@africode/core 5.0.0

package/core/server/auth-endpoints.js

@@ -0,0 +1,339 @@
+/**
+ * AfriCode Authentication Endpoints
+ * 
+ * Handles:
+ * - POST /api/auth/register - Create new user account
+ * - POST /api/auth/login - Authenticate user
+ * - POST /api/auth/logout - Destroy session
+ * - GET /api/auth/me - Get current user
+ * - POST /api/auth/refresh - Refresh session
+ */
+
+import { login, register, createSessionCookie, generateSessionId, createSession } from './auth.js';
+import { Session, User } from '../db.js';
+
+/**
+ * Extract session from request cookies
+ */
+function getSessionFromRequest(request) {
+    const cookieHeader = request.headers.get('Cookie');
+    if (!cookieHeader) return null;
+
+    const match = cookieHeader.match(/session_id=([^;]+)/);
+    return match ? match[1] : null;
+}
+
+/**
+ * Get current user from session
+ */
+function getCurrentUser(sessionId) {
+    if (!sessionId) return null;
+
+    const session = Session.findById(sessionId);
+    if (!session) return null;
+
+    // Check if session is expired
+    if (new Date(session.expires_at) < new Date()) {
+        Session.delete(sessionId);
+        return null;
+    }
+
+    const user = User.findById(session.user_id);
+    return user ? {
+        id: user.id,
+        email: user.email,
+        username: user.username,
+        full_name: user.full_name,
+        created_at: user.created_at
+    } : null;
+}
+
+/**
+ * POST /api/auth/register
+ * Create a new user account
+ * 
+ * Request body:
+ * {
+ *   email: "user@example.com",
+ *   username: "johndoe",
+ *   password: "SecurePassword123!",
+ *   full_name: "John Doe"
+ * }
+ */
+export async function handleRegister(request) {
+    try {
+        const body = await request.json();
+        const { email, username, password, full_name } = body;
+
+        // Validation
+        if (!email || !email.includes('@')) {
+            return new Response(JSON.stringify({ error: 'Invalid email' }), {
+                status: 400,
+                headers: { 'Content-Type': 'application/json' }
+            });
+        }
+
+        if (!username || username.length < 3) {
+            return new Response(JSON.stringify({ error: 'Username must be at least 3 characters' }), {
+                status: 400,
+                headers: { 'Content-Type': 'application/json' }
+            });
+        }
+
+        if (!password || password.length < 8) {
+            return new Response(JSON.stringify({ error: 'Password must be at least 8 characters' }), {
+                status: 400,
+                headers: { 'Content-Type': 'application/json' }
+            });
+        }
+
+        if (!full_name) {
+            return new Response(JSON.stringify({ error: 'Full name is required' }), {
+                status: 400,
+                headers: { 'Content-Type': 'application/json' }
+            });
+        }
+
+        // Register user
+        const result = await register({
+            email,
+            username,
+            password,
+            full_name
+        });
+
+        if (result.error) {
+            return new Response(JSON.stringify({ error: result.error }), {
+                status: 409,
+                headers: { 'Content-Type': 'application/json' }
+            });
+        }
+
+        // Success
+        return new Response(JSON.stringify({
+            success: true,
+            user: result.user,
+            message: 'Account created successfully'
+        }), {
+            status: 201,
+            headers: {
+                'Content-Type': 'application/json',
+                'Set-Cookie': createSessionCookie(result.sessionId, true)
+            }
+        });
+    } catch (error) {
+        console.error('[Auth] Register error:', error);
+        return new Response(JSON.stringify({ error: 'Registration failed' }), {
+            status: 500,
+            headers: { 'Content-Type': 'application/json' }
+        });
+    }
+}
+
+/**
+ * POST /api/auth/login
+ * Authenticate user with email and password
+ * 
+ * Request body:
+ * {
+ *   email: "user@example.com",
+ *   password: "SecurePassword123!"
