🍪 Cookie-based Authentication with Middleware

This example shows how to implement simple cookie-based authentication using tirne. We issue a cookie on /login and protect /private using a per-route middleware.

Set-Cookie on login, validate via middleware, and keep routes clean.

🔧 Example Code

import { Server, json, setCookie, requireAuth } from "tirne";
import type { Route } from "tirne";

const routes: Route[] = [
  {
    method: "GET",
    path: "/login",
    handler: () => {
      const headers = new Headers();
      headers.append("Set-Cookie", setCookie("auth", "valid-token", {
        httpOnly: true,
        path: "/",
        maxAge: 3600,
      }));
      return json({ message: "Logged in" }, 200, headers);
    },
    middleware: [], // No auth middleware on /login
  },
  {
    method: "GET",
    path: "/private",
    handler: () => json({ message: "Secret data only for authenticated users" }),
    middleware: [requireAuth], // Protect /private
  },
];

const server = new Server(routes);

export default {
  fetch: (req: Request) => server.fetch(req),
};

🧪 How to Test

Try these curl commands to verify cookie-based behavior:

1. 🔓 Access `/login` (No Auth Required)

curl -i http://localhost:3000/login

HTTP/1.1 200 OK
Content-Type: application/json
Set-Cookie: auth=valid-token; Path=/; HttpOnly; Max-Age=3600

{"message":"Logged in"}

2. 🔐 Access `/private` (With Cookie)

curl -i --cookie "auth=valid-token" http://localhost:3000/private

{"message":"Secret data only for authenticated users"}

3. ❌ Access `/private` (No Cookie)

curl -i http://localhost:3000/private

{"error":"unauthorized","message":"Unauthorized"}

🍪 Cookie-based Authentication with Middleware

🔧 Example Code

🧪 How to Test

1. 🔓 Access /login (No Auth Required)

2. 🔐 Access /private (With Cookie)

3. ❌ Access /private (No Cookie)

1. 🔓 Access `/login` (No Auth Required)

2. 🔐 Access `/private` (With Cookie)

3. ❌ Access `/private` (No Cookie)