trevor/sst_site
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
150891b29ddce6a9ceb6404c49ae6efdb6149560
sst_site/routes/auth.js
Andrew K. Choi 150891b29d init commit
2025-10-19 18:27:00 +09:00

201 lines
4.4 KiB
JavaScript
Raw Blame History

const express = require('express');
const router = express.Router();
const jwt = require('jsonwebtoken');
const { body, validationResult } = require('express-validator');
const User = require('../models/User');
// Login validation rules
const loginValidation = [
body('email').isEmail().normalizeEmail(),
body('password').isLength({ min: 6 })
];
// Login
router.post('/login', loginValidation, async (req, res) => {
try {
const errors = validationResult(req);
if (!errors.isEmpty()) {
return res.status(400).json({
success: false,
message: 'Invalid input data',
errors: errors.array()
});
}
const { email, password } = req.body;
// Find user
const user = await User.findOne({ email, isActive: true });
if (!user) {
return res.status(401).json({
success: false,
message: 'Invalid credentials'
});
}
// Check password
const isValidPassword = await user.comparePassword(password);
if (!isValidPassword) {
return res.status(401).json({
success: false,
message: 'Invalid credentials'
});
}
// Update last login
await user.updateLastLogin();
// Create JWT token
const token = jwt.sign(
{ userId: user._id, email: user.email, role: user.role },
process.env.JWT_SECRET,
{ expiresIn: '7d' }
);
// Set session
req.session.user = {
id: user._id,
email: user.email,
name: user.name,
role: user.role
};
res.json({
success: true,
message: 'Login successful',
token,
user: {
id: user._id,
email: user.email,
name: user.name,
role: user.role,
avatar: user.avatar
}
});
} catch (error) {
console.error('Login error:', error);
res.status(500).json({
success: false,
message: 'Server error'
});
}
});
// Logout
router.post('/logout', (req, res) => {
req.session.destroy(err => {
if (err) {
return res.status(500).json({
success: false,
message: 'Could not log out'
});
}
res.clearCookie('connect.sid');
res.json({
success: true,
message: 'Logout successful'
});
});
});
// Check authentication status
router.get('/me', async (req, res) => {
try {
if (!req.session.user) {
return res.status(401).json({
success: false,
message: 'Not authenticated'
});
}
const user = await User.findById(req.session.user.id)
.select('-password');
if (!user || !user.isActive) {
req.session.destroy();
return res.status(401).json({
success: false,
message: 'User not found or inactive'
});
}
res.json({
success: true,
user: {
id: user._id,
email: user.email,
name: user.name,
role: user.role,
avatar: user.avatar,
lastLogin: user.lastLogin
}
});
} catch (error) {
console.error('Auth check error:', error);
res.status(500).json({
success: false,
message: 'Server error'
});
}
});
// Change password
router.put('/change-password', [
body('currentPassword').isLength({ min: 6 }),
body('newPassword').isLength({ min: 6 })
], async (req, res) => {
try {
if (!req.session.user) {
return res.status(401).json({
success: false,
message: 'Not authenticated'
});
}
const errors = validationResult(req);
if (!errors.isEmpty()) {
return res.status(400).json({
success: false,
message: 'Invalid input data',
errors: errors.array()
});
}
const { currentPassword, newPassword } = req.body;
const user = await User.findById(req.session.user.id);
if (!user) {
return res.status(404).json({
success: false,
message: 'User not found'
});
}
// Verify current password
const isValidPassword = await user.comparePassword(currentPassword);
if (!isValidPassword) {
return res.status(400).json({
success: false,
message: 'Current password is incorrect'
});
}
// Update password
user.password = newPassword;
await user.save();
res.json({
success: true,
message: 'Password updated successfully'
});
} catch (error) {
console.error('Change password error:', error);
res.status(500).json({
success: false,
message: 'Server error'
});
}
});
module.exports = router;
Reference in New Issue View Git Blame Copy Permalink