CS3219-AY2425S1
diff --git a/‎Makefile‎
Lines changed: 7 additions & 0 deletions b/‎Makefile‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎backend/user/.env.local‎
Lines changed: 3 additions & 0 deletions b/‎backend/user/.env.local‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎backend/user/docker-compose.yml‎
Lines changed: 2 additions & 1 deletion b/‎backend/user/docker-compose.yml‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎backend/user/express.Dockerfile‎
Lines changed: 2 additions & 1 deletion b/‎backend/user/express.Dockerfile‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎backend/user/package.json‎
Lines changed: 4 additions & 0 deletions b/‎backend/user/package.json‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎backend/user/src/controllers/auth-check/index.ts‎
Lines changed: 12 additions & 0 deletions b/‎backend/user/src/controllers/auth-check/index.ts‎
Lines changed: 12 additions & 0 deletions
diff --git a/‎backend/user/src/controllers/auth/index.ts‎
Lines changed: 8 additions & 2 deletions b/‎backend/user/src/controllers/auth/index.ts‎
Lines changed: 8 additions & 2 deletions
diff --git a/‎backend/user/src/index.ts‎
Lines changed: 1 addition & 1 deletion b/‎backend/user/src/index.ts‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎backend/user/src/lib/cookies/index.ts‎
Lines changed: 2 additions & 0 deletions b/‎backend/user/src/lib/cookies/index.ts‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎backend/user/src/routes/auth-check.ts‎
Lines changed: 9 additions & 0 deletions b/‎backend/user/src/routes/auth-check.ts‎
Lines changed: 9 additions & 0 deletions
@@ -0,0 +1,7 @@
+db-up:
+	./scripts/ensure-volume.sh
+	docker-compose --env-file .env.local up -d
+
+db-down:
+	docker-compose --env-file .env.local down
+
@@ -1,4 +1,7 @@
 EXPRESS_ENV="local"
+PEERPREP_UI_HOST="http://localhost:5173"
+
+EXPRESS_PORT=9001
 EXPRESS_DB_HOST="localhost"
 EXPRESS_DB_PORT=5431
 POSTGRES_DB="user"
 
@@ -26,8 +26,9 @@ services:
       args: 
         # For building with the correct env vars
         - env=${EXPRESS_ENV}
+        - port=${EXPRESS_PORT}
     ports:
-      - "9001:8001"
+      - "9001:${EXPRESS_PORT}"
     command: node dist/index.js
     env_file:
       - ./.env.local
 
@@ -13,5 +13,6 @@ COPY --from=build --chown=node:node /data/question-express/dist ./dist
 
 ARG env
 COPY ".env.${env}" .
-EXPOSE 8001
+ARG port
+EXPOSE ${port}
 CMD [ "npm", "run", "start" ]
@@ -20,6 +20,8 @@
   "description": "",
   "dependencies": {
     "bcrypt": "^5.1.1",
+    "cookie-parser": "^1.4.6",
+    "cors": "^2.8.5",
     "drizzle-orm": "^0.33.0",
     "env-cmd": "^10.1.0",
     "express": "^4.21.0",
@@ -35,6 +37,8 @@
     "@swc/core": "^1.7.26",
     "@swc/helpers": "^0.5.13",
     "@types/bcrypt": "^5.0.2",
+    "@types/cookie-parser": "^1.4.7",
+    "@types/cors": "^2.8.17",
     "@types/express": "^4.17.21",
     "@types/jsonwebtoken": "^9.0.6",
     "@types/node": "^22.5.5",
 
@@ -0,0 +1,12 @@
+import { StatusCodes } from 'http-status-codes';
+
+import { COOKIE_NAME, isCookieValid } from '@/lib/cookies';
+import { IRouteHandler } from '@/types';
+
+export const checkIsAuthed: IRouteHandler = async (req, res) => {
+  const cookie: string | undefined = req.cookies[COOKIE_NAME];
+  if (cookie && isCookieValid(cookie)) {
+    return res.status(StatusCodes.OK).json('OK');
+  }
+  return res.status(StatusCodes.UNAUTHORIZED).json('Unauthorised');
+};
@@ -1,5 +1,6 @@
 import { StatusCodes } from 'http-status-codes';
 
+import { COOKIE_NAME } from '@/lib/cookies';
 import {
   loginService,
   registerService,
@@ -20,13 +21,18 @@ export const login: IRouteHandler = async (req, res) => {
   }
   return res
     .status(StatusCodes.OK)
-    .cookie('jwtToken', data.cookie, { httpOnly: true })
+    .cookie(COOKIE_NAME, data.cookie, {
+      httpOnly: true,
+      secure: false, // For HTTPS: Set true
+      sameSite: 'lax',
+      path: '/',
+    })
     .json(data.user);
 };
 
 export const logout: IRouteHandler = async (_req, res) => {
   return res
-    .clearCookie('jwtToken', {
+    .clearCookie(COOKIE_NAME, {
       secure: true,
       sameSite: 'none',
     })
 
@@ -1,7 +1,7 @@
 import app, { dbHealthCheck } from '@/server';
 import { logger } from '@/lib/utils';
 
-const port = process.env.PORT || 8001;
+const port = Number.parseInt(process.env.EXPRESS_PORT ?? '8001');
 
 const listenMessage = `App listening on port: ${port}`;
 app.listen(port, async () => {
 
@@ -1,6 +1,8 @@
 import { JWT_SECRET_KEY } from '@/config';
 import jwt from 'jsonwebtoken';
 
+export const COOKIE_NAME = 'peerprep-user-session';
+
 export const generateCookie = <T extends object>(payload: T) => {
   return jwt.sign(payload, JWT_SECRET_KEY, {
     expiresIn: '30m',
 
@@ -0,0 +1,9 @@
+import express from 'express';
+
+import { checkIsAuthed } from '@/controllers/auth-check';
+
+const router = express.Router();
+
+router.get('/is-authed', checkIsAuthed);
+
+export default router;