john/tractatus
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
tractatus/src/routes/auth.routes.js
TheFlow 2298d36bed fix(submissions): restructure Economist package and fix article display 
- Create Economist SubmissionTracking package correctly:
  * mainArticle = full blog post content
  * coverLetter = 216-word SIR— letter
  * Links to blog post via blogPostId
- Archive 'Letter to The Economist' from blog posts (it's the cover letter)
- Fix date display on article cards (use published_at)
- Target publication already displaying via blue badge

Database changes:
- Make blogPostId optional in SubmissionTracking model
- Economist package ID: 68fa85ae49d4900e7f2ecd83
- Le Monde package ID: 68fa2abd2e6acd5691932150

Next: Enhanced modal with tabs, validation, export

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-24 08:47:42 +13:00

54 lines
1.5 KiB
JavaScript
Raw Blame History

/**
* Authentication Routes
*/
const express = require('express');
const rateLimit = require('express-rate-limit');
const router = express.Router();
const authController = require('../controllers/auth.controller');
const { authenticateToken } = require('../middleware/auth.middleware');
const { validateEmail, validateRequired } = require('../middleware/validation.middleware');
const { asyncHandler } = require('../middleware/error.middleware');
// Rate limiter for login attempts (brute-force protection)
const loginLimiter = rateLimit({
windowMs: 15 * 60 * 1000, // 15 minutes
max: 5, // 5 attempts per 15 minutes per IP
message: 'Too many login attempts from this IP. Please try again in 15 minutes.',
standardHeaders: true,
legacyHeaders: false,
skipSuccessfulRequests: false // Count successful logins too (prevents credential stuffing)
});
/**
* POST /api/auth/login
* Login with email and password
* Rate limited: 5 attempts per 15 minutes per IP
*/
router.post('/login',
loginLimiter,
validateRequired(['email', 'password']),
validateEmail('email'),
asyncHandler(authController.login)
);
/**
* GET /api/auth/me
* Get current authenticated user
*/
router.get('/me',
authenticateToken,
asyncHandler(authController.getCurrentUser)
);
/**
* POST /api/auth/logout
* Logout (logs the event, client removes token)
*/
router.post('/logout',
authenticateToken,
asyncHandler(authController.logout)
);
module.exports = router;
Reference in a new issue View git blame Copy permalink