diff --git a/frontend/package-lock.json b/frontend/package-lock.json index 9519b6e..9c7aa40 100644 --- a/frontend/package-lock.json +++ b/frontend/package-lock.json @@ -12,6 +12,7 @@ "@heroicons/react": "^2.2.0", "@tabler/icons-react": "^3.44.0", "@tailwindcss/vite": "^4.3.2", + "axios": "^1.18.1", "lucide-react": "^1.23.0", "react": "^19.2.7", "react-dom": "^19.2.7", @@ -1541,6 +1542,18 @@ "acorn": "^6.0.0 || ^7.0.0 || ^8.0.0" } }, + "node_modules/agent-base": { + "version": "6.0.2", + "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-6.0.2.tgz", + "integrity": "sha512-RZNwNclF7+MS/8bDg70amg32dyeZGZxiDuQmZxKLAlQjr3jGyLx+4Kkk58UO7D2QdgFIQCovuSuZESne6RG6XQ==", + "license": "MIT", + "dependencies": { + "debug": "4" + }, + "engines": { + "node": ">= 6.0.0" + } + }, "node_modules/ajv": { "version": "6.15.0", "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.15.0.tgz", @@ -1558,6 +1571,24 @@ "url": "https://github.com/sponsors/epoberezkin" } }, + "node_modules/asynckit": { + "version": "0.4.0", + "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz", + "integrity": "sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==", + "license": "MIT" + }, + "node_modules/axios": { + "version": "1.18.1", + "resolved": "https://registry.npmjs.org/axios/-/axios-1.18.1.tgz", + "integrity": "sha512-3nTvFlvpn9Zu/RkHUqtc7/+al4UpRW5az71ap5zccp6e8RAYEzhMTecX8Dz1wWDYrPpUoB1HAQEGEAEvUr7S9g==", + "license": "MIT", + "dependencies": { + "follow-redirects": "^1.16.0", + "form-data": "^4.0.5", + "https-proxy-agent": "^5.0.1", + "proxy-from-env": "^2.1.0" + } + }, "node_modules/balanced-match": { "version": "4.0.4", "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-4.0.4.tgz", @@ -1628,6 +1659,19 @@ "node": "^6 || ^7 || ^8 || ^9 || ^10 || ^11 || ^12 || >=13.7" } }, + "node_modules/call-bind-apply-helpers": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/call-bind-apply-helpers/-/call-bind-apply-helpers-1.0.2.tgz", + "integrity": "sha512-Sp1ablJ0ivDkSzjcaJdxEunN5/XvksFJ2sMBFfq6x0ryhQV/2b/KwFe21cMpmHtPOSij8K99/wSfoEuTObmuMQ==", + "license": "MIT", + "dependencies": { + "es-errors": "^1.3.0", + "function-bind": "^1.1.2" + }, + "engines": { + "node": ">= 0.4" + } + }, "node_modules/caniuse-lite": { "version": "1.0.30001800", "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001800.tgz", @@ -1649,6 +1693,18 @@ ], "license": "CC-BY-4.0" }, + "node_modules/combined-stream": { + "version": "1.0.8", + "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz", + "integrity": "sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==", + "license": "MIT", + "dependencies": { + "delayed-stream": "~1.0.0" + }, + "engines": { + "node": ">= 0.8" + } + }, "node_modules/convert-source-map": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/convert-source-map/-/convert-source-map-2.0.0.tgz", @@ -1695,7 +1751,6 @@ "version": "4.4.3", "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.3.tgz", "integrity": "sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA==", - "dev": true, "license": "MIT", "dependencies": { "ms": "^2.1.3" @@ -1716,6 +1771,15 @@ "dev": true, "license": "MIT" }, + "node_modules/delayed-stream": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz", + "integrity": "sha512-ZySD7Nf91aLB0RxL4KGrKHBXl7Eds1DAmEdcoVawXnLD7SDhpNgtuII2aAkg7a7QS41jxPSZ17p4VdGnMHk3MQ==", + "license": "MIT", + "engines": { + "node": ">=0.4.0" + } + }, "node_modules/detect-libc": { "version": "2.1.2", "resolved": "https://registry.npmjs.org/detect-libc/-/detect-libc-2.1.2.tgz", @@ -1725,6 +1789,20 @@ "node": ">=8" } }, + "node_modules/dunder-proto": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/dunder-proto/-/dunder-proto-1.0.1.tgz", + "integrity": "sha512-KIN/nDJBQRcXw0MLVhZE9iQHmG68qAVIBg9CqmUYjmQIhgij9U5MFvrqkUL5FbtyyzZuOeOt0zdeRe4UY7ct+A==", + "license": "MIT", + "dependencies": { + "call-bind-apply-helpers": "^1.0.1", + "es-errors": "^1.3.0", + "gopd": "^1.2.0" + }, + "engines": { + "node": ">= 0.4" + } + }, "node_modules/electron-to-chromium": { "version": "1.5.384", "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.384.tgz", @@ -1745,6 +1823,51 @@ "node": ">=10.13.0" } }, + "node_modules/es-define-property": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/es-define-property/-/es-define-property-1.0.1.tgz", + "integrity": "sha512-e3nRfgfUZ4rNGL232gUgX06QNyyez04KdjFrF+LTRoOXmrOgFKDg4BCdsjW8EnT69eqdYGmRpJwiPVYNrCaW3g==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/es-errors": { + "version": "1.3.0", + "resolved": "https://registry.npmjs.org/es-errors/-/es-errors-1.3.0.tgz", + "integrity": "sha512-Zf5H2Kxt2xjTvbJvP2ZWLEICxA6j+hAmMzIlypy4xcBg1vKVnx89Wy0GbS+kf5cwCVFFzdCFh2XSCFNULS6csw==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/es-object-atoms": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/es-object-atoms/-/es-object-atoms-1.1.2.tgz", + "integrity": "sha512-HWcBoN6NileqtSydK2FqHbS/LoDd2pqrnQHLyJzBj4kOp/ky2MWMN694xOfkK8/SnUsW2DH7EfyVlydKCsm1Zw==", + "license": "MIT", + "dependencies": { + "es-errors": "^1.3.0" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/es-set-tostringtag": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/es-set-tostringtag/-/es-set-tostringtag-2.1.0.tgz", + "integrity": "sha512-j6vWzfrGVfyXxge+O0x5sh6cvxAog0a/4Rdd2K36zCMV5eJ+/+tOAngRO8cODMNWbVRdVlmGZQL2YS3yR8bIUA==", + "license": "MIT", + "dependencies": { + "es-errors": "^1.3.0", + "get-intrinsic": "^1.2.6", + "has-tostringtag": "^1.0.2", + "hasown": "^2.0.2" + }, + "engines": { + "node": ">= 0.4" + } + }, "node_modules/escalade": { "version": "3.2.0", "resolved": "https://registry.npmjs.org/escalade/-/escalade-3.2.0.tgz", @@ -2042,6 +2165,42 @@ "dev": true, "license": "ISC" }, + "node_modules/follow-redirects": { + "version": "1.16.0", + "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.16.0.tgz", + "integrity": "sha512-y5rN/uOsadFT/JfYwhxRS5R7Qce+g3zG97+JrtFZlC9klX/W5hD7iiLzScI4nZqUS7DNUdhPgw4xI8W2LuXlUw==", + "funding": [ + { + "type": "individual", + "url": "https://github.com/sponsors/RubenVerborgh" + } + ], + "license": "MIT", + "engines": { + "node": ">=4.0" + }, + "peerDependenciesMeta": { + "debug": { + "optional": true + } + } + }, + "node_modules/form-data": { + "version": "4.0.6", + "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.6.tgz", + "integrity": "sha512-vKatAh4SlVfgbv+YtmhiRjhEMJsYpsG1Y2rMQtR+SVSbytsSD1YGzDIcrAJmdFec88u/+VoGmxnl+80gL1tRCQ==", + "license": "MIT", + "dependencies": { + "asynckit": "^0.4.0", + "combined-stream": "^1.0.8", + "es-set-tostringtag": "^2.1.0", + "hasown": "^2.0.4", + "mime-types": "^2.1.35" + }, + "engines": { + "node": ">= 6" + } + }, "node_modules/fsevents": { "version": "2.3.3", "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz", @@ -2056,6 +2215,15 @@ "node": "^8.16.0 || ^10.6.0 || >=11.0.0" } }, + "node_modules/function-bind": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz", + "integrity": "sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA==", + "license": "MIT", + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, "node_modules/gensync": { "version": "1.0.0-beta.2", "resolved": "https://registry.npmjs.org/gensync/-/gensync-1.0.0-beta.2.tgz", @@ -2066,6 +2234,43 @@ "node": ">=6.9.0" } }, + "node_modules/get-intrinsic": { + "version": "1.3.0", + "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.3.0.tgz", + "integrity": "sha512-9fSjSaos/fRIVIp+xSJlE6lfwhES7LNtKaCBIamHsjr2na1BiABJPo0mOjjz8GJDURarmCPGqaiVg5mfjb98CQ==", + "license": "MIT", + "dependencies": { + "call-bind-apply-helpers": "^1.0.2", + "es-define-property": "^1.0.1", + "es-errors": "^1.3.0", + "es-object-atoms": "^1.1.1", + "function-bind": "^1.1.2", + "get-proto": "^1.0.1", + "gopd": "^1.2.0", + "has-symbols": "^1.1.0", + "hasown": "^2.0.2", + "math-intrinsics": "^1.1.0" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/get-proto": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/get-proto/-/get-proto-1.0.1.tgz", + "integrity": "sha512-sTSfBjoXBp89JvIKIefqw7U2CCebsc74kiY6awiGogKtoSGbgjYE/G/+l9sF3MWFPNc9IcoOC4ODfKHfxFmp0g==", + "license": "MIT", + "dependencies": { + "dunder-proto": "^1.0.1", + "es-object-atoms": "^1.0.0" + }, + "engines": { + "node": ">= 0.4" + } + }, "node_modules/glob-parent": { "version": "6.0.2", "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-6.0.2.tgz", @@ -2092,12 +2297,63 @@ "url": "https://github.com/sponsors/sindresorhus" } }, + "node_modules/gopd": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/gopd/-/gopd-1.2.0.tgz", + "integrity": "sha512-ZUKRh6/kUFoAiTAtTYPZJ3hw9wNxx+BIBOijnlG9PnrJsCcSjs1wyyD6vJpaYtgnzDrKYRSqf3OO6Rfa93xsRg==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, "node_modules/graceful-fs": { "version": "4.2.11", "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.11.tgz", "integrity": "sha512-RbJ5/jmFcNNCcDV5o9eTnBLJ/HszWV0P73bc+Ff4nS/rJj+YaS6IGyiOL0VoBYX+l1Wrl3k63h/KrH+nhJ0XvQ==", "license": "ISC" }, + "node_modules/has-symbols": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.1.0.tgz", + "integrity": "sha512-1cDNdwJ2Jaohmb3sg4OmKaMBwuC48sYni5HUw2DvsC8LjGTLK9h+eb1X6RyuOHe4hT0ULCW68iomhjUoKUqlPQ==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/has-tostringtag": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/has-tostringtag/-/has-tostringtag-1.0.2.tgz", + "integrity": "sha512-NqADB8VjPFLM2V0VvHUewwwsw0ZWBaIdgo+ieHtK3hasLz4qeCRjYcqfB6AQrBggRKppKF8L52/VqdVsO47Dlw==", + "license": "MIT", + "dependencies": { + "has-symbols": "^1.0.3" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/hasown": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.4.tgz", + "integrity": "sha512-T2UbfbBEF32wiepXIsMlTW9+dDYC6wMh/t/vYA4tuOMKqWz/n3vr1NFSxQiyP+zk2mXsoMA/i/7qV6LKut1t1A==", + "license": "MIT", + "dependencies": { + "function-bind": "^1.1.2" + }, + "engines": { + "node": ">= 0.4" + } + }, "node_modules/hermes-estree": { "version": "0.25.1", "resolved": "https://registry.npmjs.org/hermes-estree/-/hermes-estree-0.25.1.tgz", @@ -2115,6 +2371,19 @@ "hermes-estree": "0.25.1" } }, + "node_modules/https-proxy-agent": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-5.0.1.tgz", + "integrity": "sha512-dFcAjpTQFgoLMzC2VwU+C/CbS7uRL0lWmxDITmqm7C+7F0Odmj6s9l6alZc6AELXhrnggM2CeWSXHGOdX2YtwA==", + "license": "MIT", + "dependencies": { + "agent-base": "6", + "debug": "4" + }, + "engines": { + "node": ">= 6" + } + }, "node_modules/ignore": { "version": "5.3.2", "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.3.2.tgz", @@ -2568,6 +2837,36 @@ "@jridgewell/sourcemap-codec": "^1.5.5" } }, + "node_modules/math-intrinsics": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/math-intrinsics/-/math-intrinsics-1.1.0.tgz", + "integrity": "sha512-/IXtbwEk5HTPyEwyKX6hGkYXxM9nbj64B+ilVJnC/R6B0pH5G4V3b0pVbL7DBj4tkhBAppbQUlf6F6Xl9LHu1g==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/mime-db": { + "version": "1.52.0", + "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz", + "integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/mime-types": { + "version": "2.1.35", + "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz", + "integrity": "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==", + "license": "MIT", + "dependencies": { + "mime-db": "1.52.0" + }, + "engines": { + "node": ">= 0.6" + } + }, "node_modules/minimatch": { "version": "10.2.5", "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.2.5.tgz", @@ -2588,7 +2887,6 @@ "version": "2.1.3", "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==", - "dev": true, "license": "MIT" }, "node_modules/nanoid": { @@ -2772,6 +3070,15 @@ "react-is": "^16.13.1" } }, + "node_modules/proxy-from-env": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-2.1.0.tgz", + "integrity": "sha512-cJ+oHTW1VAEa8cJslgmUZrc+sjRKgAKl3Zyse6+PV38hZe/V6Z14TbCuXcan9F9ghlz4QrFr2c92TNF82UkYHA==", + "license": "MIT", + "engines": { + "node": ">=10" + } + }, "node_modules/punycode": { "version": "2.3.1", "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.3.1.tgz", diff --git a/frontend/package.json b/frontend/package.json index cf75644..f647a9f 100644 --- a/frontend/package.json +++ b/frontend/package.json @@ -14,6 +14,7 @@ "@heroicons/react": "^2.2.0", "@tabler/icons-react": "^3.44.0", "@tailwindcss/vite": "^4.3.2", + "axios": "^1.18.1", "lucide-react": "^1.23.0", "react": "^19.2.7", "react-dom": "^19.2.7", diff --git a/frontend/src/App.tsx b/frontend/src/App.tsx index aed7a80..feb99ac 100644 --- a/frontend/src/App.tsx +++ b/frontend/src/App.tsx @@ -1,12 +1,14 @@ import { BrowserRouter, Routes, Route } from 'react-router-dom' import Landing from './pages/Landing' +import Login from './pages/auth/Login' export default function App() { return ( } /> - {/* auth and app routes come later */} + } /> + {/* protected app routes come next */} ) diff --git a/frontend/src/api/auth.ts b/frontend/src/api/auth.ts new file mode 100644 index 0000000..fcfbae3 --- /dev/null +++ b/frontend/src/api/auth.ts @@ -0,0 +1,22 @@ +import { apiClient } from "./client"; + +export interface AuthResponse { + accessToken: string; + refreshToken: string; +} + +export interface LoginRequest { + email: string; + password: string; +} + +export const authApi = { + login: (data: LoginRequest) => + apiClient.post("/api/auth/login", data), + + refresh: (refreshToken: string) => + apiClient.post("/api/auth/refresh", { refreshToken }), + + logout: (refreshToken: string) => + apiClient.post("/api/auth/logout", { refreshToken }), +}; \ No newline at end of file diff --git a/frontend/src/api/client.ts b/frontend/src/api/client.ts new file mode 100644 index 0000000..20baa15 --- /dev/null +++ b/frontend/src/api/client.ts @@ -0,0 +1,91 @@ +import axios, { AxiosError, type InternalAxiosRequestConfig } from "axios"; +import { tokenStorage } from "../auth/tokenStorage"; + +const BASE_URL = import.meta.env.VITE_API_BASE_URL; + +export const apiClient = axios.create({ + baseURL: BASE_URL, + headers: { "Content-Type": "application/json" }, + timeout: 15_000, +}); + +// ── Request interceptor — inject access token ────────────────────────────── +apiClient.interceptors.request.use( + (config: InternalAxiosRequestConfig) => { + const token = tokenStorage.getAccess(); + if (token) { + config.headers.Authorization = `Bearer ${token}`; + } + return config; + }, + (error) => Promise.reject(error) +); + +// ── Response interceptor — silent token refresh on 401 ──────────────────── +let isRefreshing = false; +let refreshQueue: Array<{ + resolve: (token: string) => void; + reject: (err: unknown) => void; +}> = []; + +function processQueue(error: unknown, token: string | null) { + refreshQueue.forEach(({ resolve, reject }) => { + if (error) reject(error); + else if (token) resolve(token); + }); + refreshQueue = []; +} + +apiClient.interceptors.response.use( + (response) => response, + async (error: AxiosError) => { + const original = error.config as InternalAxiosRequestConfig & { + _retry?: boolean; + }; + + // only attempt refresh on 401, and not on the refresh endpoint itself + const is401 = error.response?.status === 401; + const isRefreshEndpoint = original.url?.includes("/auth/refresh"); + + if (!is401 || isRefreshEndpoint || original._retry) { + return Promise.reject(error); + } + + if (isRefreshing) { + // queue this request until the refresh completes + return new Promise((resolve, reject) => { + refreshQueue.push({ resolve, reject }); + }).then((token) => { + original.headers.Authorization = `Bearer ${token}`; + return apiClient(original); + }); + } + + original._retry = true; + isRefreshing = true; + + try { + const refreshToken = tokenStorage.getRefresh(); + if (!refreshToken) throw new Error("No refresh token"); + + const { data } = await axios.post<{ + accessToken: string; + refreshToken: string; + }>(`${BASE_URL}/api/auth/refresh`, { refreshToken }); + + tokenStorage.set(data.accessToken, data.refreshToken); + processQueue(null, data.accessToken); + + original.headers.Authorization = `Bearer ${data.accessToken}`; + return apiClient(original); + } catch (refreshError) { + processQueue(refreshError, null); + tokenStorage.clear(); + // signal the auth context to reset state + window.dispatchEvent(new Event("gatelog:session-expired")); + return Promise.reject(refreshError); + } finally { + isRefreshing = false; + } + } +); \ No newline at end of file diff --git a/frontend/src/auth/AuthContext.tsx b/frontend/src/auth/AuthContext.tsx new file mode 100644 index 0000000..f9ac5e1 --- /dev/null +++ b/frontend/src/auth/AuthContext.tsx @@ -0,0 +1,150 @@ +import { + createContext, + useCallback, + useContext, + useEffect, + useMemo, + useState, +} from "react"; +import { authApi } from "../api/auth"; +import { + getEmailFromToken, + getRoleFromToken, + getUserIdFromToken, + isTokenExpired, +} from "./jwt"; +import { tokenStorage } from "./tokenStorage"; + +export type Role = "SUPER_ADMIN" | "MANAGER" | "STAFF"; + +export interface AuthUser { + userId: string; + email: string; + role: Role; +} + +interface AuthState { + user: AuthUser | null; + isAuthenticated: boolean; + isLoading: boolean; +} + +interface AuthContextValue extends AuthState { + login: (email: string, password: string) => Promise; + logout: () => Promise; + isRole: (...roles: Role[]) => boolean; +} + +const AuthContext = createContext(null); + +function buildUser(accessToken: string): AuthUser { + return { + userId: getUserIdFromToken(accessToken), + email: getEmailFromToken(accessToken), + role: getRoleFromToken(accessToken) as Role, + }; +} + +export function AuthProvider({ children }: { children: React.ReactNode }) { + const [state, setState] = useState(() => { + const