PTS/SkyArtShop
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
61929a5daf3c7cfc36c6ff9d4b521c3bb02f2874
SkyArtShop/backend/routes/auth.js
Local Server 703ab57984 Fix admin route access and backend configuration 
- Added /admin redirect to login page in nginx config
- Fixed backend server.js route ordering for proper admin handling
- Updated authentication middleware and routes
- Added user management routes
- Configured PostgreSQL integration
- Updated environment configuration
2025-12-13 22:34:11 -06:00

102 lines
2.5 KiB
JavaScript
Raw Blame History

const express = require("express");
const bcrypt = require("bcrypt");
const { query } = require("../config/database");
const router = express.Router();
// Login endpoint (JSON API)
router.post("/login", async (req, res) => {
const { email, password } = req.body;
try {
const result = await query(
`
SELECT u.id, u.email, u.username, u.passwordhash, u.role_id, u.isactive,
r.name as role_name, r.permissions
FROM adminusers u
LEFT JOIN roles r ON u.role_id = r.id
WHERE u.email = $1
`,
[email]
);
if (result.rows.length === 0) {
return res
.status(401)
.json({ success: false, message: "Invalid email or password" });
}
const admin = result.rows[0];
// Check if user is active
if (!admin.isactive) {
return res
.status(401)
.json({ success: false, message: "Account is deactivated" });
}
const validPassword = await bcrypt.compare(password, admin.passwordhash);
if (!validPassword) {
return res
.status(401)
.json({ success: false, message: "Invalid email or password" });
}
// Update last login
await query("UPDATE adminusers SET last_login = NOW() WHERE id = $1", [
admin.id,
]);
// Store user info in session
req.session.user = {
id: admin.id,
email: admin.email,
username: admin.username,
role_id: admin.role_id,
role_name: admin.role_name,
permissions: admin.permissions,
};
// Save session before responding
req.session.save((err) => {
if (err) {
console.error("Session save error:", err);
return res
.status(500)
.json({ success: false, message: "Session error" });
}
res.json({
success: true,
user: req.session.user,
});
});
} catch (error) {
console.error("Login error:", error);
res.status(500).json({ success: false, message: "Server error" });
}
});
// Check session endpoint
router.get("/session", (req, res) => {
if (req.session && req.session.user) {
res.json({
authenticated: true,
user: req.session.user,
});
} else {
res.status(401).json({ authenticated: false });
}
});
// Logout endpoint
router.post("/logout", (req, res) => {
req.session.destroy((err) => {
if (err) {
console.error("Logout error:", err);
return res.status(500).json({ success: false, message: "Logout failed" });
}
res.json({ success: true, message: "Logged out successfully" });
});
});
module.exports = router;
Reference in New Issue View Git Blame Copy Permalink