aboutsummaryrefslogtreecommitdiffhomepage
path: root/pkgs/server/src/routes
diff options
context:
space:
mode:
authornsfisis <nsfisis@gmail.com>2025-12-06 17:05:21 +0900
committernsfisis <nsfisis@gmail.com>2025-12-06 17:37:04 +0900
commit811458427593a4172a2cd535cc768db375350dca (patch)
tree6c4f46c96b6f29392dc19d591e39e03c187033a1 /pkgs/server/src/routes
parent9736a8981fbd6c6defbd67517ca23904fc844629 (diff)
downloadkioku-811458427593a4172a2cd535cc768db375350dca.tar.gz
kioku-811458427593a4172a2cd535cc768db375350dca.tar.zst
kioku-811458427593a4172a2cd535cc768db375350dca.zip
feat(dev): change architecture and directory structure
Diffstat (limited to 'pkgs/server/src/routes')
-rw-r--r--pkgs/server/src/routes/auth.test.ts428
-rw-r--r--pkgs/server/src/routes/auth.ts199
-rw-r--r--pkgs/server/src/routes/index.ts1
3 files changed, 0 insertions, 628 deletions
diff --git a/pkgs/server/src/routes/auth.test.ts b/pkgs/server/src/routes/auth.test.ts
deleted file mode 100644
index 34eb2b6..0000000
--- a/pkgs/server/src/routes/auth.test.ts
+++ /dev/null
@@ -1,428 +0,0 @@
-import { Hono } from "hono";
-import { beforeEach, describe, expect, it, vi } from "vitest";
-import { errorHandler } from "../middleware";
-import type {
- RefreshTokenRepository,
- UserPublic,
- UserRepository,
-} from "../repositories";
-import { createAuthRouter } from "./auth";
-
-vi.mock("argon2", () => ({
- hash: vi.fn((password: string) => Promise.resolve(`hashed_${password}`)),
- verify: vi.fn((hash: string, password: string) =>
- Promise.resolve(hash === `hashed_${password}`),
- ),
-}));
-
-function createMockUserRepo(): UserRepository {
- return {
- findByUsername: vi.fn(),
- existsByUsername: vi.fn(),
- create: vi.fn(),
- findById: vi.fn(),
- };
-}
-
-function createMockRefreshTokenRepo(): RefreshTokenRepository {
- return {
- findValidToken: vi.fn(),
- create: vi.fn(),
- deleteById: vi.fn(),
- };
-}
-
-interface RegisterResponse {
- user?: {
- id: string;
- username: string;
- createdAt: string;
- };
- error?: {
- code: string;
- message: string;
- };
-}
-
-interface LoginResponse {
- accessToken?: string;
- refreshToken?: string;
- user?: {
- id: string;
- username: string;
- };
- error?: {
- code: string;
- message: string;
- };
-}
-
-describe("POST /register", () => {
- let app: Hono;
- let mockUserRepo: ReturnType<typeof createMockUserRepo>;
- let mockRefreshTokenRepo: ReturnType<typeof createMockRefreshTokenRepo>;
-
- beforeEach(() => {
- vi.clearAllMocks();
- mockUserRepo = createMockUserRepo();
- mockRefreshTokenRepo = createMockRefreshTokenRepo();
- const auth = createAuthRouter({
- userRepo: mockUserRepo,
- refreshTokenRepo: mockRefreshTokenRepo,
- });
- app = new Hono();
- app.onError(errorHandler);
- app.route("/api/auth", auth);
- });
-
- it("creates a new user with valid credentials", async () => {
- vi.mocked(mockUserRepo.existsByUsername).mockResolvedValue(false);
- vi.mocked(mockUserRepo.create).mockResolvedValue({
- id: "test-uuid-123",
- username: "testuser",
- createdAt: new Date("2024-01-01T00:00:00Z"),
- } as UserPublic);
-
- const res = await app.request("/api/auth/register", {
- method: "POST",
- headers: { "Content-Type": "application/json" },
- body: JSON.stringify({
- username: "testuser",
- password: "securepassword12345",
- }),
- });
-
- expect(res.status).toBe(201);
- const body = (await res.json()) as RegisterResponse;
- expect(body.user).toEqual({
- id: "test-uuid-123",
- username: "testuser",
- createdAt: "2024-01-01T00:00:00.000Z",
- });
- expect(mockUserRepo.existsByUsername).toHaveBeenCalledWith("testuser");
- expect(mockUserRepo.create).toHaveBeenCalledWith({
- username: "testuser",