accessToken = tokenStorage.getAccess(); + const refreshToken = tokenStorage.getRefresh(); + + if (!accessToken || !refreshToken) { + return { user: null, isAuthenticated: false, isLoading: false }; + } + + if (!isTokenExpired(accessToken)) { + return { + user: buildUser(accessToken), + isAuthenticated: true, + isLoading: false, + }; + } + + return { user: null, isAuthenticated: false, isLoading: true }; + }); + + // ── Bootstrap — restore session from stored token ────────────────────── + useEffect(() => { + const accessToken = tokenStorage.getAccess(); + const refreshToken = tokenStorage.getRefresh(); + + if (!accessToken || !refreshToken) return; + + if (!isTokenExpired(accessToken)) { + return; + } + + // access token expired — try silent refresh + authApi + .refresh(refreshToken) + .then(({ data }) => { + tokenStorage.set(data.accessToken, data.refreshToken); + setState({ + user: buildUser(data.accessToken), + isAuthenticated: true, + isLoading: false, + }); + }) + .catch(() => { + tokenStorage.clear(); + setState({ user: null, isAuthenticated: false, isLoading: false }); + }); + }, []); + + // ── Listen for session expiry from axios interceptor ────────────────── + useEffect(() => { + const onExpired = () => { + setState({ user: null, isAuthenticated: false, isLoading: false }); + }; + window.addEventListener("gatelog:session-expired", onExpired); + return () => window.removeEventListener("gatelog:session-expired", onExpired); + }, []); + + // ── Login ────────────────────────────────────────────────────────────── + const login = useCallback(async (email: string, password: string) => { + const { data } = await authApi.login({ email, password }); + tokenStorage.set(data.accessToken, data.refreshToken); + setState({ + user: buildUser(data.accessToken), + isAuthenticated: true, + isLoading: false, + }); + }, []); + + // ── Logout ───────────────────────────────────────────────────────────── + const logout = useCallback(async () => { + const refreshToken = tokenStorage.getRefresh(); + try { + if (refreshToken) await authApi.logout(refreshToken); + } catch { + // server-side logout failure is non-critical — clear locally regardless + } finally { + tokenStorage.clear(); + setState({ user: null, isAuthenticated: false, isLoading: false }); + } + }, []); + + // ── Role helper ──────────────────────────────────────────────────────── + const isRole = useCallback( + (...roles: Role[]) => { + return state.user ? roles.includes(state.user.role) : false; + }, + [state.user] + ); + + const value = useMemo( + () => ({ ...state, login, logout, isRole }), + [state, login, logout, isRole] + ); + + return {children}; +} + +// eslint-disable-next-line react-refresh/only-export-components +export function useAuth(): AuthContextValue { + const ctx = useContext(AuthContext); + if (!ctx) throw new Error("useAuth must be used within AuthProvider"); + return ctx; +} \ No newline at end of file diff --git a/frontend/src/auth/ProtectedRoute.tsx b/frontend/src/auth/ProtectedRoute.tsx new file mode 100644 index 0000000..e039006 --- /dev/null +++ b/frontend/src/auth/ProtectedRoute.tsx @@ -0,0 +1,66 @@ +import { Navigate, Outlet, useLocation } from "react-router-dom"; +import { useAuth, type Role } from "./AuthContext"; + +interface ProtectedRouteProps { + allowedRoles?: Role[]; +} + +export default function ProtectedRoute({ allowedRoles }: ProtectedRouteProps) { + const { isAuthenticated, isLoading, user } = useAuth(); + const location = useLocation(); + + // still bootstrapping from localStorage — render nothing + if (isLoading) return ; + + // not authenticated — send to login, preserve intended destination + if (!isAuthenticated) { + return ; + } + + // authenticated but wrong role + if (allowedRoles && user && !allowedRoles.includes(user.role)) { + return ; + } + + return ; +} + +function AppLoader() { + return ( +
