renato97/finanzas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Feat: Add complete auth system (Login, Register, OTP/2FA via Telegram, Session management)

Browse Source
This commit is contained in:
ren
2026-01-29 14:57:19 +01:00
parent 811c78ffa5
commit 020218275f
14 changed files with 645 additions and 178 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
app/api/auth/login/route.ts Normal file
View File

@@ -0,0 +1,54 @@
import { NextResponse } from 'next/server';
import { findUser, verifyPassword, createSession } from '@/lib/auth';
import { generateOTP } from '@/lib/otp';
import TelegramBot from 'node-telegram-bot-api';
const BOT_TOKEN = process.env.TELEGRAM_BOT_TOKEN;
async function sendTelegramOTP(chatId: string, otp: string) {
if (!BOT_TOKEN) return false;
try {
const bot = new TelegramBot(BOT_TOKEN, { polling: false });
await bot.sendMessage(chatId, `🔐 *Código de Acceso Finanzas*\n\nTu código es: \`${otp}\`\n\nSi no intentaste ingresar, ignora este mensaje.`, { parse_mode: 'Markdown' });
return true;
} catch (e) {
console.error('Telegram send error:', e);
return false;
}
}
export async function POST(req: Request) {
try {
const { username, password } = await req.json();
const ip = req.headers.get('x-forwarded-for')?.split(',')[0].trim() || 'unknown';
const user = findUser(username);
if (!user || !(await verifyPassword(password, user.passwordHash))) {
return NextResponse.json({ error: 'Credenciales inválidas' }, { status: 401 });
}
// Check IP
const isKnownIp = user.knownIps.includes(ip);
if (isKnownIp) {
// Login success directly
await createSession(user);
return NextResponse.json({ success: true, requireOtp: false });
} else {
// Require OTP
const otp = generateOTP(user.username);
const sent = await sendTelegramOTP(user.chatId, otp);
if (!sent) {
return NextResponse.json({ error: 'No se pudo enviar el código OTP a Telegram' }, { status: 500 });
}
return NextResponse.json({ success: true, requireOtp: true });
}
} catch (error) {
console.error('Login error:', error);
return NextResponse.json({ error: 'Error interno' }, { status: 500 });
}
}

41
app/api/auth/register/route.ts Normal file
View File

@@ -0,0 +1,41 @@
import { NextResponse } from 'next/server';
import { saveUser, findUser, hashPassword, createSession } from '@/lib/auth';
import { randomUUID } from 'crypto';
export async function POST(req: Request) {
try {
const { username, password, chatId } = await req.json();
if (!username || !password || !chatId) {
return NextResponse.json({ error: 'Faltan datos requeridos' }, { status: 400 });
}
if (findUser(username)) {
return NextResponse.json({ error: 'El usuario ya existe' }, { status: 409 });
}
// Hash password
const passwordHash = await hashPassword(password);
// Get IP
const ip = req.headers.get('x-forwarded-for') || '127.0.0.1';
const newUser = {
id: randomUUID(),
username,
passwordHash,
chatId,
knownIps: [ip] // Register current IP as known initially
};
saveUser(newUser);
// Auto login after register
await createSession(newUser);
return NextResponse.json({ success: true });
} catch (error) {
console.error('Register error:', error);
return NextResponse.json({ error: 'Error interno del servidor' }, { status: 500 });
}
}

25
app/api/auth/send/route.ts
View File

@@ -1,25 +0,0 @@
import { NextResponse } from 'next/server';
import TelegramBot from 'node-telegram-bot-api';
import { generateOTP, saveOTP } from '@/lib/otp';
export async function POST() {
const token = process.env.TELEGRAM_BOT_TOKEN;
const chatId = process.env.TELEGRAM_CHAT_ID;
if (!token || !chatId) {
console.error("Telegram credentials missing");
return NextResponse.json({ error: 'Telegram not configured' }, { status: 500 });
}
const otp = generateOTP();
saveOTP(otp);
const bot = new TelegramBot(token, { polling: false });
try {
await bot.sendMessage(chatId, `🔐 Your Login Code: ${otp}`);
return NextResponse.json({ success: true });
} catch (error: any) {
console.error('Telegram Error:', error);
return NextResponse.json({ error: 'Failed to send message: ' + error.message }, { status: 500 });
}
}

