Fix admin route access and backend configuration

- Added /admin redirect to login page in nginx config
- Fixed backend server.js route ordering for proper admin handling
- Updated authentication middleware and routes
- Added user management routes
- Configured PostgreSQL integration
- Updated environment configuration

backend/routes/auth.js

@@ -1,49 +1,100 @@
 const express = require("express");
 const bcrypt = require("bcrypt");
 const { query } = require("../config/database");
-const { redirectIfAuth } = require("../middleware/auth");
 const router = express.Router();
 
-router.get("/login", redirectIfAuth, (req, res) => {
-  res.render("admin/login", {
-    error: req.query.error,
-    title: "Admin Login - SkyArtShop",
-  });
-});
-
+// Login endpoint (JSON API)
 router.post("/login", async (req, res) => {
   const { email, password } = req.body;
   try {
     const result = await query(
-      "SELECT id, email, name, passwordhash, role FROM adminusers WHERE email = $1",
+      `
+      SELECT u.id, u.email, u.username, u.passwordhash, u.role_id, u.isactive,
+             r.name as role_name, r.permissions
+      FROM adminusers u
+      LEFT JOIN roles r ON u.role_id = r.id
+      WHERE u.email = $1
+    `,
       [email]
     );
+
     if (result.rows.length === 0) {
-      return res.redirect("/admin/login?error=invalid");
+      return res
+        .status(401)
+        .json({ success: false, message: "Invalid email or password" });
     }
+
     const admin = result.rows[0];
+
+    // Check if user is active
+    if (!admin.isactive) {
+      return res
+        .status(401)
+        .json({ success: false, message: "Account is deactivated" });
+    }
+
     const validPassword = await bcrypt.compare(password, admin.passwordhash);
     if (!validPassword) {
-      return res.redirect("/admin/login?error=invalid");
+      return res
+        .status(401)
+        .json({ success: false, message: "Invalid email or password" });
     }
-    await query("UPDATE adminusers SET lastlogin = NOW() WHERE id = $1", [
+
+    // Update last login
+    await query("UPDATE adminusers SET last_login = NOW() WHERE id = $1", [
       admin.id,
     ]);
-    req.session.adminId = admin.id;
-    req.session.email = admin.email;
-    req.session.name = admin.name;
-    req.session.role = admin.role;
-    res.redirect("/admin/dashboard");
+
+    // Store user info in session
+    req.session.user = {
+      id: admin.id,
+      email: admin.email,
+      username: admin.username,
+      role_id: admin.role_id,
+      role_name: admin.role_name,
+      permissions: admin.permissions,
+    };
+
+    // Save session before responding
+    req.session.save((err) => {
+      if (err) {
+        console.error("Session save error:", err);
+        return res
+          .status(500)
+          .json({ success: false, message: "Session error" });
+      }
+
+      res.json({
+        success: true,
+        user: req.session.user,
+      });
+    });
   } catch (error) {
     console.error("Login error:", error);
-    res.redirect("/admin/login?error=server");
+    res.status(500).json({ success: false, message: "Server error" });
   }
 });
 
-router.get("/logout", (req, res) => {
+// Check session endpoint
+router.get("/session", (req, res) => {
+  if (req.session && req.session.user) {
+    res.json({
+      authenticated: true,
+      user: req.session.user,
+    });
+  } else {
+    res.status(401).json({ authenticated: false });
+  }
+});
+
+// Logout endpoint
+router.post("/logout", (req, res) => {
   req.session.destroy((err) => {
-    if (err) console.error("Logout error:", err);
-    res.redirect("/admin/login");
+    if (err) {
+      console.error("Logout error:", err);
+      return res.status(500).json({ success: false, message: "Logout failed" });
+    }
+    res.json({ success: true, message: "Logged out successfully" });
   });
 });