const express = require('express'); const router = express.Router(); const authController = require('../controllers/auth.controller'); const { validateRegistration, validateLogin } = require('../middleware/validation.middleware'); const { verifyToken } = require('../middleware/auth.middleware'); const { loginLimiter, registerLimiter, authLimiter } = require('../middleware/rateLimiter'); /** * @swagger * /auth/register: * post: * summary: Register a new user account * tags: [Authentication] * security: [] * requestBody: * required: true * content: * application/json: * schema: * type: object * required: * - username * - email * - password * properties: * username: * type: string * minLength: 3 * maxLength: 50 * description: Unique username (3-50 characters) * example: johndoe * email: * type: string * format: email * description: Valid email address * example: john@example.com * password: * type: string * minLength: 6 * description: Password (minimum 6 characters) * example: password123 * responses: * 201: * description: User registered successfully * content: * application/json: * schema: * type: object * properties: * message: * type: string * example: User registered successfully * user: * type: object * properties: * id: * type: integer * example: 1 * username: * type: string * example: johndoe * email: * type: string * example: john@example.com * role: * type: string * example: user * token: * type: string * description: JWT authentication token * example: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9... * 400: * $ref: '#/components/responses/ValidationError' * 409: * description: Username or email already exists * content: * application/json: * schema: * $ref: '#/components/schemas/Error' * example: * message: Username already exists * 500: * description: Server error */ router.post('/register', registerLimiter, validateRegistration, authController.register); /** * @swagger * /auth/login: * post: * summary: Login to user account * tags: [Authentication] * security: [] * requestBody: * required: true * content: * application/json: * schema: * type: object * required: * - email * - password * properties: * email: * type: string * description: Email or username * example: john@example.com * password: * type: string * description: Account password * example: password123 * responses: * 200: * description: Login successful * content: * application/json: * schema: * type: object * properties: * message: * type: string * example: Login successful * user: * $ref: '#/components/schemas/User' * token: * type: string * description: JWT authentication token * example: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9... * 400: * $ref: '#/components/responses/ValidationError' * 401: * description: Invalid credentials * content: * application/json: * schema: * $ref: '#/components/schemas/Error' * example: * message: Invalid credentials * 403: * description: Account is deactivated * content: * application/json: * schema: * $ref: '#/components/schemas/Error' * example: * message: Account is deactivated * 500: * description: Server error */ router.post('/login', loginLimiter, validateLogin, authController.login); /** * @swagger * /auth/logout: * post: * summary: Logout user (client-side token removal) * tags: [Authentication] * security: [] * responses: * 200: * description: Logout successful * content: * application/json: * schema: * type: object * properties: * message: * type: string * example: Logout successful */ router.post('/logout', authLimiter, authController.logout); /** * @swagger * /auth/verify: * get: * summary: Verify JWT token and return user information * tags: [Authentication] * security: * - bearerAuth: [] * responses: * 200: * description: Token is valid * content: * application/json: * schema: * type: object * properties: * message: * type: string * example: Token is valid * user: * $ref: '#/components/schemas/User' * 401: * $ref: '#/components/responses/UnauthorizedError' * 500: * description: Server error */ router.get('/verify', authLimiter, verifyToken, authController.verifyToken); module.exports = router;