Lines 15-79typescript
16Route.get("/health", () => "OK");
18Event.listen("user.registered", (payload) => {
19 console.log("New user registered:", payload);
22Route.get("/users", async () => {
23 const users = await User.all();
25 return users.map((user) => {
26 const { password, ...safeUser } = user;
31Route.post("/users", async (request) => {
32 const { valid, errors } = validate(request.body, {
33 name: "required|string|min:2",
34 email: "required|email",
35 password: "required|string|min:6",
MediumSecret Pattern
Package contains a possible secret pattern.
src/templates/basic/routes/web.tsView on unpkg · L35 39 return { success: false, errors };
42 const user = await User.create({
43 name: request.body.name,
44 email: request.body.email,
45 password: hashPassword(String(request.body.password)),
46 created_at: new Date().toISOString(),
49 Event.dispatch("user.registered", { id: user.id, email: user.email });
51 const { password, ...safeUser } = user;
53 return { success: true, user: safeUser };
56Route.post("/login", async (request) => {
57 const { valid, errors } = validate(request.body, {
58 email: "required|email",
59 password: "required|string",
MediumSecret Pattern
Hardcoded password in src/templates/basic/routes/web.ts
src/templates/basic/routes/web.tsView on unpkg · L59 63 return { success: false, errors };
66 const [user] = await User.where("email", request.body.email);
68 if (!user || !verifyPassword(String(request.body.password), String(user.password))) {
69 return { success: false, message: "Invalid credentials" };
72 const token = createToken({ id: user.id, email: user.email });
74 return { success: true, token };
77// AuthMiddleware verifies the Bearer token, attaches the decoded payload to
78// request.state.user, and 401s (a real HTTP 401, via HttpResponse) before
79// the handler ever runs if the token is missing/invalid/expired.