AuthLogic - IEEE-Team-3/map GitHub Wiki
-
Sign Up
- Validates email/password
- Hashes password
- Saves user in DB
-
Login
- Compares password hash
- Issues JWT token
-
Token Management
- Access Token (short-lived)
- Refresh Token (long-lived, stored in HttpOnly cookie)
POST /api/auth/register
POST /api/auth/login
POST /api/auth/logout
GET /api/auth/me
-
requireAuth
: Verifies token and setsreq.user
-
checkGlobalRole
: Restricts routes by global role
- Rate limiting login attempts
- Email verification before full access
- Option for 2FA (future support)