34
app/api/auth/verify-otp/route.ts Normal file
View File

@@ -0,0 +1,34 @@
import { NextResponse } from 'next/server';
import { findUser, saveUser, createSession } from '@/lib/auth';
import { verifyOTP } from '@/lib/otp';
export async function POST(req: Request) {
try {
const { username, otp } = await req.json();
const ip = req.headers.get('x-forwarded-for')?.split(',')[0].trim() || 'unknown';
if (!verifyOTP(username, otp)) {
return NextResponse.json({ error: 'Código inválido o expirado' }, { status: 401 });
}
const user = findUser(username);
if (!user) {
return NextResponse.json({ error: 'Usuario no encontrado' }, { status: 404 });
}
// Add IP to known list if not exists
if (!user.knownIps.includes(ip) && ip !== 'unknown') {
user.knownIps.push(ip);
saveUser(user);
}
// Login success
await createSession(user);
return NextResponse.json({ success: true });
} catch (error) {
console.error('OTP Verify error:', error);
return NextResponse.json({ error: 'Error interno' }, { status: 500 });
}
}

24
app/api/auth/verify/route.ts
View File

@@ -1,24 +0,0 @@
import { NextResponse } from 'next/server';
import { verifyOTP } from '@/lib/otp';
import { cookies } from 'next/headers';
export async function POST(req: Request) {
try {
const { code } = await req.json();
if (verifyOTP(code)) {
// Set cookie
cookies().set('auth_token', 'true', {
httpOnly: true,
secure: process.env.NODE_ENV === 'production',
maxAge: 60 * 60 * 24 * 7, // 1 week
path: '/'
});
return NextResponse.json({ success: true });
}
return NextResponse.json({ error: 'Invalid Code' }, { status: 401 });
} catch (error) {
return NextResponse.json({ error: 'Invalid Request' }, { status: 400 });
}
}

