feat: implement full authentication system with CSRF protection and email verification flow
All checks were successful
Build and Push App / build (push) Successful in 5m59s
All checks were successful
Build and Push App / build (push) Successful in 5m59s
This commit is contained in:
7
app/api/auth/csrf/route.ts
Normal file
7
app/api/auth/csrf/route.ts
Normal file
@@ -0,0 +1,7 @@
|
||||
import { NextResponse } from 'next/server';
|
||||
import { generateCsrfToken } from '@/lib/csrf';
|
||||
|
||||
export async function GET() {
|
||||
const token = await generateCsrfToken();
|
||||
return NextResponse.json({ csrfToken: token });
|
||||
}
|
||||
@@ -1,9 +1,22 @@
|
||||
import { NextResponse } from 'next/server';
|
||||
import { NextResponse, NextRequest } from 'next/server';
|
||||
import prisma from '@/lib/prisma';
|
||||
import { sendEmail } from '@/lib/mail';
|
||||
import crypto from 'crypto';
|
||||
|
||||
export async function POST(req: Request) {
|
||||
import { verifyCsrfToken, verifyOrigin } from '@/lib/csrf';
|
||||
|
||||
export async function POST(req: NextRequest) {
|
||||
// CSRF Protection
|
||||
const isOriginValid = verifyOrigin(req);
|
||||
const isCsrfValid = await verifyCsrfToken(req);
|
||||
|
||||
if (!isOriginValid || !isCsrfValid) {
|
||||
return NextResponse.json(
|
||||
{ error: 'Protection CSRF : Requête invalide' },
|
||||
{ status: 403 }
|
||||
);
|
||||
}
|
||||
|
||||
try {
|
||||
const { email } = await req.json();
|
||||
|
||||
|
||||
@@ -2,7 +2,20 @@ import { NextRequest, NextResponse } from 'next/server';
|
||||
import prisma from '@/lib/prisma';
|
||||
import bcrypt from 'bcryptjs';
|
||||
|
||||
import { verifyCsrfToken, verifyOrigin } from '@/lib/csrf';
|
||||
|
||||
export async function POST(request: NextRequest) {
|
||||
// CSRF Protection
|
||||
const isOriginValid = verifyOrigin(request);
|
||||
const isCsrfValid = await verifyCsrfToken(request);
|
||||
|
||||
if (!isOriginValid || !isCsrfValid) {
|
||||
return NextResponse.json(
|
||||
{ error: 'Protection CSRF : Requête invalide' },
|
||||
{ status: 403 }
|
||||
);
|
||||
}
|
||||
|
||||
try {
|
||||
const { email, password } = await request.json();
|
||||
|
||||
|
||||
@@ -3,7 +3,20 @@ import prisma from '@/lib/prisma';
|
||||
import bcrypt from 'bcryptjs';
|
||||
import crypto from 'crypto';
|
||||
|
||||
import { verifyCsrfToken, verifyOrigin } from '@/lib/csrf';
|
||||
|
||||
export async function POST(request: NextRequest) {
|
||||
// CSRF Protection
|
||||
const isOriginValid = verifyOrigin(request);
|
||||
const isCsrfValid = await verifyCsrfToken(request);
|
||||
|
||||
if (!isOriginValid || !isCsrfValid) {
|
||||
return NextResponse.json(
|
||||
{ error: 'Protection CSRF : Requête invalide' },
|
||||
{ status: 403 }
|
||||
);
|
||||
}
|
||||
|
||||
try {
|
||||
const { name, email, password } = await request.json();
|
||||
|
||||
|
||||
@@ -2,7 +2,20 @@ import { NextRequest, NextResponse } from 'next/server';
|
||||
import prisma from '@/lib/prisma';
|
||||
import crypto from 'crypto';
|
||||
|
||||
import { verifyCsrfToken, verifyOrigin } from '@/lib/csrf';
|
||||
|
||||
export async function POST(request: NextRequest) {
|
||||
// CSRF Protection
|
||||
const isOriginValid = verifyOrigin(request);
|
||||
const isCsrfValid = await verifyCsrfToken(request);
|
||||
|
||||
if (!isOriginValid || !isCsrfValid) {
|
||||
return NextResponse.json(
|
||||
{ error: 'Protection CSRF : Requête invalide' },
|
||||
{ status: 403 }
|
||||
);
|
||||
}
|
||||
|
||||
try {
|
||||
const { email } = await request.json();
|
||||
|
||||
|
||||
@@ -1,10 +1,22 @@
|
||||
import { NextResponse } from 'next/server';
|
||||
import { NextResponse, NextRequest } from 'next/server';
|
||||
import prisma from '@/lib/prisma';
|
||||
import bcrypt from 'bcryptjs';
|
||||
import { verifyCsrfToken, verifyOrigin } from '@/lib/csrf';
|
||||
|
||||
export async function POST(request: NextRequest) {
|
||||
// CSRF Protection
|
||||
const isOriginValid = verifyOrigin(request);
|
||||
const isCsrfValid = await verifyCsrfToken(request);
|
||||
|
||||
if (!isOriginValid || !isCsrfValid) {
|
||||
return NextResponse.json(
|
||||
{ error: 'Protection CSRF : Requête invalide' },
|
||||
{ status: 403 }
|
||||
);
|
||||
}
|
||||
|
||||
export async function POST(req: Request) {
|
||||
try {
|
||||
const { token, password } = await req.json();
|
||||
const { token, password } = await request.json();
|
||||
|
||||
if (!token || !password) {
|
||||
return NextResponse.json({ error: 'Token et mot de passe sont requis' }, { status: 400 });
|
||||
|
||||
Reference in New Issue
Block a user