115 lines
3.1 KiB
JavaScript
115 lines
3.1 KiB
JavaScript
import express from 'express';
|
|
import bcrypt from 'bcryptjs';
|
|
import jwt from 'jsonwebtoken';
|
|
import db from '../config/database.js';
|
|
import { authenticateToken } from '../middleware/auth.js';
|
|
|
|
const router = express.Router();
|
|
|
|
// Login
|
|
router.post('/login', async (req, res) => {
|
|
try {
|
|
const { username, password } = req.body;
|
|
|
|
if (!username || !password) {
|
|
return res.status(400).json({ error: 'Username and password required' });
|
|
}
|
|
|
|
const [users] = await db.query(
|
|
'SELECT * FROM users WHERE username = ? AND is_active = TRUE',
|
|
[username]
|
|
);
|
|
|
|
if (users.length === 0) {
|
|
return res.status(401).json({ error: 'Invalid credentials' });
|
|
}
|
|
|
|
const user = users[0];
|
|
const validPassword = await bcrypt.compare(password, user.password);
|
|
|
|
if (!validPassword) {
|
|
return res.status(401).json({ error: 'Invalid credentials' });
|
|
}
|
|
|
|
const token = jwt.sign(
|
|
{
|
|
id: user.id,
|
|
username: user.username,
|
|
role: user.role,
|
|
departmentId: user.department_id
|
|
},
|
|
process.env.JWT_SECRET,
|
|
{ expiresIn: process.env.JWT_EXPIRES_IN || '7d' }
|
|
);
|
|
|
|
res.json({
|
|
token,
|
|
user: {
|
|
id: user.id,
|
|
username: user.username,
|
|
name: user.name,
|
|
email: user.email,
|
|
role: user.role,
|
|
department_id: user.department_id,
|
|
contractor_id: user.contractor_id,
|
|
is_active: user.is_active
|
|
}
|
|
});
|
|
} catch (error) {
|
|
console.error('Login error:', error);
|
|
res.status(500).json({ error: 'Internal server error' });
|
|
}
|
|
});
|
|
|
|
// Get current user
|
|
router.get('/me', authenticateToken, async (req, res) => {
|
|
try {
|
|
const [users] = await db.query(
|
|
'SELECT id, username, name, email, role, department_id, contractor_id FROM users WHERE id = ?',
|
|
[req.user.id]
|
|
);
|
|
|
|
if (users.length === 0) {
|
|
return res.status(404).json({ error: 'User not found' });
|
|
}
|
|
|
|
res.json(users[0]);
|
|
} catch (error) {
|
|
console.error('Get user error:', error);
|
|
res.status(500).json({ error: 'Internal server error' });
|
|
}
|
|
});
|
|
|
|
// Change password
|
|
router.post('/change-password', authenticateToken, async (req, res) => {
|
|
try {
|
|
const { currentPassword, newPassword } = req.body;
|
|
|
|
if (!currentPassword || !newPassword) {
|
|
return res.status(400).json({ error: 'Current and new password required' });
|
|
}
|
|
|
|
const [users] = await db.query('SELECT password FROM users WHERE id = ?', [req.user.id]);
|
|
|
|
if (users.length === 0) {
|
|
return res.status(404).json({ error: 'User not found' });
|
|
}
|
|
|
|
const validPassword = await bcrypt.compare(currentPassword, users[0].password);
|
|
|
|
if (!validPassword) {
|
|
return res.status(401).json({ error: 'Current password is incorrect' });
|
|
}
|
|
|
|
const hashedPassword = await bcrypt.hash(newPassword, 10);
|
|
await db.query('UPDATE users SET password = ? WHERE id = ?', [hashedPassword, req.user.id]);
|
|
|
|
res.json({ message: 'Password changed successfully' });
|
|
} catch (error) {
|
|
console.error('Change password error:', error);
|
|
res.status(500).json({ error: 'Internal server error' });p
|
|
}
|
|
});
|
|
|
|
export default router;
|