first commit

Made-with: Cursor

backend/src/routes/auth.ts

@@ -0,0 +1,29 @@
+import { Router, Request, Response } from "express";
+import { nip98Auth } from "../middleware/nip98.js";
+import { signJwt, verifyJwt } from "../auth/jwt.js";
+
+const router = Router();
+
+/** Sign in with NIP-98 once; returns a JWT for subsequent requests. */
+router.post("/login", nip98Auth, (req: Request, res: Response) => {
+  const pubkey = req.nostr!.pubkey;
+  const token = signJwt(pubkey);
+  res.json({ token, pubkey });
+});
+
+/** Return current user from JWT (Bearer only). Used to restore session. */
+router.get("/me", (req: Request, res: Response) => {
+  const auth = req.headers.authorization;
+  if (!auth?.startsWith("Bearer ")) {
+    res.status(401).json({ code: "unauthorized", message: "Bearer token required." });
+    return;
+  }
+  const payload = verifyJwt(auth.slice(7).trim());
+  if (!payload) {
+    res.status(401).json({ code: "invalid_token", message: "Invalid or expired token." });
+    return;
+  }
+  res.json({ pubkey: payload.pubkey });
+});
+
+export default router;