Lines 17-81typescript
18Route.get("/health", () => "OK");
20Event.listen("user.registered", (payload) => {
21 console.log("New user registered:", payload);
24Route.get("/users", async () => {
25 const users = await User.all();
27 return users.map((user) => {
28 const { password, ...safeUser } = user;
33Route.post("/users", async (request) => {
34 const { valid, errors } = validate(request.body, {
35 name: "required|string|min:2",
36 email: "required|email",
37 password: "required|string|min:6",
MediumSecret Pattern
Package contains a possible secret pattern.
src/templates/basic/routes/web.tsView on unpkg · L37 41 return { success: false, errors };
44 const user = await User.create({
45 name: request.body.name,
46 email: request.body.email,
47 password: hashPassword(String(request.body.password)),
48 created_at: new Date().toISOString(),
51 Event.dispatch("user.registered", { id: user.id, email: user.email });
53 const { password, ...safeUser } = user;
55 return { success: true, user: safeUser };
58Route.post("/login", async (request) => {
59 const { valid, errors } = validate(request.body, {
60 email: "required|email",
61 password: "required|string",
MediumSecret Pattern
Hardcoded password in src/templates/basic/routes/web.ts
src/templates/basic/routes/web.tsView on unpkg · L61 65 return { success: false, errors };
68 const [user] = await User.where("email", request.body.email);
70 if (!user || !verifyPassword(String(request.body.password), String(user.password))) {
71 return { success: false, message: "Invalid credentials" };
74 const token = createToken({ id: user.id, email: user.email });
76 return { success: true, token };
79// AuthMiddleware verifies the Bearer token, attaches the decoded payload to
80// request.state.user, and 401s (a real HTTP 401, via HttpResponse) before
81// the handler ever runs if the token is missing/invalid/expired.