2025-12-13 17:53:34 -06:00
|
|
|
const express = require("express");
|
|
|
|
|
const bcrypt = require("bcrypt");
|
|
|
|
|
const { query } = require("../config/database");
|
|
|
|
|
const router = express.Router();
|
|
|
|
|
|
2025-12-13 22:34:11 -06:00
|
|
|
// Login endpoint (JSON API)
|
2025-12-13 17:53:34 -06:00
|
|
|
router.post("/login", async (req, res) => {
|
|
|
|
|
const { email, password } = req.body;
|
|
|
|
|
try {
|
|
|
|
|
const result = await query(
|
2025-12-13 22:34:11 -06:00
|
|
|
`
|
|
|
|
|
SELECT u.id, u.email, u.username, u.passwordhash, u.role_id, u.isactive,
|
|
|
|
|
r.name as role_name, r.permissions
|
|
|
|
|
FROM adminusers u
|
|
|
|
|
LEFT JOIN roles r ON u.role_id = r.id
|
|
|
|
|
WHERE u.email = $1
|
|
|
|
|
`,
|
2025-12-13 17:53:34 -06:00
|
|
|
[email]
|
|
|
|
|
);
|
2025-12-13 22:34:11 -06:00
|
|
|
|
2025-12-13 17:53:34 -06:00
|
|
|
if (result.rows.length === 0) {
|
2025-12-13 22:34:11 -06:00
|
|
|
return res
|
|
|
|
|
.status(401)
|
|
|
|
|
.json({ success: false, message: "Invalid email or password" });
|
2025-12-13 17:53:34 -06:00
|
|
|
}
|
2025-12-13 22:34:11 -06:00
|
|
|
|
2025-12-13 17:53:34 -06:00
|
|
|
const admin = result.rows[0];
|
2025-12-13 22:34:11 -06:00
|
|
|
|
|
|
|
|
// Check if user is active
|
|
|
|
|
if (!admin.isactive) {
|
|
|
|
|
return res
|
|
|
|
|
.status(401)
|
|
|
|
|
.json({ success: false, message: "Account is deactivated" });
|
|
|
|
|
}
|
|
|
|
|
|
2025-12-13 17:53:34 -06:00
|
|
|
const validPassword = await bcrypt.compare(password, admin.passwordhash);
|
|
|
|
|
if (!validPassword) {
|
2025-12-13 22:34:11 -06:00
|
|
|
return res
|
|
|
|
|
.status(401)
|
|
|
|
|
.json({ success: false, message: "Invalid email or password" });
|
2025-12-13 17:53:34 -06:00
|
|
|
}
|
2025-12-13 22:34:11 -06:00
|
|
|
|
|
|
|
|
// Update last login
|
|
|
|
|
await query("UPDATE adminusers SET last_login = NOW() WHERE id = $1", [
|
2025-12-13 17:53:34 -06:00
|
|
|
admin.id,
|
|
|
|
|
]);
|
2025-12-13 22:34:11 -06:00
|
|
|
|
|
|
|
|
// Store user info in session
|
|
|
|
|
req.session.user = {
|
|
|
|
|
id: admin.id,
|
|
|
|
|
email: admin.email,
|
|
|
|
|
username: admin.username,
|
|
|
|
|
role_id: admin.role_id,
|
|
|
|
|
role_name: admin.role_name,
|
|
|
|
|
permissions: admin.permissions,
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
// Save session before responding
|
|
|
|
|
req.session.save((err) => {
|
|
|
|
|
if (err) {
|
|
|
|
|
console.error("Session save error:", err);
|
|
|
|
|
return res
|
|
|
|
|
.status(500)
|
|
|
|
|
.json({ success: false, message: "Session error" });
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
res.json({
|
|
|
|
|
success: true,
|
|
|
|
|
user: req.session.user,
|
|
|
|
|
});
|
|
|
|
|
});
|
2025-12-13 17:53:34 -06:00
|
|
|
} catch (error) {
|
|
|
|
|
console.error("Login error:", error);
|
2025-12-13 22:34:11 -06:00
|
|
|
res.status(500).json({ success: false, message: "Server error" });
|
2025-12-13 17:53:34 -06:00
|
|
|
}
|
|
|
|
|
});
|
|
|
|
|
|
2025-12-13 22:34:11 -06:00
|
|
|
// Check session endpoint
|
|
|
|
|
router.get("/session", (req, res) => {
|
|
|
|
|
if (req.session && req.session.user) {
|
|
|
|
|
res.json({
|
|
|
|
|
authenticated: true,
|
|
|
|
|
user: req.session.user,
|
|
|
|
|
});
|
|
|
|
|
} else {
|
|
|
|
|
res.status(401).json({ authenticated: false });
|
|
|
|
|
}
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
// Logout endpoint
|
|
|
|
|
router.post("/logout", (req, res) => {
|
2025-12-13 17:53:34 -06:00
|
|
|
req.session.destroy((err) => {
|
2025-12-13 22:34:11 -06:00
|
|
|
if (err) {
|
|
|
|
|
console.error("Logout error:", err);
|
|
|
|
|
return res.status(500).json({ success: false, message: "Logout failed" });
|
|
|
|
|
}
|
|
|
|
|
res.json({ success: true, message: "Logged out successfully" });
|
2025-12-13 17:53:34 -06:00
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
module.exports = router;
|
