HyperSpaceOut/jackboxpartypack-gamepicker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
jackboxpartypack-gamepicker/backend/routes/auth.js

48 lines
1011 B
JavaScript
Raw Permalink Normal View History

initial commit
2025-10-30 04:27:43 -04:00
const express = require('express');
const jwt = require('jsonwebtoken');
const { JWT_SECRET, authenticateToken } = require('../middleware/auth');
const router = express.Router();
Harden secret handling: remove weak fallback defaults, fail fast on missing env vars JWT_SECRET and ADMIN_KEY no longer fall back to insecure defaults. The app will throw at startup if these env vars are not set. docker-compose.yml now uses :? syntax to require them. Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-07 14:07:09 -05:00
if (!process.env.ADMIN_KEY) {
throw new Error('ADMIN_KEY environment variable is required');
}
const ADMIN_KEY = process.env.ADMIN_KEY;
initial commit
2025-10-30 04:27:43 -04:00
// Login with admin key
router.post('/login', (req, res) => {
const { key } = req.body;
if (!key) {
return res.status(400).json({ error: 'Admin key is required' });
}
if (key !== ADMIN_KEY) {
return res.status(401).json({ error: 'Invalid admin key' });
}
// Generate JWT token
const token = jwt.sign(
{ role: 'admin', timestamp: Date.now() },
JWT_SECRET,
{ expiresIn: '24h' }
);
res.json({
token,
message: 'Authentication successful',
expiresIn: '24h'
});
});
// Verify token validity
router.post('/verify', authenticateToken, (req, res) => {
res.json({
valid: true,
user: req.user
});
});
module.exports = router;
Reference in New Issue Copy Permalink