Update server/src/index.js
This commit is contained in:
@@ -24,17 +24,15 @@ const WORLD = {
|
||||
|
||||
// ===== Auth helpers =====
|
||||
|
||||
const COOKIE = 'auth';
|
||||
|
||||
function signToken(uid) {
|
||||
return jwt.sign({ uid }, process.env.JWT_SECRET, { expiresIn: '30d' });
|
||||
function signToken(cid) {
|
||||
return jwt.sign({ cid }, process.env.JWT_SECRET, { expiresIn: '30d' });
|
||||
}
|
||||
|
||||
function authFromReq(req) {
|
||||
try {
|
||||
const token = req.cookies?.[COOKIE];
|
||||
if (!token) return null;
|
||||
return jwt.verify(token, process.env.JWT_SECRET);
|
||||
return jwt.verify(token, process.env.JWT_SECRET); // { cid, iat, exp }
|
||||
} catch {
|
||||
return null;
|
||||
}
|
||||
@@ -42,13 +40,16 @@ function authFromReq(req) {
|
||||
|
||||
// ===== HTTP API =====
|
||||
|
||||
// Register a new character with username + password
|
||||
app.post('/api/register', async (req, res) => {
|
||||
const { username, password } = req.body || {};
|
||||
if (!username || !password)
|
||||
return res.status(400).json({ error: 'Missing fields' });
|
||||
if (!username || !password) {
|
||||
return res.status(400).json({ error: 'Missing username or password' });
|
||||
}
|
||||
|
||||
try {
|
||||
const user = await Users.create(username, password);
|
||||
const token = signToken(user.id);
|
||||
const ch = await Characters.create(username, password);
|
||||
const token = signToken(ch.id);
|
||||
res
|
||||
.cookie(COOKIE, token, { httpOnly: true, sameSite: 'lax' })
|
||||
.json({ ok: true });
|
||||
@@ -58,29 +59,40 @@ app.post('/api/register', async (req, res) => {
|
||||
}
|
||||
});
|
||||
|
||||
// Login as a specific character
|
||||
app.post('/api/login', async (req, res) => {
|
||||
const { username, password } = req.body || {};
|
||||
const user = await Users.verify(username, password);
|
||||
if (!user) return res.status(401).json({ error: 'Invalid login' });
|
||||
const token = signToken(user.id);
|
||||
if (!username || !password) {
|
||||
return res.status(400).json({ error: 'Missing username or password' });
|
||||
}
|
||||
|
||||
const ch = await Characters.verify(username, password);
|
||||
if (!ch) return res.status(401).json({ error: 'Invalid login' });
|
||||
|
||||
const token = signToken(ch.id);
|
||||
res
|
||||
.cookie(COOKIE, token, { httpOnly: true, sameSite: 'lax' })
|
||||
.json({ ok: true });
|
||||
});
|
||||
|
||||
// Logout: clear cookie
|
||||
app.post('/api/logout', (req, res) => {
|
||||
res.clearCookie(COOKIE).json({ ok: true });
|
||||
});
|
||||
|
||||
// Current character + inventory
|
||||
app.get('/api/me', async (req, res) => {
|
||||
const auth = authFromReq(req);
|
||||
if (!auth) return res.status(401).json({ error: 'Not logged in' });
|
||||
const ch = await Characters.getByUserId(auth.uid);
|
||||
if (!ch) return res.status(404).json({ error: 'No character' });
|
||||
|
||||
const ch = await Characters.getById(auth.cid);
|
||||
if (!ch) return res.status(404).json({ error: 'Character not found' });
|
||||
|
||||
const inv = await Inventory.all(ch.id);
|
||||
res.json({ character: ch, inventory: inv, world: WORLD });
|
||||
});
|
||||
|
||||
|
||||
// static client
|
||||
app.use(express.static(new URL('../static', import.meta.url).pathname));
|
||||
|
||||
@@ -113,7 +125,6 @@ spawnNodes();
|
||||
const socketsToPlayers = new Map(); // socket.id -> { x,y,name,uid,charId }
|
||||
|
||||
io.on('connection', socket => {
|
||||
// auth handshake
|
||||
socket.on('auth:join', async ack => {
|
||||
try {
|
||||
const cookieHeader = socket.handshake.headers.cookie || '';
|
||||
@@ -121,20 +132,23 @@ io.on('connection', socket => {
|
||||
if (!match) return ack?.({ error: 'no auth cookie' });
|
||||
|
||||
const token = match[1];
|
||||
const decoded = jwt.verify(token, process.env.JWT_SECRET);
|
||||
const ch = await Characters.getByUserId(decoded.uid);
|
||||
if (!ch) return ack?.({ error: 'no character' });
|
||||
const decoded = jwt.verify(token, process.env.JWT_SECRET); // { cid }
|
||||
|
||||
const ch = await Characters.getById(decoded.cid);
|
||||
if (!ch) return ack?.({ error: 'character missing' });
|
||||
|
||||
const player = {
|
||||
x: ch.x,
|
||||
y: ch.y,
|
||||
name: ch.name,
|
||||
uid: decoded.uid,
|
||||
name: ch.username,
|
||||
cid: decoded.cid,
|
||||
charId: ch.id
|
||||
};
|
||||
socketsToPlayers.set(socket.id, player);
|
||||
|
||||
socket.join('world');
|
||||
|
||||
// Send initial nodes in same handler or from separate listener
|
||||
socket.emit(
|
||||
'nodes:init',
|
||||
nodes.map(n => ({
|
||||
@@ -148,7 +162,7 @@ io.on('connection', socket => {
|
||||
|
||||
ack?.({
|
||||
ok: true,
|
||||
you: { name: ch.name, x: ch.x, y: ch.y },
|
||||
you: { name: ch.username, x: ch.x, y: ch.y },
|
||||
world: WORLD
|
||||
});
|
||||
} catch (e) {
|
||||
|
||||
Reference in New Issue
Block a user