+ * }
+ */
+export async function handleLogin(request) {
+    try {
+        const body = await request.json();
+        const { email, password } = body;
+
+        // Validation
+        if (!email || !password) {
+            return new Response(JSON.stringify({ error: 'Email and password required' }), {
+                status: 400,
+                headers: { 'Content-Type': 'application/json' }
+            });
+        }
+
+        // Authenticate
+        const result = await login(email, password);
+
+        if (result.error) {
+            return new Response(JSON.stringify({ error: result.error }), {
+                status: 401,
+                headers: { 'Content-Type': 'application/json' }
+            });
+        }
+
+        // Success
+        return new Response(JSON.stringify({
+            success: true,
+            user: result.user,
+            message: 'Logged in successfully'
+        }), {
+            status: 200,
+            headers: {
+                'Content-Type': 'application/json',
+                'Set-Cookie': createSessionCookie(result.sessionId, true)
+            }
+        });
+    } catch (error) {
+        console.error('[Auth] Login error:', error);
+        return new Response(JSON.stringify({ error: 'Login failed' }), {
+            status: 500,
+            headers: { 'Content-Type': 'application/json' }
+        });
+    }
+}
+
+/**
+ * POST /api/auth/logout
+ * Destroy the current session
+ */
+export async function handleLogout(request) {
+    try {
+        const sessionId = getSessionFromRequest(request);
+
+        if (sessionId) {
+            Session.delete(sessionId);
+        }
+
+        return new Response(JSON.stringify({
+            success: true,
+            message: 'Logged out successfully'
+        }), {
+            status: 200,
+            headers: {
+                'Content-Type': 'application/json',
+                'Set-Cookie': 'session_id=; HttpOnly; Path=/; Max-Age=0; SameSite=Strict'
+            }
+        });
+    } catch (error) {
+        console.error('[Auth] Logout error:', error);
+        return new Response(JSON.stringify({ error: 'Logout failed' }), {
+            status: 500,
+            headers: { 'Content-Type': 'application/json' }
+        });
+    }
+}
+
+/**
+ * GET /api/auth/me
+ * Get current authenticated user
+ */
+export async function handleGetMe(request) {
+    try {
+        const sessionId = getSessionFromRequest(request);
+        const user = getCurrentUser(sessionId);
+
+        if (!user) {
+            return new Response(JSON.stringify({ error: 'Not authenticated' }), {
+                status: 401,
+                headers: { 'Content-Type': 'application/json' }
+            });
+        }
+
+        return new Response(JSON.stringify({
+            success: true,
+            user
+        }), {
+            status: 200,
+            headers: { 'Content-Type': 'application/json' }
+        });
+    } catch (error) {
+        console.error('[Auth] GetMe error:', error);
+        return new Response(JSON.stringify({ error: 'Failed to get user' }), {
+            status: 500,
+            headers: { 'Content-Type': 'application/json' }
+        });
+    }
+}
+
+/**
+ * POST /api/auth/refresh
+ * Refresh session expiry
+ */
+export async function handleRefresh(request) {
+    try {
+        const sessionId = getSessionFromRequest(request);
+        const user = getCurrentUser(sessionId);
+
+        if (!user) {
+            return new Response(JSON.stringify({ error: 'Not authenticated' }), {
+                status: 401,
+                headers: { 'Content-Type': 'application/json' }
+            });
+        }
+
+        // Update session expiry
+        const expiresAt = new Date(Date.now() + 7 * 24 * 60 * 60 * 1000);
+        Session.update(sessionId, { expires_at: expiresAt.toISOString() });
+
+        return new Response(JSON.stringify({
+            success: true,
+            user,
+            message: 'Session refreshed'
+        }), {
+            status: 200,
+            headers: {
+                'Content-Type': 'application/json',
+                'Set-Cookie': createSessionCookie(sessionId, true)
+            }
+        });
+    } catch (error) {
+        console.error('[Auth] Refresh error:', error);
+        return new Response(JSON.stringify({ error: 'Refresh failed' }), {
+            status: 500,
+            headers: { 'Content-Type': 'application/json' }
+        });
+    }
+}
+
+/**
+ * Route auth endpoints
+ */
+export async function handleAuthRequest(req, pathname) {
+    // POST /api/auth/register
+    if (pathname === '/api/auth/register' && req.method === 'POST') {
+        return await handleRegister(req);
+    }
+
+    // POST /api/auth/login
+    if (pathname === '/api/auth/login' && req.method === 'POST') {
+        return await handleLogin(req);
+    }
+
+    // POST /api/auth/logout
+    if (pathname === '/api/auth/logout' && req.method === 'POST') {
+        return await handleLogout(req);
+    }
+
+    // GET /api/auth/me
+    if (pathname === '/api/auth/me' && req.method === 'GET') {
