Feat: Add complete auth system (Login, Register, OTP/2FA via Telegram, Session management)

app/api/auth/login/route.ts

@@ -0,0 +1,54 @@
+import { NextResponse } from 'next/server';
+import { findUser, verifyPassword, createSession } from '@/lib/auth';
+import { generateOTP } from '@/lib/otp';
+import TelegramBot from 'node-telegram-bot-api';
+
+const BOT_TOKEN = process.env.TELEGRAM_BOT_TOKEN;
+
+async function sendTelegramOTP(chatId: string, otp: string) {
+  if (!BOT_TOKEN) return false;
+  try {
+    const bot = new TelegramBot(BOT_TOKEN, { polling: false });
+    await bot.sendMessage(chatId, `🔐 *Código de Acceso Finanzas*\n\nTu código es: \`${otp}\`\n\nSi no intentaste ingresar, ignora este mensaje.`, { parse_mode: 'Markdown' });
+    return true;
+  } catch (e) {
+    console.error('Telegram send error:', e);
+    return false;
+  }
+}
+
+export async function POST(req: Request) {
+  try {
+    const { username, password } = await req.json();
+    const ip = req.headers.get('x-forwarded-for')?.split(',')[0].trim() || 'unknown';
+
+    const user = findUser(username);
+
+    if (!user || !(await verifyPassword(password, user.passwordHash))) {
+      return NextResponse.json({ error: 'Credenciales inválidas' }, { status: 401 });
+    }
+
+    // Check IP
+    const isKnownIp = user.knownIps.includes(ip);
+
+    if (isKnownIp) {
+      // Login success directly
+      await createSession(user);
+      return NextResponse.json({ success: true, requireOtp: false });
+    } else {
+      // Require OTP
+      const otp = generateOTP(user.username);
+      
+      const sent = await sendTelegramOTP(user.chatId, otp);
+      
+      if (!sent) {
+        return NextResponse.json({ error: 'No se pudo enviar el código OTP a Telegram' }, { status: 500 });
+      }
+
+      return NextResponse.json({ success: true, requireOtp: true });
+    }
+  } catch (error) {
+    console.error('Login error:', error);
+    return NextResponse.json({ error: 'Error interno' }, { status: 500 });
+  }
+}

app/api/auth/register/route.ts

@@ -0,0 +1,41 @@
+import { NextResponse } from 'next/server';
+import { saveUser, findUser, hashPassword, createSession } from '@/lib/auth';
+import { randomUUID } from 'crypto';
+
+export async function POST(req: Request) {
+  try {
+    const { username, password, chatId } = await req.json();
+
+    if (!username || !password || !chatId) {
+      return NextResponse.json({ error: 'Faltan datos requeridos' }, { status: 400 });
+    }
+
+    if (findUser(username)) {
+      return NextResponse.json({ error: 'El usuario ya existe' }, { status: 409 });
+    }
+
+    // Hash password
+    const passwordHash = await hashPassword(password);
+    
+    // Get IP
+    const ip = req.headers.get('x-forwarded-for') || '127.0.0.1';
+
+    const newUser = {
+      id: randomUUID(),
+      username,
+      passwordHash,
+      chatId,
+      knownIps: [ip] // Register current IP as known initially
+    };
+
+    saveUser(newUser);
+
+    // Auto login after register
+    await createSession(newUser);
+
+    return NextResponse.json({ success: true });
+  } catch (error) {
+    console.error('Register error:', error);
+    return NextResponse.json({ error: 'Error interno del servidor' }, { status: 500 });
+  }
+}

app/api/auth/send/route.ts

@@ -1,25 +0,0 @@
-import { NextResponse } from 'next/server';
-import TelegramBot from 'node-telegram-bot-api';
-import { generateOTP, saveOTP } from '@/lib/otp';
-
-export async function POST() {
-  const token = process.env.TELEGRAM_BOT_TOKEN;
-  const chatId = process.env.TELEGRAM_CHAT_ID;
-
-  if (!token || !chatId) {
-    console.error("Telegram credentials missing");
-    return NextResponse.json({ error: 'Telegram not configured' }, { status: 500 });
-  }
-
-  const otp = generateOTP();
-  saveOTP(otp);
-
-  const bot = new TelegramBot(token, { polling: false });
-  try {
-    await bot.sendMessage(chatId, `🔐 Your Login Code: ${otp}`);
-    return NextResponse.json({ success: true });
-  } catch (error: any) {
-    console.error('Telegram Error:', error);
-    return NextResponse.json({ error: 'Failed to send message: ' + error.message }, { status: 500 });
-  }
-}

app/api/auth/verify-otp/route.ts

@@ -0,0 +1,34 @@
+import { NextResponse } from 'next/server';
+import { findUser, saveUser, createSession } from '@/lib/auth';
+import { verifyOTP } from '@/lib/otp';
+
+export async function POST(req: Request) {
+  try {
+    const { username, otp } = await req.json();
+    const ip = req.headers.get('x-forwarded-for')?.split(',')[0].trim() || 'unknown';
+
+    if (!verifyOTP(username, otp)) {
+      return NextResponse.json({ error: 'Código inválido o expirado' }, { status: 401 });
+    }
+
+    const user = findUser(username);
+    if (!user) {
+        return NextResponse.json({ error: 'Usuario no encontrado' }, { status: 404 });
+    }
+
+    // Add IP to known list if not exists
+    if (!user.knownIps.includes(ip) && ip !== 'unknown') {
+      user.knownIps.push(ip);
+      saveUser(user);
+    }
+
+    // Login success
+    await createSession(user);
+
+    return NextResponse.json({ success: true });
+
+  } catch (error) {
+    console.error('OTP Verify error:', error);
+    return NextResponse.json({ error: 'Error interno' }, { status: 500 });
+  }
+}

app/api/auth/verify/route.ts

@@ -1,24 +0,0 @@
-import { NextResponse } from 'next/server';
-import { verifyOTP } from '@/lib/otp';
-import { cookies } from 'next/headers';
-
-export async function POST(req: Request) {
-  try {
-    const { code } = await req.json();
-    
-    if (verifyOTP(code)) {
-      // Set cookie
-      cookies().set('auth_token', 'true', { 
-        httpOnly: true,
-        secure: process.env.NODE_ENV === 'production',
-        maxAge: 60 * 60 * 24 * 7, // 1 week
-        path: '/'
-      });
-      return NextResponse.json({ success: true });
-    }
-    
-    return NextResponse.json({ error: 'Invalid Code' }, { status: 401 });
-  } catch (error) {
-    return NextResponse.json({ error: 'Invalid Request' }, { status: 400 });
-  }
-}