import { Router } from 'express'; import bcrypt from 'bcryptjs'; import db from '../db/index.js'; import { signToken, requireAuth } from './auth-middleware.js'; const router = Router(); router.post('/login', (req, res) => { const { username, password } = req.body || {}; if (!username || !password) { return res.status(400).json({ error: 'username and password required' }); } const user = db.prepare('SELECT * FROM users WHERE username = ?').get(username); if (!user || !bcrypt.compareSync(password, user.password_hash)) { return res.status(401).json({ error: 'invalid credentials' }); } const token = signToken(user); res.cookie('nn_token', token, { httpOnly: true, sameSite: 'lax', secure: true, // nginx terminates HTTPS in front maxAge: 8 * 60 * 60 * 1000, }); res.json({ token, user: { id: user.id, username: user.username, role: user.role } }); }); router.post('/logout', (req, res) => { res.clearCookie('nn_token'); res.json({ ok: true }); }); router.get('/me', requireAuth, (req, res) => { res.json({ user: req.user }); }); router.post('/change-password', requireAuth, (req, res) => { const { currentPassword, newPassword } = req.body || {}; if (!currentPassword || !newPassword || newPassword.length < 8) { return res.status(400).json({ error: 'newPassword must be at least 8 characters' }); } const user = db.prepare('SELECT * FROM users WHERE id = ?').get(req.user.id); if (!user || !bcrypt.compareSync(currentPassword, user.password_hash)) { return res.status(401).json({ error: 'current password incorrect' }); } const hash = bcrypt.hashSync(newPassword, 10); db.prepare('UPDATE users SET password_hash = ? WHERE id = ?').run(hash, user.id); res.json({ ok: true }); }); export default router;