lstV2/server/services/auth/routes/session.ts

import { z, createRoute, OpenAPIHono } from "@hono/zod-openapi";
import { verify } from "hono/jwt";

import { authMiddleware } from "../middleware/authMiddleware.js";
import jwt from "jsonwebtoken";

const session = new OpenAPIHono();
const expiresIn = Number(process.env.JWT_EXPIRES!) || 60;
const secret: string = process.env.JWT_SECRET!;

const { sign } = jwt;
const UserSchema = z.object({
  username: z
    .string()
    .regex(/^[a-zA-Z0-9_]{3,30}$/)
    .openapi({ example: "smith034" }),
  email: z.string().email().openapi({ example: "smith@example.com" }),
  password: z
    .string()
    .min(6, { message: "Passwords must be longer than 3 characters" })
    .regex(/[A-Z]/, {
      message: "Password must contain at least one uppercase letter",
    })
    .regex(/[\W_]/, {
      message: "Password must contain at least one special character",
    })
    .openapi({ example: "Password1!" }),
});

session.openapi(
  createRoute({
    tags: ["Auth"],
    summary: "Checks a user session based on there token",
    description: "Can post there via Authentiaction header or cookies",
    method: "get",
    path: "/session",
    middleware: authMiddleware,
    // request: {
    //     body: {
    //         content: {
    //             "application/json": {schema: UserSchema},
    //         },
    //     },
    // },
    responses: {
      200: {
        content: {
          "application/json": {
            schema: z.object({
              data: z.object({
                token: z
                  .string()
                  .openapi({
                    example: "sdkjhgsldkvhdakl;jvhs;adkjfhvds.kvnsad;ovhads",
                  }),
                // user: z.object({
                //     user_id: z.string().openapi({example: "04316c86-f086-4cc6-b3d4-cca164a26f3f"}),
                //     username: z.string().openapi({example: "smith"}),
                //     email: z.string().openapi({example: "smith@example.com"}).optional(),
                // }),
              }),
            }),
          },
        },
        description: "Login successful",
      },
      401: {
        content: {
          "application/json": {
            schema: z.object({
              message: z.string().openapi({ example: "Unathenticated" }),
            }),
          },
        },
        description: "Error of why you were not logged in.",
      },
    },
  }),
  async (c) => {
    const authHeader = c.req.header("Authorization");

    if (authHeader?.includes("Basic")) {
      return c.json(
        { message: "You are a Basic user! Please login to get a token" },
        401
      );
    }

    if (!authHeader) {
      return c.json({ message: "Unauthorized" }, 401);
    }

    const token = authHeader?.split("Bearer ")[1] || "";

    try {
      const payload = await verify(token, process.env.JWT_SECRET!);

      // If it's valid, return a new token
      const newToken = sign({ user: payload.user }, secret, {
        expiresIn: expiresIn * 60,
      });

      return c.json({ data: { token: newToken, user: payload.user } }, 200);
    } catch (error) {
      return c.json({ message: "Unauthorized" }, 401);
    }
  }
);

//     const token = authHeader?.split("Bearer ")[1] || "";

//     try {
//         const payload = await verify(token, process.env.JWT_SECRET!);
//         //console.log(payload);
//         //return c.json({data: {token, user: payload.user}}, 200);
//         return c.json({message: "something"});
//     } catch (err) {
//         return c.json({error: "Invalid or expired token"}, 401);
//     }
// });

export default session;