"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.authRouter = void 0; const express_1 = require("express"); const zod_1 = require("zod"); const auth_service_1 = require("./auth.service"); const auth_middleware_1 = require("../../shared/middlewares/auth.middleware"); const service = new auth_service_1.AuthService(); // ─── Schemas de validação ───────────────────────────────────────────────────── const registerSchema = zod_1.z.object({ name: zod_1.z.string().min(2).max(100), email: zod_1.z.string().email(), password: zod_1.z.string().min(8).max(128), planId: zod_1.z.string().uuid().optional(), }); const loginSchema = zod_1.z.object({ email: zod_1.z.string().email(), password: zod_1.z.string().min(1), }); const refreshSchema = zod_1.z.object({ refreshToken: zod_1.z.string().min(1), }); const changePasswordSchema = zod_1.z.object({ currentPassword: zod_1.z.string().min(1), newPassword: zod_1.z.string().min(8).max(128), }); // ─── Helper para erros de validação / serviço ───────────────────────────────── function handleError(res, err) { if (err instanceof zod_1.z.ZodError) { res.status(400).json({ error: 'Dados inválidos', details: err.flatten().fieldErrors }); return; } const e = err; res.status(e.statusCode ?? 500).json({ error: e.message ?? 'Erro interno' }); } // ─── Router ─────────────────────────────────────────────────────────────────── exports.authRouter = (0, express_1.Router)(); /** * POST /api/auth/register * Cria novo tenant (usuário com role USER). * Retorna access + refresh token e dados do usuário. */ exports.authRouter.post('/register', async (req, res) => { try { const body = registerSchema.parse(req.body); const result = await service.register(body); res.status(201).json(result); } catch (err) { handleError(res, err); } }); /** * POST /api/auth/login * Autentica usuário. Retorna access + refresh token. */ exports.authRouter.post('/login', async (req, res) => { try { const body = loginSchema.parse(req.body); const result = await service.login(body); res.json(result); } catch (err) { handleError(res, err); } }); /** * POST /api/auth/refresh * Renova o access token usando o refresh token. */ exports.authRouter.post('/refresh', async (req, res) => { try { const { refreshToken } = refreshSchema.parse(req.body); const result = await service.refresh(refreshToken); res.json(result); } catch (err) { handleError(res, err); } }); /** * POST /api/auth/logout * Revoga o refresh token do usuário autenticado. */ exports.authRouter.post('/logout', auth_middleware_1.authMiddleware, async (req, res) => { try { await service.logout(req.tenantId); res.json({ message: 'Sessão encerrada' }); } catch (err) { handleError(res, err); } }); /** * GET /api/auth/me * Retorna dados do usuário autenticado + dias restantes do trial. */ exports.authRouter.get('/me', auth_middleware_1.authMiddleware, async (req, res) => { try { const user = await service.me(req.tenantId); res.json(user); } catch (err) { handleError(res, err); } }); /** * PATCH /api/auth/password * Altera a senha do usuário autenticado. */ exports.authRouter.patch('/password', auth_middleware_1.authMiddleware, async (req, res) => { try { const body = changePasswordSchema.parse(req.body); await service.changePassword(req.tenantId, body); res.json({ message: 'Senha alterada com sucesso' }); } catch (err) { handleError(res, err); } });