20 lines
857 B
JavaScript
20 lines
857 B
JavaScript
const express = require('express');
|
|
const router = express.Router();
|
|
const { handlerLogin, setHandlerPassword, generateInviteToken, updateHandlerSelf, getHandlerSelf } = require('../controllers/handlerController');
|
|
const { authenticateToken } = require('../middleware/auth');
|
|
const { authenticateHandler } = require('../middleware/handlerAuth');
|
|
const { inviteLimiter } = require('../middleware/rateLimiter');
|
|
|
|
// Public
|
|
router.post('/login', handlerLogin);
|
|
router.post('/set-password', inviteLimiter, setHandlerPassword);
|
|
|
|
// Admin only — generate a one-time invite token so a handler can set their password
|
|
router.post('/:id/invite-token', authenticateToken, generateInviteToken);
|
|
|
|
// Authenticated handler only
|
|
router.get('/me', authenticateHandler, getHandlerSelf);
|
|
router.put('/me', authenticateHandler, updateHandlerSelf);
|
|
|
|
module.exports = router;
|