auth.route.ts
Prefix: /api/v1/auth
This is the login desk. Users prove who they are with Google; we give back tokens.
Main endpoints (conceptual)
| Method | Path | Who | What happens |
|---|---|---|---|
| POST | /google | Mobile / extension | Body: { idToken } → verify Google → user row → access + refresh tokens in JSON |
| POST | /google/code | Web | OAuth code + redirectUri → same outcome + refresh in HttpOnly cookie |
| POST | /refresh | All | New access token (cookie or body refresh token) |
| POST | /logout | All | Revoke refresh token |
| GET | /me | Logged-in | authMiddleware → current user DTO |
Web vs mobile difference
- Web stores refresh token in cookie
yt_refreshTokenon path/api/v1/auth. - Flutter / extension get
refreshTokenin JSON (no cookie dependency).
Services used
GoogleService— verify id token or exchange OAuth codeTokenService— JWT access + refresh rotationUsermodel — find or create usertoUserDTO— safe JSON for clients
Open auth.route.ts in the repo for exact paths and error messages.
Last updated on