# airclientauth

A simple, lightweight authentication system built with Node.js, Express, SQLite, and JSON Web Tokens (JWT).

## Features

- **CLI User Management**: Easily create users from the command line.
- **First-Login Password Setup**: Users created via CLI do not have initial passwords. They set their password securely on their first login attempt.
- **JWT Authentication**: Generates tokens for secure API communication.
- **SQLite Storage**: Hashes and stores passwords safely using bcrypt and SQLite.

## Installation

1. Clone or download the repository.
2. Install dependencies:

```bash
npm install
```

## Usage

### 1. Start the Server

To start the API server on port 3000:

```bash
npm start
```
*(The SQLite database `users.db` will be created automatically on the first run).*

### 2. Create a User (CLI)

You can create a new user account without a password using the built-in CLI tool:

```bash
npm run airclientauth -- create myusername
```

### 3. API Endpoints

#### Login / Set Password
**`POST /login`**

- **First Login (Setting the Password)**
  When a user logs in for the first time, they must provide a password to set it.
  
  *Request:*
  ```json
  {
    "username": "myusername",
    "password": "mynewsecurepassword"
  }
  ```
  *Response:*
  ```json
  {
    "status": "success",
    "message": "Password set successfully. Logged in.",
    "token": "eyJhbGciOiJIUzI..."
  }
  ```
  *(Note: If you attempt to log in for the first time without a password, the server will return a `403 Forbidden` status with `{ "status": "require_password" }` to let the client know it needs to prompt the user).*

- **Subsequent Logins**
  Once the password is set, use the same endpoint to log in.
  
  *Request:*
  ```json
  {
    "username": "myusername",
    "password": "mynewsecurepassword"
  }
  ```
  *Response:*
  ```json
  {
    "status": "success",
    "message": "Logged in successfully",
    "token": "eyJhbGciOiJIUzI..."
  }
  ```

#### Verify Token
**`GET /verify`**

Check if a provided JWT is still valid.

*Request Headers:*
```
Authorization: Bearer <your_jwt_token>
```

*Response (Valid):*
```json
{
  "valid": true,
  "user": "myusername"
}
```

*Response (Invalid):*
```json
{
  "valid": false,
  "error": "Invalid or expired token"
}
```

## Tech Stack
- **Express**: Web framework for the API endpoints.
- **bcryptjs**: Secure password hashing.
- **jsonwebtoken (JWT)**: Token-based authentication.
- **sqlite3 / sqlite**: File-based database storage.