- passwordHash: "hashed_securepassword12345",
- });
- });
-
- it("returns 422 for invalid username", async () => {
- const res = await app.request("/api/auth/register", {
- method: "POST",
- headers: { "Content-Type": "application/json" },
- body: JSON.stringify({
- username: "",
- password: "securepassword12345",
- }),
- });
-
- expect(res.status).toBe(422);
- const body = (await res.json()) as RegisterResponse;
- expect(body.error?.code).toBe("VALIDATION_ERROR");
- });
-
- it("returns 422 for password too short", async () => {
- const res = await app.request("/api/auth/register", {
- method: "POST",
- headers: { "Content-Type": "application/json" },
- body: JSON.stringify({
- username: "testuser",
- password: "tooshort123456",
- }),
- });
-
- expect(res.status).toBe(422);
- const body = (await res.json()) as RegisterResponse;
- expect(body.error?.code).toBe("VALIDATION_ERROR");
- });
-
- it("returns 409 for existing username", async () => {
- vi.mocked(mockUserRepo.existsByUsername).mockResolvedValue(true);
-
- const res = await app.request("/api/auth/register", {
- method: "POST",
- headers: { "Content-Type": "application/json" },
- body: JSON.stringify({
- username: "existinguser",
- password: "securepassword12345",
- }),
- });
-
- expect(res.status).toBe(409);
- const body = (await res.json()) as RegisterResponse;
- expect(body.error?.code).toBe("USERNAME_EXISTS");
- });
-});
-
-describe("POST /login", () => {
- let app: Hono;
- let mockUserRepo: ReturnType<typeof createMockUserRepo>;
- let mockRefreshTokenRepo: ReturnType<typeof createMockRefreshTokenRepo>;
-
- beforeEach(() => {
- vi.clearAllMocks();
- mockUserRepo = createMockUserRepo();
- mockRefreshTokenRepo = createMockRefreshTokenRepo();
- const auth = createAuthRouter({
- userRepo: mockUserRepo,
- refreshTokenRepo: mockRefreshTokenRepo,
- });
- app = new Hono();
- app.onError(errorHandler);
- app.route("/api/auth", auth);
- });
-
- it("returns access token for valid credentials", async () => {
- vi.mocked(mockUserRepo.findByUsername).mockResolvedValue({
- id: "user-uuid-123",
- username: "testuser",
- passwordHash: "hashed_correctpassword",
- });
- vi.mocked(mockRefreshTokenRepo.create).mockResolvedValue(undefined);
-
- const res = await app.request("/api/auth/login", {
- method: "POST",
- headers: { "Content-Type": "application/json" },
- body: JSON.stringify({
- username: "testuser",
- password: "correctpassword",
- }),
- });
-
- expect(res.status).toBe(200);
- const body = (await res.json()) as LoginResponse;
- expect(body.accessToken).toBeDefined();
- expect(typeof body.accessToken).toBe("string");
- expect(body.refreshToken).toBeDefined();
- expect(typeof body.refreshToken).toBe("string");
- expect(body.user).toEqual({
- id: "user-uuid-123",
- username: "testuser",
- });
- expect(mockRefreshTokenRepo.create).toHaveBeenCalledWith({
- userId: "user-uuid-123",
- tokenHash: expect.any(String),
- expiresAt: expect.any(Date),
- });
- });
-
- it("returns 401 for non-existent user", async () => {
- vi.mocked(mockUserRepo.findByUsername).mockResolvedValue(undefined);
-
- const res = await app.request("/api/auth/login", {
- method: "POST",
- headers: { "Content-Type": "application/json" },
- body: JSON.stringify({
- username: "nonexistent",
- password: "anypassword",
- }),
- });
-
- expect(res.status).toBe(401);
- const body = (await res.json()) as LoginResponse;
- expect(body.error?.code).toBe("INVALID_CREDENTIALS");
- });
-
- it("returns 401 for incorrect password", async () => {
- vi.mocked(mockUserRepo.findByUsername).mockResolvedValue({
- id: "user-uuid-123",
- username: "testuser",
- passwordHash: "hashed_correctpassword",
