infoalloggi-monorepo/apps/infoalloggi/src/server/api/routers/auth.ts

138 lines
3.1 KiB
TypeScript
Raw Normal View History

import { z } from "zod/v4";
import { zMildPassword } from "~/hooks/usePassword";
2025-08-04 17:45:44 +02:00
import {
2025-08-28 18:27:07 +02:00
adminProcedure,
createTRPCRouter,
protectedProcedure,
publicProcedure,
2025-08-04 17:45:44 +02:00
} from "~/server/api/trpc";
import {
2025-08-28 18:27:07 +02:00
createUserAdmin,
logIn,
logOut,
passwordChange,
swapAuth,
2025-08-04 17:45:44 +02:00
} from "~/server/controllers/auth.controller";
import {
2025-08-28 18:27:07 +02:00
genPasswordResetToken,
isTokenValid,
passwordOverrideHandler,
pwResetSendLinkHandler,
resetPasswordFromTokenHandler,
2025-08-04 17:45:44 +02:00
} from "~/server/services/auth.service";
2025-08-28 18:27:07 +02:00
import { zUserId } from "~/server/utils/zod_types";
2025-08-04 17:45:44 +02:00
// Create a new ratelimiter, that allows 10 requests per 10 seconds
/*
const ratelimit = new RateLimiterHandler({
windowSize: 10,
maxRequests: 10,
analytics: true,
});
*/
export const authRouter = createTRPCRouter({
2025-08-29 16:18:32 +02:00
addUserAdmin: adminProcedure
2025-08-28 18:27:07 +02:00
.input(
z.object({
2025-08-29 16:18:32 +02:00
cognome: z.string().nonempty("Inserisci un cognome valido"),
2025-08-28 18:27:07 +02:00
email: z.email(),
2025-08-29 16:18:32 +02:00
nome: z.string().nonempty("Inserisci un nome valido"),
password: zMildPassword,
2025-08-29 16:18:32 +02:00
telefono: z.string().nonempty("Inserisci un numero di telefono"),
2025-08-28 18:27:07 +02:00
}),
)
2025-08-29 16:18:32 +02:00
.mutation(async ({ input }) => {
return await createUserAdmin({ ...input });
2025-08-28 18:27:07 +02:00
}),
2025-08-29 16:18:32 +02:00
ChangePassword: protectedProcedure
2025-08-28 18:27:07 +02:00
.input(
z.object({
2025-08-29 16:18:32 +02:00
newpassword: z.string(),
oldpassword: z.string(),
2025-08-28 18:27:07 +02:00
}),
)
.mutation(async ({ ctx, input }) => {
2025-08-29 16:18:32 +02:00
return await passwordChange({
userId: ctx.session.id,
ctx,
2025-08-29 16:18:32 +02:00
...input,
});
}),
checkTokenValidity: publicProcedure
.input(z.object({ token: z.string() }))
.query(async ({ input }) => {
return await isTokenValid({ token: input.token });
2025-08-28 18:27:07 +02:00
}),
2025-08-04 17:45:44 +02:00
2025-08-29 16:18:32 +02:00
genPswResetToken: adminProcedure
.input(z.object({ id: zUserId }))
.mutation(async ({ input }) => {
return await genPasswordResetToken({ id: input.id });
}),
2025-08-04 17:45:44 +02:00
2025-08-28 18:27:07 +02:00
getSession: publicProcedure.query(async ({ ctx }) => {
if (ctx.session?.isBlocked) return null;
return { session: ctx.session, sessionStatus: ctx.sessionStatus };
2025-08-28 18:27:07 +02:00
}),
2025-08-29 16:18:32 +02:00
loginUser: publicProcedure
2025-08-28 18:27:07 +02:00
.input(
z.object({
email: z.email(),
2025-08-29 16:18:32 +02:00
password: z.string(),
2025-08-28 18:27:07 +02:00
}),
)
2025-08-29 16:18:32 +02:00
.mutation(async ({ input, ctx }) => {
return await logIn({
...input,
ctx: ctx,
});
2025-08-28 18:27:07 +02:00
}),
2025-08-04 17:45:44 +02:00
2025-08-29 16:18:32 +02:00
logoutUser: protectedProcedure.mutation(async ({ ctx }) => {
await logOut({ req: ctx.req, res: ctx.res });
2025-08-29 16:18:32 +02:00
return "logout success";
}),
PasswordOverride: adminProcedure
2025-08-29 16:18:32 +02:00
.input(
z.object({
id: zUserId,
password: z.string(),
}),
)
2025-08-28 18:27:07 +02:00
.mutation(async ({ input }) => {
return await passwordOverrideHandler({ ...input });
2025-08-29 16:18:32 +02:00
}),
2025-08-28 18:27:07 +02:00
resetPasswordFromToken: publicProcedure
.input(
z.object({
newpassword: z.string(),
resetToken: z.string(),
}),
)
.mutation(async ({ input }) => {
return await resetPasswordFromTokenHandler({
newpassword: input.newpassword,
token: input.resetToken,
});
}),
sendResetLink: publicProcedure
.input(z.object({ email: z.string() }))
.mutation(async ({ input }) => {
return await pwResetSendLinkHandler({
email: input.email,
});
}),
2025-08-29 16:18:32 +02:00
swapUser: adminProcedure
2025-08-28 18:27:07 +02:00
.input(
z.object({
id: zUserId,
}),
)
2025-08-29 16:18:32 +02:00
.mutation(async ({ ctx, input }) => {
return await swapAuth({ ctx, userId: input.id });
2025-08-28 18:27:07 +02:00
}),
2025-08-04 17:45:44 +02:00
});