Files
Momento/memento-note/lib/mobile-auth.ts
Antigravity aeedb2846f
Some checks failed
CI / Lint, Unit Tests & Build (push) Failing after 1m21s
CI / Deploy production (on server) (push) Has been skipped
feat: App mobile Expo + API mobile dédiée
memento-mobile/ (Expo + React Native + expo-router):
- Auth: login email/password → Bearer token (expo-secure-store)
- Layout: guard auth → redirect /(auth)/login ou /(tabs)/home
- Tabs: Accueil, Carnets, Recherche, Profil
- Screens: login, home (recent notes + quick actions), notebooks list,
  note viewer (WebView HTML), search (texte), notebook detail, profile
- Design: tokens brand-accent (#A47148), ink, concrete, paper, border
- lib/config.ts: API_URL dev/prod configurable
- lib/api.ts: apiFetch avec Bearer token automatique
- lib/store.ts: Zustand auth store (login/logout/restore)

memento-note/ (API mobile dédiée):
- lib/mobile-auth.ts: createMobileToken / verifyMobileToken (HMAC-SHA256, 90j)
- POST /api/mobile/auth/login: email+password → token + user
- GET /api/mobile/auth/me: valider token, retourner profil
- GET /api/mobile/notebooks: liste carnets avec nb notes
- GET /api/mobile/notes: notes récentes (filtre par carnet optionnel)
- GET /api/mobile/notes/[id]: contenu complet d'une note
- GET /api/mobile/search: recherche fulltext titre+contenu

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-05-29 15:53:13 +00:00

38 lines
1.3 KiB
TypeScript

/**
* Mobile auth helper — validates Bearer token and returns userId
* Token format: base64(userId:timestamp:hmac)
*/
import { createHmac } from 'crypto'
const SECRET = process.env.NEXTAUTH_SECRET || 'fallback-secret'
export function createMobileToken(userId: string): string {
const ts = Date.now()
const payload = `${userId}:${ts}`
const sig = createHmac('sha256', SECRET).update(payload).digest('hex').slice(0, 16)
return Buffer.from(`${payload}:${sig}`).toString('base64url')
}
export function verifyMobileToken(token: string): string | null {
try {
const decoded = Buffer.from(token, 'base64url').toString('utf-8')
const parts = decoded.split(':')
if (parts.length !== 3) return null
const [userId, ts, sig] = parts
const payload = `${userId}:${ts}`
const expected = createHmac('sha256', SECRET).update(payload).digest('hex').slice(0, 16)
if (sig !== expected) return null
// Token valid for 90 days
if (Date.now() - Number(ts) > 90 * 24 * 60 * 60 * 1000) return null
return userId
} catch {
return null
}
}
export function getMobileUserId(request: Request): string | null {
const auth = request.headers.get('Authorization')
if (!auth?.startsWith('Bearer ')) return null
return verifyMobileToken(auth.slice(7))
}