- });
-
- const res = await app.request("/api/auth/login", {
- method: "POST",
- headers: { "Content-Type": "application/json" },
- body: JSON.stringify({
- username: "testuser",
- password: "wrongpassword",
- }),
- });
-
- expect(res.status).toBe(401);
- const body = (await res.json()) as LoginResponse;
- expect(body.error?.code).toBe("INVALID_CREDENTIALS");
- });
-
- it("returns 422 for missing username", async () => {
- const res = await app.request("/api/auth/login", {
- method: "POST",
- headers: { "Content-Type": "application/json" },
- body: JSON.stringify({
- username: "",
- password: "somepassword",
- }),
- });
-
- expect(res.status).toBe(422);
- const body = (await res.json()) as LoginResponse;
- expect(body.error?.code).toBe("VALIDATION_ERROR");
- });
-
- it("returns 422 for missing password", async () => {
- const res = await app.request("/api/auth/login", {
- method: "POST",
- headers: { "Content-Type": "application/json" },
- body: JSON.stringify({
- username: "testuser",
- password: "",
- }),
- });
-
- expect(res.status).toBe(422);
- const body = (await res.json()) as LoginResponse;
- expect(body.error?.code).toBe("VALIDATION_ERROR");
- });
-});
-
-interface RefreshResponse {
- accessToken?: string;
- refreshToken?: string;
- user?: {
- id: string;
- username: string;
- };
- error?: {
- code: string;
- message: string;
- };
-}
-
-describe("POST /refresh", () => {
- let app: Hono;
- let mockUserRepo: ReturnType<typeof createMockUserRepo>;
- let mockRefreshTokenRepo: ReturnType<typeof createMockRefreshTokenRepo>;
-
- beforeEach(() => {
- vi.clearAllMocks();
- mockUserRepo = createMockUserRepo();
- mockRefreshTokenRepo = createMockRefreshTokenRepo();
- const auth = createAuthRouter({
- userRepo: mockUserRepo,
- refreshTokenRepo: mockRefreshTokenRepo,
- });
- app = new Hono();
- app.onError(errorHandler);
- app.route("/api/auth", auth);
- });
-
- it("returns new tokens for valid refresh token", async () => {
- vi.mocked(mockRefreshTokenRepo.findValidToken).mockResolvedValue({
- id: "token-id-123",
- userId: "user-uuid-123",
- expiresAt: new Date(Date.now() + 86400000),
- });
- vi.mocked(mockUserRepo.findById).mockResolvedValue({
- id: "user-uuid-123",
- username: "testuser",
- });
- vi.mocked(mockRefreshTokenRepo.deleteById).mockResolvedValue(undefined);
- vi.mocked(mockRefreshTokenRepo.create).mockResolvedValue(undefined);
-
- const res = await app.request("/api/auth/refresh", {
- method: "POST",
- headers: { "Content-Type": "application/json" },
- body: JSON.stringify({
- refreshToken: "valid-refresh-token-hex",
- }),
- });
-
- expect(res.status).toBe(200);
- const body = (await res.json()) as RefreshResponse;
- expect(body.accessToken).toBeDefined();
- expect(typeof body.accessToken).toBe("string");
- expect(body.refreshToken).toBeDefined();
- expect(typeof body.refreshToken).toBe("string");
- expect(body.user).toEqual({
- id: "user-uuid-123",
- username: "testuser",
- });
- expect(mockRefreshTokenRepo.deleteById).toHaveBeenCalledWith(
- "token-id-123",
- );
- expect(mockRefreshTokenRepo.create).toHaveBeenCalledWith({
- userId: "user-uuid-123",
- tokenHash: expect.any(String),
- expiresAt: expect.any(Date),
- });
- });
-
- it("returns 401 for invalid refresh token", async () => {
- vi.mocked(mockRefreshTokenRepo.findValidToken).mockResolvedValue(undefined);
-
- const res = await app.request("/api/auth/refresh", {
- method: "POST",
- headers: { "Content-Type": "application/json" },
- body: JSON.stringify({
- refreshToken: "invalid-refresh-token",
- }),
- });
-
- expect(res.status).toBe(401);
- const body = (await res.json()) as RefreshResponse;
