mirror of
https://github.com/Alvin-Zilverstand/challenge-11.git
synced 2026-03-06 11:06:21 +01:00
69 lines
1.7 KiB
JavaScript
69 lines
1.7 KiB
JavaScript
const express = require('express');
|
|
const router = express.Router();
|
|
const bcrypt = require('bcryptjs');
|
|
const jwt = require('jsonwebtoken');
|
|
const User = require('../models/User');
|
|
|
|
// Login route
|
|
router.post('/login', async (req, res) => {
|
|
try {
|
|
const { username, password } = req.body;
|
|
|
|
// Find user
|
|
const user = await User.findOne({ username });
|
|
if (!user) {
|
|
return res.status(400).json({ message: 'Invalid credentials' });
|
|
}
|
|
|
|
// Check password
|
|
const isMatch = await bcrypt.compare(password, user.password);
|
|
if (!isMatch) {
|
|
return res.status(400).json({ message: 'Invalid credentials' });
|
|
}
|
|
|
|
// Create token
|
|
const token = jwt.sign(
|
|
{ id: user._id, role: user.role },
|
|
process.env.JWT_SECRET || 'your-secret-key',
|
|
{ expiresIn: '1d' }
|
|
);
|
|
|
|
res.json({ token });
|
|
} catch (error) {
|
|
console.error('Login error:', error);
|
|
res.status(500).json({ message: 'Server error' });
|
|
}
|
|
});
|
|
|
|
// Register route (for admin use only)
|
|
router.post('/register', async (req, res) => {
|
|
try {
|
|
const { username, password, role } = req.body;
|
|
|
|
// Check if user exists
|
|
let user = await User.findOne({ username });
|
|
if (user) {
|
|
return res.status(400).json({ message: 'User already exists' });
|
|
}
|
|
|
|
// Create new user
|
|
user = new User({
|
|
username,
|
|
password,
|
|
role: role || 'staff',
|
|
});
|
|
|
|
// Hash password
|
|
const salt = await bcrypt.genSalt(10);
|
|
user.password = await bcrypt.hash(password, salt);
|
|
|
|
await user.save();
|
|
|
|
res.status(201).json({ message: 'User created successfully' });
|
|
} catch (error) {
|
|
console.error('Registration error:', error);
|
|
res.status(500).json({ message: 'Server error' });
|
|
}
|
|
});
|
|
|
|
module.exports = router;
|