rezidir/GeoShare
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add JWT auth for protected routes, add /reg endpoint, remove /user endpoints

Browse Source
This commit is contained in:
dmit.b
2026-05-08 13:38:52 +03:00
parent 49bb854ca2
commit 3124629e6c
9 changed files with 109 additions and 145 deletions
Download Patch File Download Diff File Expand all files Collapse all files
bin/routes/auth_routes.dart
+31 -6
View File
@@ -1,7 +1,10 @@
import 'package:shelf/shelf.dart';
import 'package:shelf_router/shelf_router.dart';
import 'package:bcrypt/bcrypt.dart';
import 'package:dart_jsonwebtoken/dart_jsonwebtoken.dart';
import 'package:dotenv/dotenv.dart';
import '../database/database_provider.dart';
import '../middleware/auth_middleware.dart';
import 'dart:convert';
class AuthRoutes {
@@ -12,7 +15,8 @@ class AuthRoutes {
Router get routes {
final router = Router();
router.post('/login', _login);
router.get('/watch', _watch);
router.post('/reg', _register);
router.get('/watch', AuthMiddleware(_watch).call);
return router;
}
@@ -29,19 +33,40 @@ class AuthRoutes {
return Response(401, body: 'Invalid credentials');
}
return Response(200, body: jsonEncode({'user': user.toMap()}));
// Генерация JWT токена
final dotenv = DotEnv();
final secret = dotenv['JWT_SECRET'] ?? '';
final jwt = JWT(
{'user_id': user.id, 'login': user.login},
issuer: 'family_safety_tracker'
);
final token = jwt.sign(SecretKey(secret));
return Response(200, body: jsonEncode({
'user': user.toMap(),
'token': token
}));
}
Future<Response> _register(Request request) async {
final body = await request.readAsString();
final data = jsonDecode(body);
final login = data['login'];
final password = data['password'];
final user = await database.createUser(login, password);
return Response(201, body: jsonEncode(user.toMap()));
}
Future<Response> _watch(Request request) async {
final uniqueId = request.url.queryParameters['unique_id'];
final userId = database.getUserIdByShareId(uniqueId!);
if (userId == null) {
if (!database.isValidShareId(uniqueId!)) {
return Response(404, body: 'Share link not found');
}
final position = await database.getLatestPosition(userId);
final position = await database.getLatestPosition();
if (position == null) {
return Response(404, body: 'No position available');