+ + +
+ ); +} \ No newline at end of file diff --git a/frontend/src/auth/jwt.ts b/frontend/src/auth/jwt.ts new file mode 100644 index 0000000..e649733 --- /dev/null +++ b/frontend/src/auth/jwt.ts @@ -0,0 +1,35 @@ +export interface JwtPayload { + sub: string; // userId + email: string; + role: string; + iat: number; + exp: number; +} + +export function parseJwt(token: string): JwtPayload { + const payload = token.split(".")[1]; + const decoded = atob(payload.replace(/-/g, "+").replace(/_/g, "/")); + return JSON.parse(decoded); +} + +export function isTokenExpired(token: string): boolean { + try { + const { exp } = parseJwt(token); + // treat as expired 30 seconds early to avoid edge cases + return Date.now() / 1000 >= exp - 30; + } catch { + return true; + } +} + +export function getRoleFromToken(token: string): string { + return parseJwt(token).role; +} + +export function getUserIdFromToken(token: string): string { + return parseJwt(token).sub; +} + +export function getEmailFromToken(token: string): string { + return parseJwt(token).email; +} \ No newline at end of file diff --git a/frontend/src/auth/tokenStorage.ts b/frontend/src/auth/tokenStorage.ts new file mode 100644 index 0000000..cfee984 --- /dev/null +++ b/frontend/src/auth/tokenStorage.ts @@ -0,0 +1,20 @@ +const ACCESS_TOKEN_KEY = "gatelog_access_token"; +const REFRESH_TOKEN_KEY = "gatelog_refresh_token"; + +export const tokenStorage = { + getAccess: (): string | null => + localStorage.getItem(ACCESS_TOKEN_KEY), + + getRefresh: (): string | null => + localStorage.getItem(REFRESH_TOKEN_KEY), + + set: (accessToken: string, refreshToken: string): void => { + localStorage.setItem(ACCESS_TOKEN_KEY, accessToken); + localStorage.setItem(REFRESH_TOKEN_KEY, refreshToken); + }, + + clear: (): void => { + localStorage.removeItem(ACCESS_TOKEN_KEY); + localStorage.removeItem(REFRESH_TOKEN_KEY); + }, +}; \ No newline at end of file diff --git a/frontend/src/components/layout/Navbar.tsx b/frontend/src/components/layout/Navbar.tsx index a074903..1a14d5e 100644 --- a/frontend/src/components/layout/Navbar.tsx +++ b/frontend/src/components/layout/Navbar.tsx @@ -1,16 +1,17 @@ import { useEffect, useState } from 'react' -import { Link } from 'react-router-dom' +import { Link, useNavigate } from 'react-router-dom' import { Menu, X } from 'lucide-react' const links = [ - { label: 'Features', href: '#features' }, - { label: 'Who It\'s For', href: '#for-who' }, - { label: 'About', href: '#about' }, + { label: 'Features', href: '#features' }, + { label: "Who It's For", href: '#for-who' }, + { label: 'About', href: '#about' }, ] export default function Navbar() { - const [scrolled, setScrolled] = useState(false) - const [menuOpen, setMenuOpen] = useState(false) + const [scrolled, setScrolled] = useState(false) + const [menuOpen, setMenuOpen] = useState(false) + const navigate = useNavigate() useEffect(() => { const onScroll = () => setScrolled(window.scrollY > 24) @@ -24,6 +25,11 @@ export default function Navbar() { if (el) el.scrollIntoView({ behavior: 'smooth' }) } + const goToLogin = () => { + setMenuOpen(false) + navigate('/login') + } + return (