- expect(body.error?.code).toBe("INVALID_REFRESH_TOKEN");
- });
-
- it("returns 401 for expired refresh token", async () => {
- vi.mocked(mockRefreshTokenRepo.findValidToken).mockResolvedValue(undefined);
-
- const res = await app.request("/api/auth/refresh", {
- method: "POST",
- headers: { "Content-Type": "application/json" },
- body: JSON.stringify({
- refreshToken: "expired-refresh-token",
- }),
- });
-
- expect(res.status).toBe(401);
- const body = (await res.json()) as RefreshResponse;
- expect(body.error?.code).toBe("INVALID_REFRESH_TOKEN");
- });
-
- it("returns 401 when user not found", async () => {
- vi.mocked(mockRefreshTokenRepo.findValidToken).mockResolvedValue({
- id: "token-id-123",
- userId: "deleted-user-id",
- expiresAt: new Date(Date.now() + 86400000),
- });
- vi.mocked(mockUserRepo.findById).mockResolvedValue(undefined);
-
- const res = await app.request("/api/auth/refresh", {
- method: "POST",
- headers: { "Content-Type": "application/json" },
- body: JSON.stringify({
- refreshToken: "valid-refresh-token",
- }),
- });
-
- expect(res.status).toBe(401);
- const body = (await res.json()) as RefreshResponse;
- expect(body.error?.code).toBe("USER_NOT_FOUND");
- });
-
- it("returns 422 for missing refresh token", async () => {
- const res = await app.request("/api/auth/refresh", {
- method: "POST",
- headers: { "Content-Type": "application/json" },
- body: JSON.stringify({}),
- });
-
- expect(res.status).toBe(422);
- const body = (await res.json()) as RefreshResponse;
- expect(body.error?.code).toBe("VALIDATION_ERROR");
- });
-
- it("returns 422 for empty refresh token", async () => {
- const res = await app.request("/api/auth/refresh", {
- method: "POST",
- headers: { "Content-Type": "application/json" },
- body: JSON.stringify({
- refreshToken: "",
- }),
- });
-
- expect(res.status).toBe(422);
- const body = (await res.json()) as RefreshResponse;
- expect(body.error?.code).toBe("VALIDATION_ERROR");
- });
-});
diff --git a/pkgs/server/src/routes/auth.ts b/pkgs/server/src/routes/auth.ts
deleted file mode 100644
index e1f7ebb..0000000
--- a/pkgs/server/src/routes/auth.ts
+++ /dev/null
@@ -1,199 +0,0 @@
-import { createHash, randomBytes } from "node:crypto";
-import {
- createUserSchema,
- loginSchema,
- refreshTokenSchema,
-} from "@kioku/shared";
-import * as argon2 from "argon2";
-import { Hono } from "hono";
-import { sign } from "hono/jwt";
-import { Errors } from "../middleware";
-import {
- type RefreshTokenRepository,
- refreshTokenRepository,
- type UserRepository,
- userRepository,
-} from "../repositories";
-
-const JWT_SECRET = process.env.JWT_SECRET;
-if (!JWT_SECRET) {
- throw new Error("JWT_SECRET environment variable is required");
-}
-const ACCESS_TOKEN_EXPIRES_IN = 60 * 15; // 15 minutes
-const REFRESH_TOKEN_EXPIRES_IN = 60 * 60 * 24 * 7; // 7 days
-
-function generateRefreshToken(): string {
- return randomBytes(32).toString("hex");
-}
-
-function hashToken(token: string): string {
- return createHash("sha256").update(token).digest("hex");
-}
-
-export interface AuthDependencies {
- userRepo: UserRepository;
- refreshTokenRepo: RefreshTokenRepository;
-}
-
-export function createAuthRouter(deps: AuthDependencies) {
- const { userRepo, refreshTokenRepo } = deps;
- const auth = new Hono();
-
- auth.post("/register", async (c) => {
- const body = await c.req.json();
-
- const parsed = createUserSchema.safeParse(body);
- if (!parsed.success) {
- throw Errors.validationError(parsed.error.issues[0]?.message);
- }
-
- const { username, password } = parsed.data;
-
- // Check if username already exists
- const exists = await userRepo.existsByUsername(username);
