backend/src/routes/auth.ts


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117

import { prisma } from '../config/db';
import express from 'express';
import { createSession } from '../utils/session'
import bcrypt from 'bcrypt';
import crypto from 'crypto';

export const handleRegistration = async (req: express.Request, res: express.Response) => {
  try {
    const { username, password, email } = req.body;

    if (!username || !password || !email) {
      return res.status(400).json({ error: 'All fields are required' });
    }

    const existingUser = await prisma.user.findFirst({
      where: {
        OR: [
          { username },
          { email }
        ]
      }
    });

    if (existingUser) {
      return res.status(400).json({ error: 'Username or email already exists' });
    }

    const salt = crypto.randomBytes(16).toString('hex');
    const hashedPassword = await bcrypt.hash(password + salt, 12);

    const user = await prisma.user.create({
      data: {
        username,
        password: hashedPassword,
        salt,
        email,
        isAdmin: false
      }
    });

    // Create session for the new user
    req.session.userId = user.id;
    const sessionId = await createSession(user.id);

    res.status(201).json({
      id: user.id,
      username: user.username,
      email: user.email,
      sessionId
    });
  } catch (error) {
    console.error('Registration error:', error);
    res.status(500).json({ error: 'Internal server error' });
  }
}

export const handleAuthentication = async (req: express.Request, res: express.Response) => {
  try {
    const { username, password } = req.body;

    if (!username || !password) {
      return res.status(400).json({ error: 'Username and password are required' });
    }

    const user = await prisma.user.findUnique({
      where: { username }
    });

    if (!user) {
      return res.status(401).json({ error: 'Invalid credentials' });
    }

    const isValidPassword = await bcrypt.compare(password + user.salt, user.password);
    if (!isValidPassword) {
      return res.status(401).json({ error: 'Invalid credentials' });
    }

    // Create session
    req.session.userId = user.id;
    const sessionId = await createSession(user.id);

    res.json({
      id: user.id,
      username: user.username,
      email: user.email,
      sessionId
    });
  } catch (error) {
    console.error('Login error:', error);
    res.status(500).json({ error: 'Internal server error' });
  }
}

export const handleLogout = async (req: express.Request, res: express.Response,) => {
  try {
    const userId = req.session.userId;

    // Remove all sessions for this user from database
    await prisma.session.deleteMany({
      where: { userId }
    });

    // Destroy the session
    req.session.destroy((err) => {
      if (err) {
        console.error('Session destroy error:', err);
        return res.status(500).json({ error: 'Logout failed' });
      }

      res.clearCookie('connect.sid'); // Clear the session cookie
      res.json({ message: 'Logged out successfully' });
    });
  } catch (error) {
    console.error('Logout error:', error);
    res.status(500).json({ error: 'Internal server error' });
  }
}