218
app/login/page.tsx
View File

@@ -2,23 +2,43 @@
import { useState } from 'react'; import { useState } from 'react';
import { useRouter } from 'next/navigation'; import { useRouter } from 'next/navigation';
import { Lock, Send, Loader2 } from 'lucide-react'; import { Lock, User, Key, ArrowRight, ShieldCheck, Loader2 } from 'lucide-react';
import Link from 'next/link';
export default function LoginPage() { export default function LoginPage() {
const [step, setStep] = useState<'initial' | 'verify'>('initial'); const router = useRouter();
const [code, setCode] = useState(''); const [step, setStep] = useState<'credentials' | 'otp'>('credentials');
const [loading, setLoading] = useState(false); const [loading, setLoading] = useState(false);
const [error, setError] = useState(''); const [error, setError] = useState('');
const router = useRouter();
const sendCode = async () => { const [formData, setFormData] = useState({
username: '',
password: '',
otp: ''
});
const handleLogin = async (e: React.FormEvent) => {
e.preventDefault();
setLoading(true); setLoading(true);
setError(''); setError('');
try { try {
const res = await fetch('/api/auth/send', { method: 'POST' }); const res = await fetch('/api/auth/login', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ username: formData.username, password: formData.password })
});
const data = await res.json(); const data = await res.json();
if (!res.ok) throw new Error(data.error || 'Failed to send code');
setStep('verify'); if (!res.ok) throw new Error(data.error || 'Error al iniciar sesión');
if (data.requireOtp) {
setStep('otp');
} else {
router.push('/');
router.refresh();
}
} catch (err: any) { } catch (err: any) {
setError(err.message); setError(err.message);
} finally { } finally {
@@ -26,19 +46,22 @@ export default function LoginPage() {
} }
}; };
const verifyCode = async () => { const handleVerifyOtp = async (e: React.FormEvent) => {
e.preventDefault();
setLoading(true); setLoading(true);
setError(''); setError('');
try { try {
const res = await fetch('/api/auth/verify', { const res = await fetch('/api/auth/verify-otp', {
method: 'POST', method: 'POST',
headers: { 'Content-Type': 'application/json' }, headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ code }) body: JSON.stringify({ username: formData.username, otp: formData.otp })
}); });
const data = await res.json();
if (!res.ok) throw new Error(data.error || 'Invalid code');
// Redirect const data = await res.json();
if (!res.ok) throw new Error(data.error || 'Código incorrecto');
router.push('/'); router.push('/');
router.refresh(); router.refresh();
} catch (err: any) { } catch (err: any) {
@@ -49,66 +72,121 @@ export default function LoginPage() {
}; };
return ( return (
<div className="flex min-h-screen items-center justify-center bg-gray-900 text-white p-4"> <div className="min-h-screen bg-slate-950 flex items-center justify-center p-4">
<div className="w-full max-w-md bg-gray-800 rounded-lg shadow-xl p-8 border border-gray-700"> <div className="w-full max-w-md bg-slate-900 border border-slate-800 rounded-2xl shadow-xl overflow-hidden">
<div className="flex flex-col items-center mb-8"> {/* Header */}
<div className="bg-blue-600 p-3 rounded-full mb-4"> <div className="bg-slate-950/50 p-6 text-center border-b border-slate-800">
<Lock className="w-8 h-8 text-white" /> <div className="mx-auto w-12 h-12 bg-emerald-500/10 rounded-xl flex items-center justify-center mb-4">
<Lock className="w-6 h-6 text-emerald-500" />
</div> </div>
<h1 className="text-2xl font-bold">Secure Access</h1> <h1 className="text-2xl font-bold text-white mb-1">Bienvenido</h1>
<p className="text-gray-400 mt-2 text-center"> <p className="text-slate-400 text-sm">Sistema de Finanzas Personales</p>
Finanzas Personales
</p>
</div> </div>
{error && ( <div className="p-6">
<div className="bg-red-900/50 border border-red-500 text-red-200 p-3 rounded mb-4 text-sm"> {error && (
{error} <div className="mb-6 p-3 bg-red-500/10 border border-red-500/20 rounded-lg text-red-400 text-sm text-center">
</div> {error}
)} </div>
)}
{step === 'initial' ? ( {step === 'credentials' ? (
<div className="space-y-4"> <form onSubmit={handleLogin} className="space-y-4">
<p className="text-gray-300 text-center text-sm"> <div className="space-y-2">
Click below to receive a login code via Telegram. <label className="text-xs font-medium text-slate-400 uppercase tracking-wider">Usuario</label>
