1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
|
import { prisma } from '../config/db';
import express from 'express';
import { createSession } from '../utils/session'
import bcrypt from 'bcrypt';
import crypto from 'crypto';
export const handleRegistration = async (req: express.Request, res: express.Response) => {
try {
const { username, password, email, code: inviteCode } = req.body;
const requireInvite = process.env.REQUIRE_INVITE === 'true';
if (!username || !password || !email) {
return res.status(400).json({ error: 'All fields are required' });
}
if (requireInvite && !inviteCode) {
return res.status(400).json({ error: 'Invite code is required' });
}
if (requireInvite && inviteCode) {
const invite = await prisma.inviteCodes.findUnique({ where: { code: inviteCode } });
if (!invite || invite.remaining <= 0) {
return res.status(400).json({ error: 'Invalid invite code' });
}
}
const existingUser = await prisma.user.findFirst({
where: {
OR: [
{ username },
{ email }
]
}
});
if (existingUser) {
return res.status(400).json({ error: 'Username or email already exists' });
}
const salt = crypto.randomBytes(16).toString('hex');
const hashedPassword = await bcrypt.hash(password + salt, 12);
const user = await prisma.user.create({
data: {
username,
password: hashedPassword,
salt,
email,
isAdmin: false
}
});
// Decrement invite code usage if required
if (requireInvite && inviteCode) {
await prisma.inviteCodes.update({
where: { code: inviteCode },
data: { remaining: { decrement: 1 } }
});
}
// Create session for the new user
req.session.userId = user.id;
const sessionId = await createSession(user.id);
res.status(201).json({
id: user.id,
username: user.username,
email: user.email,
sessionId
});
} catch (error) {
console.error('Registration error:', error);
res.status(500).json({ error: 'Internal server error' });
}
}
export const handleAuthentication = async (req: express.Request, res: express.Response) => {
try {
const { username, password } = req.body;
if (!username || !password) {
return res.status(400).json({ error: 'Username and password are required' });
}
const user = await prisma.user.findUnique({
where: { username }
});
if (!user) {
return res.status(401).json({ error: 'Invalid credentials' });
}
const isValidPassword = await bcrypt.compare(password + user.salt, user.password);
if (!isValidPassword) {
return res.status(401).json({ error: 'Invalid credentials' });
}
// Create session
req.session.userId = user.id;
const sessionId = await createSession(user.id);
res.json({
id: user.id,
username: user.username,
email: user.email,
sessionId
});
} catch (error) {
console.error('Login error:', error);
res.status(500).json({ error: 'Internal server error' });
}
}
export const handleLogout = async (req: express.Request, res: express.Response,) => {
try {
const userId = req.session.userId;
// Remove all sessions for this user from database
await prisma.session.deleteMany({
where: { userId }
});
// Destroy the session
req.session.destroy((err) => {
if (err) {
console.error('Session destroy error:', err);
return res.status(500).json({ error: 'Logout failed' });
}
res.clearCookie('connect.sid'); // Clear the session cookie
res.json({ message: 'Logged out successfully' });
});
} catch (error) {
console.error('Logout error:', error);
res.status(500).json({ error: 'Internal server error' });
}
}
|
