Authentication APIs
GET /api/myUser
Returns the current user's identity from the JWT session cookie.
Authentication: Required (JWT cookie)
File: src/app/api/myUser/route.tsx
Response:
{
"userData": {
"_id": "...",
"name": "John Doe",
"email": "john@bahri.sa",
"role": "admin",
"department": "engineering",
"access": "full"
},
"status": 200
}
Error responses:
401— No session cookie or invalid token- Token-specific errors: "Token has expired", "Token is not yet valid", "Token claim validation failed"
GET /api/verify
Legacy endpoint that verifies user credentials directly.
Authentication: None (public)
File: src/app/api/verify/route.ts
Query parameters:
| Parameter | Type | Required | Description |
|---|---|---|---|
email | string | Yes | User email |
password | string | Yes | User password |
Response:
{
"message": "user found",
"status": 200,
"user": { ... }
}
Login Server Action
Login is handled via a Next.js server action rather than an API route.
File: src/app/login/actions.ts
Exports:
login(prevState, formData)— Validates credentials, creates JWT sessionlogout()— Deletes session cookie, redirects to/login
Login flow:
- Validates email and password with Zod
- Finds user in MongoDB by email
- Compares password with bcrypt
- Creates a JWT containing the full user payload using
jose.SignJWT - Sets the JWT as an HTTP-only cookie named
session(7-day expiry) - Returns
{ token, admin, onboarded }for client-side routing