</p> <div className="relative">
<button <User className="absolute left-3 top-2.5 w-5 h-5 text-slate-500" />
onClick={sendCode} <input
disabled={loading} type="text"
className="w-full bg-blue-600 hover:bg-blue-500 text-white font-semibold py-3 px-4 rounded-lg transition flex items-center justify-center gap-2 disabled:opacity-50" required
> value={formData.username}
{loading ? <Loader2 className="animate-spin" /> : <Send size={20} />} onChange={e => setFormData({...formData, username: e.target.value})}
Send Code to Telegram className="w-full pl-10 pr-4 py-2.5 bg-slate-950 border border-slate-800 rounded-lg text-white focus:ring-2 focus:ring-emerald-500 focus:border-emerald-500 outline-none transition-all placeholder:text-slate-600"
</button> placeholder="Ingresa tu usuario"
</div> />
) : ( </div>
<div className="space-y-4"> </div>
<p className="text-gray-300 text-center text-sm">
Enter the 6-digit code sent to your Telegram. <div className="space-y-2">
</p> <label className="text-xs font-medium text-slate-400 uppercase tracking-wider">Contraseña</label>
<input <div className="relative">
type="text" <Key className="absolute left-3 top-2.5 w-5 h-5 text-slate-500" />
value={code} <input
onChange={(e) => setCode(e.target.value)} type="password"
placeholder="123456" required
className="w-full bg-gray-700 border border-gray-600 rounded-lg px-4 py-3 text-center text-2xl tracking-widest focus:outline-none focus:ring-2 focus:ring-blue-500" value={formData.password}
maxLength={6} onChange={e => setFormData({...formData, password: e.target.value})}
/> className="w-full pl-10 pr-4 py-2.5 bg-slate-950 border border-slate-800 rounded-lg text-white focus:ring-2 focus:ring-emerald-500 focus:border-emerald-500 outline-none transition-all placeholder:text-slate-600"
<button placeholder="••••••••"
onClick={verifyCode} />
disabled={loading || code.length < 4} </div>
className="w-full bg-green-600 hover:bg-green-500 text-white font-semibold py-3 px-4 rounded-lg transition flex items-center justify-center gap-2 disabled:opacity-50" </div>
>
{loading ? <Loader2 className="animate-spin" /> : 'Verify & Login'} <button
</button> type="submit"
<button disabled={loading}
onClick={() => setStep('initial')} className="w-full bg-emerald-600 hover:bg-emerald-500 text-white font-medium py-2.5 rounded-lg transition-colors flex items-center justify-center gap-2 disabled:opacity-50 disabled:cursor-not-allowed mt-2"
className="w-full text-gray-400 hover:text-white text-sm" >
> {loading ? <Loader2 className="animate-spin w-5 h-5" /> : (
Cancel <>
</button> Ingresar <ArrowRight className="w-4 h-4" />
</div> </>
)} )}
</button>
</form>
) : (
<form onSubmit={handleVerifyOtp} className="space-y-4 animate-in slide-in-from-right-8 fade-in duration-300">
<div className="text-center mb-6">
<div className="inline-flex items-center justify-center w-16 h-16 bg-blue-500/10 rounded-full mb-4">
<ShieldCheck className="w-8 h-8 text-blue-500" />
</div>
<h3 className="text-lg font-medium text-white">Verificación de Identidad</h3>
<p className="text-slate-400 text-sm mt-1">
Hemos enviado un código a tu Telegram.
<br />Ingrésalo para continuar.
</p>
</div>
<div className="space-y-2">
<input
type="text"
required
autoFocus
maxLength={6}
value={formData.otp}
onChange={e => setFormData({...formData, otp: e.target.value.replace(/\D/g, '')})}
className="w-full text-center text-2xl tracking-[0.5em] font-mono py-3 bg-slate-950 border border-slate-800 rounded-lg text-white focus:ring-2 focus:ring-blue-500 focus:border-blue-500 outline-none transition-all"
placeholder="000000"
/>
</div>
<button
type="submit"
disabled={loading || formData.otp.length !== 6}
className="w-full bg-blue-600 hover:bg-blue-500 text-white font-medium py-2.5 rounded-lg transition-colors flex items-center justify-center gap-2 disabled:opacity-50 disabled:cursor-not-allowed"
>
{loading ? <Loader2 className="animate-spin w-5 h-5" /> : 'Verificar Código'}
</button>
<button
type="button"
onClick={() => setStep('credentials')}
className="w-full text-slate-500 text-sm hover:text-slate-300 transition-colors"
>
Volver atrás
</button>
</form>
)}
</div>
<div className="bg-slate-950/50 p-4 text-center border-t border-slate-800">
<p className="text-slate-500 text-sm">
¿No tienes cuenta?{' '}
<Link href="/register" className="text-emerald-500 hover:text-emerald-400 font-medium hover:underline">
Regístrate aquí
</Link>
</p>
</div>
</div> </div>
</div> </div>
); );

