured', 501);
+        }
+
+        return sargeApiError(message, 500);
+    }
+}
diff --git a/src/app/api/auth/logout/route.ts b/src/app/api/auth/logout/route.ts
@@ -0,0 +1,15 @@
+import { type NextRequest } from 'next/server';
+import { sargeApiResponse } from '@/lib/responses';
+import { logout } from '@/lib/auth/auth-service';
+
+export async function POST(_request: NextRequest) {
+    try {
+        await logout();
+        return sargeApiResponse({ message: 'Logged out successfully' }, 200);
+    } catch (error) {
+        // Even if logout fails, we want to clear the session
+        // This is a security best practice
+        const message = error instanceof Error ? error.message : String(error);
+        return sargeApiResponse({ message: 'Logged out', error: message }, 200);
+    }
+}
diff --git a/src/app/api/auth/me/route.ts b/src/app/api/auth/me/route.ts
@@ -0,0 +1,18 @@
+import { type NextRequest } from 'next/server';
+import { sargeApiResponse, sargeApiError } from '@/lib/responses';
+import { getCurrentUser } from '@/lib/auth/auth-service';
+
+export async function GET(_request: NextRequest) {
+    try {
+        const user = await getCurrentUser();
+
+        if (!user) {
+            return sargeApiError('Not authenticated', 401);
+        }
+
+        return sargeApiResponse(user, 200);
+    } catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        return sargeApiError(message, 500);
+    }
+}
diff --git a/src/app/api/users/[id]/route.ts b/src/app/api/users/[id]/route.ts
@@ -1,15 +1,18 @@
+import { requireAuth } from '@/lib/auth/auth';
 import { userController } from '@/lib/controllers/user.controller';
 import { sargeApiError, sargeApiResponse } from '@/lib/responses';
 import { UserNotFoundError } from '@/lib/schemas/user.schema';
 import { type NextRequest } from 'next/server';
 
 export async function DELETE(
     _request: NextRequest,
-    { params }: { params: Promise<{ userId: string }> }
+    { params }: { params: Promise<{ id: string }> }
 ) {
     try {
-        const userId = (await params).userId;
-        const user = await userController.delete(userId);
+        const session = await requireAuth();
+
+        const id = (await params).id;
+        const user = await userController.delete(id);
         return sargeApiResponse(user, 200);
     } catch (error) {
         if (error instanceof UserNotFoundError) {
@@ -21,13 +24,10 @@ export async function DELETE(
     }
 }
 
-export async function GET(
-    _request: NextRequest,
-    { params }: { params: Promise<{ userId: string }> }
-) {
+export async function GET(_request: NextRequest, { params }: { params: Promise<{ id: string }> }) {
     try {
-        const userId = (await params).userId;
-        const user = await userController.get(userId);
+        const id = (await params).id;
+        const user = await userController.get(id);
         return sargeApiResponse(user, 200);
     } catch (error) {
         if (error instanceof UserNotFoundError) {
@@ -39,14 +39,11 @@ export async function GET(
     }
 }
 
-export async function PUT(
-    request: NextRequest,
-    { params }: { params: Promise<{ userId: string }> }
-) {
+export async function PUT(request: NextRequest, { params }: { params: Promise<{ id: string }> }) {
     try {
-        const userId = (await params).userId;
+        const id = (await params).id;
         const body = await request.json();
-        const user = await userController.update(userId, body);
+        const user = await userController.update(id, body);
         return sargeApiResponse(user, 200);
     } catch (error) {
         if (error instanceof UserNotFoundError) {
diff --git a/src/lib/auth/auth-service.ts b/src/lib/auth/auth-service.ts
@@ -0,0 +1,55 @@
+import 'server-only';
+
+import { createSession, deleteSession, verifySession } from './auth';
+import { redirect } from 'next/navigation';
+import { userController } from '../controllers/user.controller';
+import { prisma } from '../prisma';
+import bcrypt from 'bcrypt';
+import { AuthorizationError } from '../schemas/errors';
+
+export interface LoginCredentials {
+    email: string;
+    password: string;
+}
+
+export interface User {
+    id: string;
+    email: string;
+    role?: string;
+}
+
+export async function login(_credentials: LoginCredentials): Promise<User> {
+    const user = await prisma.user.findUnique({
+        where: {
+            email: _credentials.email,
+        },
+    });
+
+    if (!user) {
+        throw new AuthorizationError();
+    }
+
+    const isValidPassword = await bcrypt.compare(_credentials.password, user.hashedPassword);
+
+    if (!isValidPassword) {
+        throw new AuthorizationError();
+    }
+
+    await createSession({ userId: user.id, email: user.email });
+    return user;
+}
+
+export async function logout() {
+    await deleteSession();
+    redirect('/login');
+}
+
+export async function getCurrentUser() {
+    const session = await verifySession();
+
+    if (!session) {
+        return null;
+    }
+
+    return await userController.get(session.userId);
+}
diff --git a/src/lib/auth/auth.ts b/src/lib/auth/auth.ts
diff --git a/src/lib/schemas/errors.ts b/src/lib/schemas/errors.ts
diff --git a/src/middleware.ts b/src/middleware.ts
