julienfroidefond/peakskills
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: secu migrate to user uuid

Browse Source
This commit is contained in:
Julien Froidefond
2025-08-21 13:54:13 +02:00
parent ef16c73625
commit 578f0858e8
12 changed files with 532 additions and 70 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
app/api/auth/route.ts
View File

@@ -12,14 +12,14 @@ const COOKIE_MAX_AGE = 30 * 24 * 60 * 60; // 30 jours
export async function GET() {
try {
const cookieStore = await cookies();
const userId = cookieStore.get(COOKIE_NAME)?.value;
const userUuid = cookieStore.get(COOKIE_NAME)?.value;
if (!userId) {
if (!userUuid) {
return NextResponse.json({ user: null }, { status: 200 });
}
const evaluationService = new EvaluationService();
const userProfile = await evaluationService.getUserById(parseInt(userId));
const userProfile = await evaluationService.getUserByUuid(userUuid);
if (!userProfile) {
// Cookie invalide, le supprimer
@@ -44,7 +44,7 @@ export async function GET() {
export async function POST(request: NextRequest) {
try {
const profile: UserProfile = await request.json();
if (!profile.firstName || !profile.lastName || !profile.teamId) {
return NextResponse.json(
{ error: "Missing required fields" },
@@ -53,16 +53,19 @@ export async function POST(request: NextRequest) {
}
const evaluationService = new EvaluationService();
const userId = await evaluationService.upsertUser(profile);
const userUuid = await evaluationService.upsertUserUuid(profile);
// Créer la réponse avec le cookie
const response = NextResponse.json({
user: { ...profile, id: userId },
userId
}, { status: 200 });
const response = NextResponse.json(
{
user: { ...profile, uuid: userUuid },
userUuid,
},
{ status: 200 }
);
// Définir le cookie avec l'ID utilisateur
response.cookies.set(COOKIE_NAME, userId.toString(), {
// Définir le cookie avec l'UUID utilisateur (plus sécurisé)
response.cookies.set(COOKIE_NAME, userUuid, {
maxAge: COOKIE_MAX_AGE,
httpOnly: true,
secure: process.env.NODE_ENV === "production",
@@ -90,9 +93,6 @@ export async function DELETE() {
return response;
} catch (error) {
console.error("Error logging out user:", error);
return NextResponse.json(
{ error: "Failed to logout" },
{ status: 500 }
);
return NextResponse.json({ error: "Failed to logout" }, { status: 500 });
}
}