init

2026-03-06 11:06:34 +01:00 · 2025-10-21 20:54:03 +02:00
parent 97c80d7800
commit a5c73ad907
35 changed files with 4899 additions and 0 deletions
--- a/routes/auth.js
+++ b/routes/auth.js
@@ -0,0 +1,86 @@
+const express = require('express');
+const bcrypt = require('bcryptjs');
+const jwt = require('jsonwebtoken');
+const User = require('../models/User');
+const router = express.Router();
+
+// Register new student
+router.post('/register', async (req, res) => {
+    try {
+        const { username, password, email } = req.body;
+
+        // Check if email already exists
+        const existingEmail = await User.findOne({ email });
+        if (existingEmail) {
+            return res.status(400).json({ message: 'Email already registered' });
+        }
+
+        // Check if username already exists
+        const existingUsername = await User.findOne({ username });
+        if (existingUsername) {
+            return res.status(400).json({ message: 'Username already taken' });
+        }
+
+        // Hash password
+        const hashedPassword = await bcrypt.hash(password, 10);
+
+        // Create new student user
+        const user = new User({
+            username,
+            password: hashedPassword,
+            email,
+            role: 'student' // Force role to be student
+        });
+
+        await user.save();
+
+        // Create and send token
+        const token = jwt.sign({ userId: user._id }, process.env.JWT_SECRET, { expiresIn: '24h' });
+
+        res.status(201).json({
+            message: 'Student account created successfully',
+            token,
+            role: user.role,
+            username: user.username
+        });
+    } catch (error) {
+        if (error.name === 'ValidationError') {
+            return res.status(400).json({ 
+                message: 'Invalid email format. Email must be in the format: 123456@vistacollege.nl' 
+            });
+        }
+        res.status(500).json({ message: 'Server error' });
+    }
+});
+
+// Login
+router.post('/login', async (req, res) => {
+    try {
+        const { username, password } = req.body;
+        
+        const user = await User.findOne({ username: username.toLowerCase() });
+
+        if (!user) {
+            return res.status(401).json({ message: 'Invalid credentials' });
+        }
+
+        const passwordMatch = await bcrypt.compare(password, user.password);
+
+        if (!passwordMatch) {
+            return res.status(401).json({ message: 'Invalid credentials' });
+        }
+
+        const token = jwt.sign({ userId: user._id }, process.env.JWT_SECRET, { expiresIn: '24h' });
+
+        res.json({
+            token,
+            role: user.role,
+            username: user.username
+        });
+    } catch (error) {
+        console.error('Login error:', error);
+        res.status(500).json({ message: 'Server error' });
+    }
+});
+
+module.exports = router;