- if (exists) {
- throw Errors.conflict("Username already exists", "USERNAME_EXISTS");
- }
-
- // Hash password with Argon2
- const passwordHash = await argon2.hash(password);
-
- // Create user
- const newUser = await userRepo.create({ username, passwordHash });
-
- return c.json({ user: newUser }, 201);
- });
-
- auth.post("/login", async (c) => {
- const body = await c.req.json();
-
- const parsed = loginSchema.safeParse(body);
- if (!parsed.success) {
- throw Errors.validationError(parsed.error.issues[0]?.message);
- }
-
- const { username, password } = parsed.data;
-
- // Find user by username
- const user = await userRepo.findByUsername(username);
-
- if (!user) {
- throw Errors.unauthorized(
- "Invalid username or password",
- "INVALID_CREDENTIALS",
- );
- }
-
- // Verify password
- const isPasswordValid = await argon2.verify(user.passwordHash, password);
- if (!isPasswordValid) {
- throw Errors.unauthorized(
- "Invalid username or password",
- "INVALID_CREDENTIALS",
- );
- }
-
- // Generate JWT access token
- const now = Math.floor(Date.now() / 1000);
- const accessToken = await sign(
- {
- sub: user.id,
- iat: now,
- exp: now + ACCESS_TOKEN_EXPIRES_IN,
- },
- JWT_SECRET,
- );
-
- // Generate refresh token
- const refreshToken = generateRefreshToken();
- const tokenHash = hashToken(refreshToken);
- const expiresAt = new Date(Date.now() + REFRESH_TOKEN_EXPIRES_IN * 1000);
-
- // Store refresh token in database
- await refreshTokenRepo.create({
- userId: user.id,
- tokenHash,
- expiresAt,
- });
-
- return c.json({
- accessToken,
- refreshToken,
- user: {
- id: user.id,
- username: user.username,
- },
- });
- });
-
- auth.post("/refresh", async (c) => {
- const body = await c.req.json();
-
- const parsed = refreshTokenSchema.safeParse(body);
- if (!parsed.success) {
- throw Errors.validationError(parsed.error.issues[0]?.message);
- }
-
- const { refreshToken } = parsed.data;
- const tokenHash = hashToken(refreshToken);
-
- // Find valid refresh token
- const storedToken = await refreshTokenRepo.findValidToken(tokenHash);
-
- if (!storedToken) {
- throw Errors.unauthorized(
- "Invalid or expired refresh token",
- "INVALID_REFRESH_TOKEN",
- );
- }
-
- // Get user info
- const user = await userRepo.findById(storedToken.userId);
-
- if (!user) {
- throw Errors.unauthorized("User not found", "USER_NOT_FOUND");
- }
-
- // Delete old refresh token (rotation)
- await refreshTokenRepo.deleteById(storedToken.id);
-
- // Generate new access token
- const now = Math.floor(Date.now() / 1000);
- const accessToken = await sign(
- {
- sub: user.id,
- iat: now,
- exp: now + ACCESS_TOKEN_EXPIRES_IN,
- },
- JWT_SECRET,
- );
-
- // Generate new refresh token (rotation)
- const newRefreshToken = generateRefreshToken();
- const newTokenHash = hashToken(newRefreshToken);
- const expiresAt = new Date(Date.now() + REFRESH_TOKEN_EXPIRES_IN * 1000);
-
- await refreshTokenRepo.create({
- userId: user.id,
- tokenHash: newTokenHash,
- expiresAt,
- });
-
- return c.json({
- accessToken,
- refreshToken: newRefreshToken,
- user: {
- id: user.id,
- username: user.username,
- },
- });
- });
-
- return auth;
-}
-
-// Default auth router with real repositories for production use
-export const auth = createAuthRouter({
- userRepo: userRepository,
- refreshTokenRepo: refreshTokenRepository,
-});
diff --git a/pkgs/server/src/routes/index.ts b/pkgs/server/src/routes/index.ts
deleted file mode 100644
index 2925e6d..0000000
--- a/pkgs/server/src/routes/index.ts
+++ /dev/null
@@ -1 +0,0 @@
-export { auth } from "./auth";
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2026-01-16 08:35:49 +0000