76 lines
2.3 KiB
JavaScript
76 lines
2.3 KiB
JavaScript
const bcrypt = require("bcryptjs");
|
|
const jwt = require("jsonwebtoken");
|
|
const User = require("../models/user.model");
|
|
const { sendError } = require("../utils/http");
|
|
const Session = require("../models/session.model");
|
|
const { parseCookieHeader } = require("../utils/cookies");
|
|
const { setSessionCookie, clearSessionCookie, cookieName } = require("../utils/session-cookie");
|
|
const { logError } = require("../utils/logger");
|
|
|
|
exports.register = async (req, res) => {
|
|
let { username, password, name } = req.body;
|
|
username = username.toLowerCase();
|
|
console.log(`Registration attempt for ${name} => username:${username}`);
|
|
|
|
try {
|
|
const hash = await bcrypt.hash(password, 10);
|
|
const user = await User.createUser(username, hash, name);
|
|
console.log(`User registered: ${username}`);
|
|
|
|
res.json({ message: "User registered", user });
|
|
} catch (err) {
|
|
logError(req, "auth.register", err);
|
|
sendError(res, 400, "Registration failed");
|
|
}
|
|
};
|
|
|
|
exports.login = async (req, res) => {
|
|
let { username, password } = req.body;
|
|
|
|
username = username.toLowerCase();
|
|
const user = await User.findByUsername(username);
|
|
if (!user) {
|
|
console.log(`Login attempt with unknown user: ${username}`);
|
|
return sendError(res, 401, "User not found");
|
|
}
|
|
|
|
const valid = await bcrypt.compare(password, user.password);
|
|
if (!valid) {
|
|
console.log(`Invalid login attempt for user ${username}`);
|
|
return sendError(res, 401, "Invalid credentials");
|
|
}
|
|
|
|
const token = jwt.sign(
|
|
{ id: user.id, role: user.role },
|
|
process.env.JWT_SECRET,
|
|
{ expiresIn: "1 year" }
|
|
);
|
|
|
|
try {
|
|
const session = await Session.createSession(user.id, req.headers["user-agent"] || null);
|
|
setSessionCookie(res, session.id);
|
|
} catch (err) {
|
|
logError(req, "auth.login.createSession", err);
|
|
return sendError(res, 500, "Failed to create session");
|
|
}
|
|
|
|
res.json({ token, userId: user.id, username, role: user.role });
|
|
};
|
|
|
|
exports.logout = async (req, res) => {
|
|
try {
|
|
const cookies = parseCookieHeader(req.headers.cookie);
|
|
const sid = cookies[cookieName()];
|
|
|
|
if (sid) {
|
|
await Session.deleteSession(sid);
|
|
}
|
|
|
|
clearSessionCookie(res);
|
|
res.json({ message: "Logged out" });
|
|
} catch (err) {
|
|
logError(req, "auth.logout", err);
|
|
sendError(res, 500, "Failed to logout");
|
|
}
|
|
};
|