| import express from 'express'; | |
| import passport from 'passport'; | |
| const router = express.Router(); | |
| // 1. Initiate Google Auth | |
| router.get( | |
| '/google', | |
| passport.authenticate('google', { | |
| scope: ['profile', 'email'], | |
| prompt: 'select_account' | |
| }) | |
| ); | |
| // 2. Callback handling | |
| router.get( | |
| '/google/callback', | |
| passport.authenticate('google', { failureRedirect: '/' }), | |
| (req, res) => { | |
| // If onboarding is incomplete, go to onboarding. Else, dashboard. | |
| // Since frontend handles routing, we redirect to a check page or dashboard. | |
| // For MVP, we redirect to Client Root. | |
| res.redirect(process.env.CLIENT_URL || 'http://localhost:5173'); | |
| } | |
| ); | |
| // 3. Get Current User (Frontend calls this to see who is logged in) | |
| router.get('/current_user', (req, res) => { | |
| res.set('Cache-Control', 'no-store'); | |
| res.status(200).json(req.user || null); | |
| }); | |
| // 4. Logout | |
| router.post('/logout', (req, res) => { | |
| // Passport logout (Node 0.6+ safe) | |
| req.logout?.(() => {}); | |
| // cookie-session way of destroying session | |
| req.session = null; | |
| res | |
| .clearCookie('cragy_session', { sameSite: 'none', secure: true }) | |
| .clearCookie('cragy_session.sig', { sameSite: 'none', secure: true }) | |
| .status(200) | |
| .json({ success: true }); | |
| }); | |
| export default router; |