feat: registration and login with JWT auth
- users table: email, password_hash (bcrypt), role, is_active - POST /auth/register — checks blocklist, hashes password, returns JWT - POST /auth/login — verifies password, returns JWT - Auth middleware: accepts env tokens (dev) OR valid JWTs - end-user role → 403 Insufficient permissions on all /api/* routes - JWT_SECRET + JWT_EXPIRES_IN env vars Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -22,6 +22,9 @@ app.get('/health', async (req, res) => {
|
||||
res.json({ status: 'ok', db });
|
||||
});
|
||||
|
||||
// Public routes
|
||||
app.use('/auth', require('./routes/auth'));
|
||||
|
||||
// Routes — protected by Bearer token
|
||||
app.use('/api', auth, require('./routes/index'));
|
||||
app.use('/api/pictures', auth, require('./routes/pictures'));
|
||||
|
||||
Reference in New Issue
Block a user