feat(49): update auth

cherman23 · cherman23 · commit e078361d53c0 · 2025-10-10T18:54:05.000-04:00
diff --git a/src/app/(web)/(auth)/login/page.tsx b/src/app/(web)/(auth)/login/page.tsx
@@ -0,0 +1,3 @@
+export default function LoginPage() {
+    return <div className="">login</div>;
+}
diff --git a/src/app/(web)/(auth)/signup/page.tsx b/src/app/(web)/(auth)/signup/page.tsx
@@ -0,0 +1,3 @@
+export default function SignupPage() {
+    return <div className="">signup</div>;
+}
diff --git a/src/app/(web)/dashboard/page.tsx b/src/app/(web)/dashboard/page.tsx
@@ -0,0 +1,3 @@
+export default function DashboardPage() {
+    return <div className=""></div>;
+}
diff --git a/src/app/api/auth/logout/route.ts b/src/app/api/auth/logout/route.ts
@@ -7,8 +7,6 @@ export async function POST(_request: NextRequest) {
         await logout();
         return sargeApiResponse({ message: 'Logged out successfully' }, 200);
     } catch (error) {
-        // Even if logout fails, we want to clear the session
-        // This is a security best practice
         const message = error instanceof Error ? error.message : String(error);
         return sargeApiResponse({ message: 'Logged out', error: message }, 200);
     }
diff --git a/src/app/api/users/[id]/route.ts b/src/app/api/users/[id]/route.ts
@@ -9,8 +9,6 @@ export async function DELETE(
     { params }: { params: Promise<{ id: string }> }
 ) {
     try {
-        const session = await requireAuth();
-
         const id = (await params).id;
         const user = await userController.delete(id);
         return sargeApiResponse(user, 200);
diff --git a/src/lib/auth/auth-service.ts b/src/lib/auth/auth-service.ts
@@ -6,18 +6,13 @@ import { userController } from '../controllers/user.controller';
 import { prisma } from '../prisma';
 import bcrypt from 'bcrypt';
 import { AuthorizationError } from '../schemas/errors';
+import { type User } from '@/generated/prisma';
 
 export interface LoginCredentials {
     email: string;
     password: string;
 }
 
-export interface User {
-    id: string;
-    email: string;
-    role?: string;
-}
-
 export async function login(_credentials: LoginCredentials): Promise<User> {
     const user = await prisma.user.findUnique({
         where: {
diff --git a/src/lib/auth/auth.ts b/src/lib/auth/auth.ts
@@ -11,12 +11,12 @@ export const config = {
     secure: process.env.NODE_ENV === 'production',
 };
 
-const secretKey = createSecretKey(process.env.JWT_SECRET!, 'utf-8');
+// eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+export const secretKey = createSecretKey(process.env.JWT_SECRET!, 'utf-8');
 
 export interface SessionPayload {
     userId: string;
-    email?: string;
-    exp?: number;
+    email: string;
 }
 
 export async function createSession(payload: SessionPayload) {
diff --git a/src/lib/auth/permissions.ts b/src/lib/auth/permissions.ts
@@ -0,0 +1,15 @@
+import 'server-only';
+import { type User } from '@/generated/prisma';
+
+export async function canView(target: User, requester: User): Promise<boolean> {
+    if (target.id === requester.id) {
+        return true;
+    } else if (target.orgId === requester.orgId) {
+        return true;
+    }
+    return false;
+}
+
+export async function canModify(target: User, requester: User): Promise<boolean> {
+    return false;
+}
diff --git a/src/lib/schemas/user.schema.ts b/src/lib/schemas/user.schema.ts
@@ -17,6 +17,7 @@ export const createUserSchema = z.object({
         .toLowerCase()
         .trim()
         .max(255, 'Email must be less than 255 characters'),
+    hashedPassword: z.string(),
 });
 
 export const UserSchema = z.object({
diff --git a/src/middleware.ts b/src/middleware.ts
@@ -1,16 +1,11 @@
 import { type NextRequest, NextResponse } from 'next/server';
 import { jwtVerify } from 'jose';
-import { createSecretKey } from 'node:crypto';
-import { config as authConfig } from './lib/auth/auth';
 
-const secretKey = createSecretKey(process.env.JWT_SECRET!, 'utf-8');
-
-// Define protected routes
-const protectedRoutes = ['/api'];
+const protectedRoutes = ['/dashboard'];
 
 export async function middleware(request: NextRequest) {
     const { pathname } = request.nextUrl;
-    const sessionCookie = request.cookies.get(authConfig.cookieName)?.value;
+    const sessionCookie = request.cookies.get('sarge.session')?.value;
 
     // Check if the route requires authentication
     const isProtectedRoute = protectedRoutes.some((route) => pathname.startsWith(route));
@@ -19,8 +14,11 @@ export async function middleware(request: NextRequest) {
     let isAuthenticated = false;
     if (sessionCookie) {
         try {
-            await jwtVerify(sessionCookie, secretKey, {
-                issuer: authConfig.issuer,
+            // Create secret key directly in middleware (Edge Runtime compatible)
+            const secret = new TextEncoder().encode(process.env.JWT_SECRET);
+
+            await jwtVerify(sessionCookie, secret, {
+                issuer: 'sargenu',
             });
             isAuthenticated = true;
         } catch {

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+export default function LoginPage() {`
	`2`	`+ return <div className="">login</div>;`
	`3`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+export default function SignupPage() {`
	`2`	`+ return <div className="">signup</div>;`
	`3`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+export default function DashboardPage() {`
	`2`	`+ return <div className=""></div>;`
	`3`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -7,8 +7,6 @@ export async function POST(_request: NextRequest) {`
`7`	`7`	`await logout();`
`8`	`8`	`return sargeApiResponse({ message: 'Logged out successfully' }, 200);`
`9`	`9`	`} catch (error) {`
`10`		`- // Even if logout fails, we want to clear the session`
`11`		`- // This is a security best practice`
`12`	`10`	`const message = error instanceof Error ? error.message : String(error);`
`13`	`11`	`return sargeApiResponse({ message: 'Logged out', error: message }, 200);`
`14`	`12`	`}`