135
app/register/page.tsx Normal file
View File

@@ -0,0 +1,135 @@
'use client';
import { useState } from 'react';
import { useRouter } from 'next/navigation';
import { UserPlus, User, Key, MessageSquare, Loader2 } from 'lucide-react';
import Link from 'next/link';
export default function RegisterPage() {
const router = useRouter();
const [loading, setLoading] = useState(false);
const [error, setError] = useState('');
const [formData, setFormData] = useState({
username: '',
password: '',
chatId: ''
});
const handleRegister = async (e: React.FormEvent) => {
e.preventDefault();
setLoading(true);
setError('');
try {
const res = await fetch('/api/auth/register', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify(formData)
});
const data = await res.json();
if (!res.ok) throw new Error(data.error || 'Error al registrarse');
router.push('/');
router.refresh();
} catch (err: any) {
setError(err.message);
} finally {
setLoading(false);
}
};
return (
<div className="min-h-screen bg-slate-950 flex items-center justify-center p-4">
<div className="w-full max-w-md bg-slate-900 border border-slate-800 rounded-2xl shadow-xl overflow-hidden">
{/* Header */}
<div className="bg-slate-950/50 p-6 text-center border-b border-slate-800">
<div className="mx-auto w-12 h-12 bg-blue-500/10 rounded-xl flex items-center justify-center mb-4">
<UserPlus className="w-6 h-6 text-blue-500" />
</div>
<h1 className="text-2xl font-bold text-white mb-1">Crear Cuenta</h1>
<p className="text-slate-400 text-sm">Configura tu acceso a Finanzas</p>
</div>
<div className="p-6">
{error && (
<div className="mb-6 p-3 bg-red-500/10 border border-red-500/20 rounded-lg text-red-400 text-sm text-center">
{error}
</div>
)}
<form onSubmit={handleRegister} className="space-y-4">
<div className="space-y-2">
<label className="text-xs font-medium text-slate-400 uppercase tracking-wider">Usuario</label>
<div className="relative">
<User className="absolute left-3 top-2.5 w-5 h-5 text-slate-500" />
<input
type="text"
required
value={formData.username}
onChange={e => setFormData({...formData, username: e.target.value})}
className="w-full pl-10 pr-4 py-2.5 bg-slate-950 border border-slate-800 rounded-lg text-white focus:ring-2 focus:ring-blue-500 focus:border-blue-500 outline-none transition-all placeholder:text-slate-600"
placeholder="Elige un usuario"
/>
</div>
</div>
<div className="space-y-2">
<label className="text-xs font-medium text-slate-400 uppercase tracking-wider">Contraseña</label>
<div className="relative">
<Key className="absolute left-3 top-2.5 w-5 h-5 text-slate-500" />
<input
type="password"
required
value={formData.password}
onChange={e => setFormData({...formData, password: e.target.value})}
className="w-full pl-10 pr-4 py-2.5 bg-slate-950 border border-slate-800 rounded-lg text-white focus:ring-2 focus:ring-blue-500 focus:border-blue-500 outline-none transition-all placeholder:text-slate-600"
placeholder="Mínimo 6 caracteres"
minLength={6}
/>
</div>
</div>
<div className="space-y-2">
<label className="text-xs font-medium text-slate-400 uppercase tracking-wider">Telegram Chat ID</label>
<div className="relative">
<MessageSquare className="absolute left-3 top-2.5 w-5 h-5 text-slate-500" />
<input
type="text"
required
value={formData.chatId}
onChange={e => setFormData({...formData, chatId: e.target.value})}
className="w-full pl-10 pr-4 py-2.5 bg-slate-950 border border-slate-800 rounded-lg text-white focus:ring-2 focus:ring-blue-500 focus:border-blue-500 outline-none transition-all placeholder:text-slate-600"
placeholder="Ej: 123456789"
/>
</div>
<p className="text-[10px] text-slate-500 flex gap-1">
<span></span>
Envía /start a tu bot para obtener este ID.
</p>
</div>
<button
type="submit"
disabled={loading}
className="w-full bg-blue-600 hover:bg-blue-500 text-white font-medium py-2.5 rounded-lg transition-colors flex items-center justify-center gap-2 disabled:opacity-50 disabled:cursor-not-allowed mt-2"
>
{loading ? <Loader2 className="animate-spin w-5 h-5" /> : 'Registrar Cuenta'}
</button>
</form>
</div>
<div className="bg-slate-950/50 p-4 text-center border-t border-slate-800">
<p className="text-slate-500 text-sm">
¿Ya tienes cuenta?{' '}
<Link href="/login" className="text-blue-500 hover:text-blue-400 font-medium hover:underline">
Inicia Sesión
</Link>
</p>
</div>
</div>
</div>
);
}

19
data/db.json
View File

@@ -1,23 +1,6 @@
{ {
"fixedDebts": [], "fixedDebts": [],
"variableDebts": [ "variableDebts": [],
{
"name": "netflix",
"amount": 5000,
"date": "2026-01-29T00:00:00.000Z",
"category": "shopping",
"isPaid": false,
"id": "f2e424ca-5f07-4f57-9386-822354e0ee1e"
},
{
"name": "youtube",
"amount": 2500,
"date": "2026-01-29T00:00:00.000Z",
"category": "shopping",
"isPaid": false,
"id": "621c3caf-529b-4c33-b46f-3d86b119dd75"
}
],
"creditCards": [], "creditCards": [],
"cardPayments": [], "cardPayments": [],
"monthlyBudgets": [], "monthlyBudgets": [],