+        return await handleGetMe(req);
+    }
+
+    // POST /api/auth/refresh
+    if (pathname === '/api/auth/refresh' && req.method === 'POST') {
+        return await handleRefresh(req);
+    }
+
+    return null;
+}
+
+/**
+ * Middleware to require authentication
+ */
+export function createAuthRequired(req) {
+    const sessionId = getSessionFromRequest(req);
+    const user = getCurrentUser(sessionId);
+
+    if (!user) {
+        return new Response(JSON.stringify({ error: 'Authentication required' }), {
+            status: 401,
+            headers: { 'Content-Type': 'application/json' }
+        });
+    }
+
+    return user;
+}
+
+export { getCurrentUser, getSessionFromRequest };

package/core/server/auth.js

@@ -0,0 +1,180 @@
+/**
+ * AfriCode Authentication System
+ * Session-based auth with SQLite storage
+ */
+
+import { User, Session } from '../db.js';
+
+/**
+ * Hash a password using Bun's built-in crypto
+ */
+export async function hashPassword(password) {
+    return await Bun.password.hash(password, {
+        algorithm: 'argon2id',
+        memoryCost: 65536, // 64 MB
+        timeCost: 3,
+    });
+}
+
+/**
+ * Verify a password against its hash
+ */
+export async function verifyPassword(password, hash) {
+    return await Bun.password.verify(password, hash);
+}
+
+/**
+ * Generate a secure session ID
+ */
+export function generateSessionId() {
+    return crypto.randomUUID();
+}
+
+/**
+ * Create a session that expires in 7 days
+ */
+export function createSessionExpiry() {
+    return new Date(Date.now() + 7 * 24 * 60 * 60 * 1000);
+}
+
+/**
+ * Create a new session record for a user
+ */
+export function createSession(userId) {
+    const sessionId = generateSessionId();
+    const expiresAt = createSessionExpiry();
+
+    Session.create({
+        id: sessionId,
+        user_id: userId,
+        expires_at: expiresAt.toISOString()
+    });
+
+    return sessionId;
+}
+
+/**
+ * Build a session cookie header string
+ */
+export function createSessionCookie(sessionId, secure = false) {
+    return `session_id=${sessionId}; HttpOnly; Path=/; Max-Age=604800; SameSite=Strict${secure ? '; Secure' : ''}`;
+}
+
+/**
+ * Login user with email and password
+ */
+export async function login(email, password) {
+    const user = User.findByEmail(email);
+    if (!user) {
+        return { error: 'Invalid credentials' };
+    }
+
+    const isValid = await verifyPassword(password, user.password_hash);
+    if (!isValid) {
+        return { error: 'Invalid credentials' };
+    }
+
+    const sessionId = createSession(user.id);
+
+    return {
+        sessionId,
+        user: {
+            id: user.id,
+            email: user.email,
+            username: user.username,
+            full_name: user.full_name
+        }
+    };
+}
+
+/**
+ * Register a new user
+ */
+export async function register(userData) {
+    const { email, username, password, full_name } = userData;
+
+    // Check if user already exists
+    if (User.findByEmail(email)) {
+        return { error: 'Email already registered' };
+    }
+
+    if (User.findByUsername(username)) {
+        return { error: 'Username already taken' };
+    }
+
+    try {
+        const password_hash = await hashPassword(password);
+        const userId = User.create({
+            email,
+            username,
+            password_hash,
+            full_name
+        });
+
+        const sessionId = createSession(userId);
+
+        return {
+            success: true,
+            sessionId,
+            user: {
+                id: userId,
+                email,
+                username,
+                full_name
+            }
+        };
+    } catch (error) {
+        console.error('Registration error:', error);
+        return { error: 'Registration failed' };
+    }
+}
+
+/**
+ * Get user from session
+ */
+export async function getSessionUser(request) {
+    const cookieHeader = request.headers.get('Cookie');
+    if (!cookieHeader) {return null;}
+
+    const match = cookieHeader.match(/session_id=([^;]+)/);
+    if (!match) {return null;}
+
+    const sessionId = match[1];
+    const session = Session.findById(sessionId);
+
+    return session ? {
+        id: session.user_id,
+        email: session.email,
+        username: session.username
+    } : null;
+}
+
+/**
+ * Logout by deleting session
+ */
+export async function logout(request) {
+    const cookieHeader = request.headers.get('Cookie');
+    if (!cookieHeader) {return { success: true };}
+
+    const match = cookieHeader.match(/session_id=([^;]+)/);
+    if (!match) {return { success: true };}
+
+    const sessionId = match[1];
+    Session.delete(sessionId);
+
+    return { success: true };
+}
+
+/**
+ * Middleware to require authentication
+ */
+export async function requireAuth(request) {
+    const user = await getSessionUser(request);
+    if (!user) {
+        return new Response(JSON.stringify({ error: 'Authentication required' }), {
+            status: 401,
+            headers: { 'Content-Type': 'application/json' }
+        });
+    }
+    return user;
+}