const express = require('express'); const router = express.Router(); const jwt = require('jsonwebtoken'); const { body, validationResult } = require('express-validator'); const { User } = require('../models'); // Login validation rules const loginValidation = [ body('email').isEmail().normalizeEmail(), body('password').isLength({ min: 6 }) ]; // Login router.post('/login', loginValidation, async (req, res) => { try { const errors = validationResult(req); if (!errors.isEmpty()) { return res.status(400).json({ success: false, message: 'Invalid input data', errors: errors.array() }); } const { email, password } = req.body; // Find user const user = await User.findOne({ where: { email: email, isActive: true } }); if (!user) { return res.status(401).json({ success: false, message: 'Invalid credentials' }); } // Check password const isValidPassword = await user.comparePassword(password); if (!isValidPassword) { return res.status(401).json({ success: false, message: 'Invalid credentials' }); } // Update last login await user.updateLastLogin(); // Create JWT token const token = jwt.sign( { userId: user._id, email: user.email, role: user.role }, process.env.JWT_SECRET, { expiresIn: '7d' } ); // Set session req.session.user = { id: user._id, email: user.email, name: user.name, role: user.role }; res.json({ success: true, message: 'Login successful', token, user: { id: user._id, email: user.email, name: user.name, role: user.role, avatar: user.avatar } }); } catch (error) { console.error('Login error:', error); res.status(500).json({ success: false, message: 'Server error' }); } }); // Logout router.post('/logout', (req, res) => { req.session.destroy(err => { if (err) { return res.status(500).json({ success: false, message: 'Could not log out' }); } res.clearCookie('connect.sid'); res.json({ success: true, message: 'Logout successful' }); }); }); // Check authentication status router.get('/me', async (req, res) => { try { if (!req.session.user) { return res.status(401).json({ success: false, message: 'Not authenticated' }); } const user = await User.findByPk(req.session.user.id, { attributes: { exclude: ['password'] } }); if (!user || !user.isActive) { req.session.destroy(); return res.status(401).json({ success: false, message: 'User not found or inactive' }); } res.json({ success: true, user: { id: user._id, email: user.email, name: user.name, role: user.role, avatar: user.avatar, lastLogin: user.lastLogin } }); } catch (error) { console.error('Auth check error:', error); res.status(500).json({ success: false, message: 'Server error' }); } }); // Change password router.put('/change-password', [ body('currentPassword').isLength({ min: 6 }), body('newPassword').isLength({ min: 6 }) ], async (req, res) => { try { if (!req.session.user) { return res.status(401).json({ success: false, message: 'Not authenticated' }); } const errors = validationResult(req); if (!errors.isEmpty()) { return res.status(400).json({ success: false, message: 'Invalid input data', errors: errors.array() }); } const { currentPassword, newPassword } = req.body; const user = await User.findByPk(req.session.user.id); if (!user) { return res.status(404).json({ success: false, message: 'User not found' }); } // Verify current password const isValidPassword = await user.comparePassword(currentPassword); if (!isValidPassword) { return res.status(400).json({ success: false, message: 'Current password is incorrect' }); } // Update password user.password = newPassword; await user.save(); res.json({ success: true, message: 'Password updated successfully' }); } catch (error) { console.error('Change password error:', error); res.status(500).json({ success: false, message: 'Server error' }); } }); module.exports = router;