84
lib/auth.ts Normal file
View File

@@ -0,0 +1,84 @@
import fs from 'fs';
import path from 'path';
import { User } from './types';
import bcrypt from 'bcryptjs';
import { SignJWT, jwtVerify } from 'jose';
import { cookies } from 'next/headers';
const USERS_FILE = path.join(process.cwd(), 'data', 'users.json');
const SECRET_KEY = new TextEncoder().encode(process.env.JWT_SECRET || 'fallback-secret-key-change-me');
// --- User Management ---
export function getUsers(): User[] {
if (!fs.existsSync(USERS_FILE)) {
fs.writeFileSync(USERS_FILE, JSON.stringify([]));
return [];
}
try {
const data = fs.readFileSync(USERS_FILE, 'utf8');
return JSON.parse(data);
} catch (e) {
return [];
}
}
export function saveUser(user: User) {
const users = getUsers();
const existingIndex = users.findIndex(u => u.username === user.username);
if (existingIndex >= 0) {
users[existingIndex] = user;
} else {
users.push(user);
}
fs.writeFileSync(USERS_FILE, JSON.stringify(users, null, 2));
}
export function findUser(username: string): User | undefined {
return getUsers().find(u => u.username === username);
}
// --- Security Utils ---
export async function hashPassword(password: string): Promise<string> {
return await bcrypt.hash(password, 10);
}
export async function verifyPassword(password: string, hash: string): Promise<boolean> {
return await bcrypt.compare(password, hash);
}
// --- Session Management (JWT) ---
export async function createSession(user: User) {
const token = await new SignJWT({ username: user.username, chatId: user.chatId })
.setProtectedHeader({ alg: 'HS256' })
.setExpirationTime('7d')
.sign(SECRET_KEY);
cookies().set('session', token, {
httpOnly: true,
secure: process.env.NODE_ENV === 'production',
sameSite: 'lax',
maxAge: 60 * 60 * 24 * 7, // 7 days
path: '/',
});
}
export async function verifySession() {
const session = cookies().get('session')?.value;
if (!session) return null;
try {
const { payload } = await jwtVerify(session, SECRET_KEY);
return payload as { username: string; chatId: string };
} catch (error) {
return null;
}
}
export function destroySession() {
cookies().delete('session');
}

65
lib/otp.ts
View File

@@ -8,32 +8,57 @@ interface OTPData {
expiresAt: number; expiresAt: number;
} }
export function generateOTP(): string { // Map username -> OTP Data
return Math.floor(100000 + Math.random() * 900000).toString(); type OTPStore = Record<string, OTPData>;
}
export function saveOTP(code: string) { function getStore(): OTPStore {
const data: OTPData = { if (!fs.existsSync(OTP_FILE)) return {};
code,
expiresAt: Date.now() + 5 * 60 * 1000 // 5 minutes
};
try { try {
fs.writeFileSync(OTP_FILE, JSON.stringify(data)); return JSON.parse(fs.readFileSync(OTP_FILE, 'utf8'));
} catch (err) { } catch {
console.error("Error saving OTP:", err); return {};
} }
} }
export function verifyOTP(code: string): boolean { function saveStore(store: OTPStore) {
if (!fs.existsSync(OTP_FILE)) return false;
try { try {
const data: OTPData = JSON.parse(fs.readFileSync(OTP_FILE, 'utf8')); fs.writeFileSync(OTP_FILE, JSON.stringify(store));
if (Date.now() > data.expiresAt) return false; } catch (err) {
// Simple check console.error("Error saving OTP store:", err);
return String(data.code).trim() === String(code).trim(); }
} catch (e) { }
console.error("Error verifying OTP:", e);
export function generateOTP(username: string): string {
const code = Math.floor(100000 + Math.random() * 900000).toString(); // 6 digits
const store = getStore();
store[username] = {
code,
expiresAt: Date.now() + 5 * 60 * 1000, // 5 minutes
};
saveStore(store);
return code;
}
export function verifyOTP(username: string, code: string): boolean {
const store = getStore();
const entry = store[username];
if (!entry) return false;
if (Date.now() > entry.expiresAt) {
delete store[username];
saveStore(store);
return false; return false;
} }
// Compare strings safely
if (String(entry.code).trim() === String(code).trim()) {
delete store[username]; // Consume OTP so it can't be reused
saveStore(store);
return true;
}
return false;
} }

