123 lines
3.1 KiB
JavaScript
123 lines
3.1 KiB
JavaScript
import express from 'express';
|
|
import bcrypt from 'bcryptjs';
|
|
import jwt from 'jsonwebtoken';
|
|
import { query } from '../db/index.js';
|
|
|
|
const router = express.Router();
|
|
|
|
// Register
|
|
router.post('/register', async (req, res) => {
|
|
try {
|
|
const { email, username, password } = req.body;
|
|
|
|
if (!email || !username || !password) {
|
|
return res.status(400).json({ error: 'All fields required' });
|
|
}
|
|
|
|
// Check if user exists
|
|
const existing = await query(
|
|
'SELECT id FROM users WHERE email = ? OR username = ?',
|
|
[email, username]
|
|
);
|
|
|
|
if (existing.length > 0) {
|
|
return res.status(400).json({ error: 'User already exists' });
|
|
}
|
|
|
|
// Hash password
|
|
const password_hash = await bcrypt.hash(password, 10);
|
|
|
|
// Create user
|
|
const result = await query(
|
|
'INSERT INTO users (email, username, password_hash) VALUES (?, ?, ?)',
|
|
[email, username, password_hash]
|
|
);
|
|
|
|
const userId = result.insertId;
|
|
|
|
// Generate token
|
|
const token = jwt.sign(
|
|
{ userId, email, username },
|
|
process.env.JWT_SECRET,
|
|
{ expiresIn: '30d' }
|
|
);
|
|
|
|
res.json({ token, user: { id: userId, email, username } });
|
|
} catch (error) {
|
|
console.error('Register error:', error);
|
|
res.status(500).json({ error: 'Registration failed' });
|
|
}
|
|
});
|
|
|
|
// Login
|
|
router.post('/login', async (req, res) => {
|
|
try {
|
|
const { email, password } = req.body;
|
|
|
|
if (!email || !password) {
|
|
return res.status(400).json({ error: 'Email and password required' });
|
|
}
|
|
|
|
// Find user
|
|
const users = await query(
|
|
'SELECT id, email, username, password_hash FROM users WHERE email = ?',
|
|
[email]
|
|
);
|
|
|
|
if (users.length === 0) {
|
|
return res.status(401).json({ error: 'Invalid credentials' });
|
|
}
|
|
|
|
const user = users[0];
|
|
|
|
// Check password
|
|
const validPassword = await bcrypt.compare(password, user.password_hash);
|
|
if (!validPassword) {
|
|
return res.status(401).json({ error: 'Invalid credentials' });
|
|
}
|
|
|
|
// Generate token
|
|
const token = jwt.sign(
|
|
{ userId: user.id, email: user.email, username: user.username },
|
|
process.env.JWT_SECRET,
|
|
{ expiresIn: '30d' }
|
|
);
|
|
|
|
res.json({
|
|
token,
|
|
user: { id: user.id, email: user.email, username: user.username }
|
|
});
|
|
} catch (error) {
|
|
console.error('Login error:', error);
|
|
res.status(500).json({ error: 'Login failed' });
|
|
}
|
|
});
|
|
|
|
// Get current user
|
|
router.get('/me', async (req, res) => {
|
|
try {
|
|
const authHeader = req.headers.authorization;
|
|
if (!authHeader || !authHeader.startsWith('Bearer ')) {
|
|
return res.status(401).json({ error: 'No token provided' });
|
|
}
|
|
|
|
const token = authHeader.substring(7);
|
|
const decoded = jwt.verify(token, process.env.JWT_SECRET);
|
|
|
|
const users = await query(
|
|
'SELECT id, email, username, created_at FROM users WHERE id = ?',
|
|
[decoded.userId]
|
|
);
|
|
|
|
if (users.length === 0) {
|
|
return res.status(404).json({ error: 'User not found' });
|
|
}
|
|
|
|
res.json({ user: users[0] });
|
|
} catch (error) {
|
|
res.status(401).json({ error: 'Invalid token' });
|
|
}
|
|
});
|
|
|
|
export default router;
|