Updatweb
This commit is contained in:
Local Server
@@ -1,100 +1,112 @@
|
||||
const express = require("express");
|
||||
const bcrypt = require("bcrypt");
|
||||
const { query } = require("../config/database");
|
||||
const logger = require("../config/logger");
|
||||
const {
|
||||
validators,
|
||||
handleValidationErrors,
|
||||
} = require("../middleware/validators");
|
||||
const { asyncHandler } = require("../middleware/errorHandler");
|
||||
const {
|
||||
sendSuccess,
|
||||
sendError,
|
||||
sendUnauthorized,
|
||||
} = require("../utils/responseHelpers");
|
||||
const { HTTP_STATUS } = require("../config/constants");
|
||||
const router = express.Router();
|
||||
|
||||
// Login endpoint (JSON API)
|
||||
router.post("/login", async (req, res) => {
|
||||
const { email, password } = req.body;
|
||||
try {
|
||||
const result = await query(
|
||||
`
|
||||
SELECT u.id, u.email, u.username, u.passwordhash, u.role_id, u.isactive,
|
||||
r.name as role_name, r.permissions
|
||||
FROM adminusers u
|
||||
LEFT JOIN roles r ON u.role_id = r.id
|
||||
WHERE u.email = $1
|
||||
`,
|
||||
[email]
|
||||
);
|
||||
const getUserByEmail = async (email) => {
|
||||
const result = await query(
|
||||
`SELECT u.id, u.email, u.username, u.passwordhash, u.role_id, u.isactive,
|
||||
r.name as role_name, r.permissions
|
||||
FROM adminusers u
|
||||
LEFT JOIN roles r ON u.role_id = r.id
|
||||
WHERE u.email = $1`,
|
||||
[email]
|
||||
);
|
||||
return result.rows[0] || null;
|
||||
};
|
||||
|
||||
if (result.rows.length === 0) {
|
||||
return res
|
||||
.status(401)
|
||||
.json({ success: false, message: "Invalid email or password" });
|
||||
const updateLastLogin = async (userId) => {
|
||||
await query("UPDATE adminusers SET last_login = NOW() WHERE id = $1", [
|
||||
userId,
|
||||
]);
|
||||
};
|
||||
|
||||
const createUserSession = (req, user) => {
|
||||
req.session.user = {
|
||||
id: user.id,
|
||||
email: user.email,
|
||||
username: user.username,
|
||||
role_id: user.role_id,
|
||||
role_name: user.role_name,
|
||||
permissions: user.permissions,
|
||||
};
|
||||
};
|
||||
|
||||
// Login endpoint
|
||||
router.post(
|
||||
"/login",
|
||||
validators.login,
|
||||
handleValidationErrors,
|
||||
asyncHandler(async (req, res) => {
|
||||
const { email, password } = req.body;
|
||||
const admin = await getUserByEmail(email);
|
||||
|
||||
if (!admin) {
|
||||
logger.warn("Login attempt with invalid email", { email });
|
||||
return sendUnauthorized(res, "Invalid email or password");
|
||||
}
|
||||
|
||||
const admin = result.rows[0];
|
||||
|
||||
// Check if user is active
|
||||
if (!admin.isactive) {
|
||||
return res
|
||||
.status(401)
|
||||
.json({ success: false, message: "Account is deactivated" });
|
||||
logger.warn("Login attempt with deactivated account", { email });
|
||||
return sendUnauthorized(res, "Account is deactivated");
|
||||
}
|
||||
|
||||
const validPassword = await bcrypt.compare(password, admin.passwordhash);
|
||||
if (!validPassword) {
|
||||
return res
|
||||
.status(401)
|
||||
.json({ success: false, message: "Invalid email or password" });
|
||||
logger.warn("Login attempt with invalid password", { email });
|
||||
return sendUnauthorized(res, "Invalid email or password");
|
||||
}
|
||||
|
||||
// Update last login
|
||||
await query("UPDATE adminusers SET last_login = NOW() WHERE id = $1", [
|
||||
admin.id,
|
||||
]);
|
||||
await updateLastLogin(admin.id);
|
||||
createUserSession(req, admin);
|
||||
|
||||
// Store user info in session
|
||||
req.session.user = {
|
||||
id: admin.id,
|
||||
email: admin.email,
|
||||
username: admin.username,
|
||||
role_id: admin.role_id,
|
||||
role_name: admin.role_name,
|
||||
permissions: admin.permissions,
|
||||
};
|
||||
|
||||
// Save session before responding
|
||||
req.session.save((err) => {
|
||||
if (err) {
|
||||
console.error("Session save error:", err);
|
||||
return res
|
||||
.status(500)
|
||||
.json({ success: false, message: "Session error" });
|
||||
logger.error("Session save error:", err);
|
||||
return sendError(res, "Session error");
|
||||
}
|
||||
|
||||
res.json({
|
||||
success: true,
|
||||
user: req.session.user,
|
||||
logger.info("User logged in successfully", {
|
||||
userId: admin.id,
|
||||
email: admin.email,
|
||||
});
|
||||
sendSuccess(res, { user: req.session.user });
|
||||
});
|
||||
} catch (error) {
|
||||
console.error("Login error:", error);
|
||||
res.status(500).json({ success: false, message: "Server error" });
|
||||
}
|
||||
});
|
||||
})
|
||||
);
|
||||
|
||||
// Check session endpoint
|
||||
router.get("/session", (req, res) => {
|
||||
if (req.session && req.session.user) {
|
||||
res.json({
|
||||
authenticated: true,
|
||||
user: req.session.user,
|
||||
});
|
||||
} else {
|
||||
res.status(401).json({ authenticated: false });
|
||||
if (req.session?.user) {
|
||||
return sendSuccess(res, { authenticated: true, user: req.session.user });
|
||||
}
|
||||
res.status(HTTP_STATUS.UNAUTHORIZED).json({ authenticated: false });
|
||||
});
|
||||
|
||||
// Logout endpoint
|
||||
router.post("/logout", (req, res) => {
|
||||
const userId = req.session?.user?.id;
|
||||
|
||||
req.session.destroy((err) => {
|
||||
if (err) {
|
||||
console.error("Logout error:", err);
|
||||
return res.status(500).json({ success: false, message: "Logout failed" });
|
||||
logger.error("Logout error:", err);
|
||||
return sendError(res, "Logout failed");
|
||||
}
|
||||
res.json({ success: true, message: "Logged out successfully" });
|
||||
|
||||
logger.info("User logged out", { userId });
|
||||
sendSuccess(res, { message: "Logged out successfully" });
|
||||
});
|
||||
});
|
||||
|
||||
|
||||
Reference in New Issue
Block a user