9
lib/types.ts
View File

@@ -110,3 +110,12 @@ export interface AppSettings {
} }
aiProviders: AIServiceConfig[] aiProviders: AIServiceConfig[]
} }
// Auth Types
export interface User {
id: string
username: string
passwordHash: string
chatId: string
knownIps: string[]
}

81
middleware.ts
View File

@@ -1,34 +1,77 @@
import { NextResponse } from 'next/server' import { NextResponse } from 'next/server';
import type { NextRequest } from 'next/server' import type { NextRequest } from 'next/server';
import { jwtVerify } from 'jose';
export function middleware(request: NextRequest) { const SECRET_KEY = new TextEncoder().encode(process.env.JWT_SECRET || 'fallback-secret-key-change-me');
const token = request.cookies.get('auth_token')
// Public paths that don't require authentication export async function middleware(request: NextRequest) {
const session = request.cookies.get('session')?.value;
const { pathname } = request.nextUrl;
// Paths that are always public
const publicPaths = [
'/login',
'/register',
'/api/auth/login',
'/api/auth/register',
'/api/auth/verify-otp',
'/api/auth/send'
];
// Static assets and Next.js internals
if ( if (
request.nextUrl.pathname.startsWith('/_next') || pathname.startsWith('/_next') ||
request.nextUrl.pathname.startsWith('/static') || pathname.startsWith('/static') ||
request.nextUrl.pathname === '/login' || pathname.includes('.') // images, icons, etc
request.nextUrl.pathname === '/favicon.ico' ||
request.nextUrl.pathname.startsWith('/api/auth')
) { ) {
// If user is already logged in and tries to access login, redirect to dashboard return NextResponse.next();
if (token && request.nextUrl.pathname === '/login') { }
return NextResponse.redirect(new URL('/', request.url))
const isPublic = publicPaths.some(path => pathname.startsWith(path));
// If user has session, try to verify it
let isValidSession = false;
if (session) {
try {
await jwtVerify(session, SECRET_KEY);
isValidSession = true;
} catch (e) {
isValidSession = false;
} }
return NextResponse.next()
} }
// If no token, redirect to login // Logic:
if (!token) {
return NextResponse.redirect(new URL('/login', request.url)) // 1. If public path and Logged In -> Redirect to Dashboard
if (isPublic && isValidSession && (pathname === '/login' || pathname === '/register')) {
return NextResponse.redirect(new URL('/', request.url));
} }
return NextResponse.next() // 2. If public path -> Allow
if (isPublic) {
return NextResponse.next();
}
// 3. If protected path and Not Logged In -> Redirect to Login
if (!isValidSession) {
const loginUrl = new URL('/login', request.url);
// Optional: Add ?from=pathname to redirect back after login
return NextResponse.redirect(loginUrl);
}
// 4. Protected path and Logged In -> Allow
return NextResponse.next();
} }
export const config = { export const config = {
matcher: [ matcher: [
/*
* Match all request paths except for the ones starting with:
* - api (API routes) -> Wait, we WANT to protect API routes except auth ones
* - _next/static (static files)
* - _next/image (image optimization files)
* - favicon.ico (favicon file)
*/
'/((?!_next/static|_next/image|favicon.ico).*)', '/((?!_next/static|_next/image|favicon.ico).*)',
], ],
} };

27
package-lock.json generated
View File

@@ -14,10 +14,13 @@
"@types/react-dom": "^19.2.3", "@types/react-dom": "^19.2.3",
"@types/uuid": "^10.0.0", "@types/uuid": "^10.0.0",
"autoprefixer": "^10.4.23", "autoprefixer": "^10.4.23",
"bcryptjs": "^3.0.3",
"class-variance-authority": "^0.7.1", "class-variance-authority": "^0.7.1",
"clsx": "^2.1.1", "clsx": "^2.1.1",
"date-fns": "^4.1.0", "date-fns": "^4.1.0",
"dotenv": "^17.2.3", "dotenv": "^17.2.3",
"headers-polyfill": "^4.0.3",
"jose": "^6.1.3",
"lucide-react": "^0.563.0", "lucide-react": "^0.563.0",
"next": "^14.2.35", "next": "^14.2.35",
"node-telegram-bot-api": "^0.67.0", "node-telegram-bot-api": "^0.67.0",
@@ -773,6 +776,15 @@
"tweetnacl": "^0.14.3" "tweetnacl": "^0.14.3"
} }
}, },
"node_modules/bcryptjs": {
"version": "3.0.3",
"resolved": "https://registry.npmjs.org/bcryptjs/-/bcryptjs-3.0.3.tgz",
"integrity": "sha512-GlF5wPWnSa/X5LKM1o0wz0suXIINz1iHRLvTS+sLyi7XPbe5ycmYI3DlZqVGZZtDgl4DmasFg7gOB3JYbphV5g==",
"license": "BSD-3-Clause",
"bin": {
"bcrypt": "bin/bcrypt"
}
},
"node_modules/binary-extensions": { "node_modules/binary-extensions": {
"version": "2.3.0", "version": "2.3.0",
"resolved": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.3.0.tgz", "resolved": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.3.0.tgz",
@@ -1942,6 +1954,12 @@
"node": ">= 0.4" "node": ">= 0.4"
} }
}, },
"node_modules/headers-polyfill": {
"version": "4.0.3",
"resolved": "https://registry.npmjs.org/headers-polyfill/-/headers-polyfill-4.0.3.tgz",
"integrity": "sha512-IScLbePpkvO846sIwOtOTDjutRMWdXdJmXdMvk6gCBHxFO8d+QKOQedyZSxFTTFYRSmlgSTDtXqqq4pcenBXLQ==",
"license": "MIT"
},
"node_modules/http-signature": { "node_modules/http-signature": {
"version": "1.4.0", "version": "1.4.0",
"resolved": "https://registry.npmjs.org/http-signature/-/http-signature-1.4.0.tgz", "resolved": "https://registry.npmjs.org/http-signature/-/http-signature-1.4.0.tgz",
@@ -2401,6 +2419,15 @@
"jiti": "bin/jiti.js" "jiti": "bin/jiti.js"
} }
}, },
"node_modules/jose": {
"version": "6.1.3",
"resolved": "https://registry.npmjs.org/jose/-/jose-6.1.3.tgz",
"integrity": "sha512-0TpaTfihd4QMNwrz/ob2Bp7X04yuxJkjRGi4aKmOqwhov54i6u79oCv7T+C7lo70MKH6BesI3vscD1yb/yzKXQ==",
"license": "MIT",
"funding": {
"url": "https://github.com/sponsors/panva"
}
},
"node_modules/js-tokens": { "node_modules/js-tokens": {
"version": "4.0.0", "version": "4.0.0",
"resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz", "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz",

3
package.json
View File

@@ -20,10 +20,13 @@
"@types/react-dom": "^19.2.3", "@types/react-dom": "^19.2.3",
"@types/uuid": "^10.0.0", "@types/uuid": "^10.0.0",
"autoprefixer": "^10.4.23", "autoprefixer": "^10.4.23",
"bcryptjs": "^3.0.3",
"class-variance-authority": "^0.7.1", "class-variance-authority": "^0.7.1",
"clsx": "^2.1.1", "clsx": "^2.1.1",
"date-fns": "^4.1.0", "date-fns": "^4.1.0",
"dotenv": "^17.2.3", "dotenv": "^17.2.3",
"headers-polyfill": "^4.0.3",
"jose": "^6.1.3",
"lucide-react": "^0.563.0", "lucide-react": "^0.563.0",
"next": "^14.2.35", "next": "^14.2.35",
"node-telegram-bot-api": "^0.67.0", "node-telegram-bot-api": "^0.67.0",