// src/controllers/auth.controller.js const User = require('../models/User'); const jwt = require('jsonwebtoken'); const bcrypt = require('bcryptjs'); // Helper: Generate JWT Token const generateToken = (id) => { return jwt.sign({ id }, process.env.JWT_SECRET, { expiresIn: '30d', // Keep them logged in for 30 days }); }; // --- 1. REGISTER --- exports.register = async (req, res) => { try { const { username, email, password } = req.body; // Validation if (!username || !email || !password) { return res.status(400).json({ error: 'Fill everything.' }); } // Check existing const userExists = await User.findOne({ email }); if (userExists) { return res.status(400).json({ error: 'Email already used.' }); } // Create User (Password hashing happens in User Model pre-save hook) const user = await User.create({ username, email, password, }); // Respond with Token res.status(201).json({ _id: user._id, username: user.username, token: generateToken(user._id), honestyScore: user.honestyScore }); } catch (error) { console.error(error); res.status(500).json({ error: 'Registration failed.' }); } }; // --- 2. LOGIN --- exports.login = async (req, res) => { try { const { email, password } = req.body; // Find User (Explicitly select password because we hid it in Schema) const user = await User.findOne({ email }).select('+password'); if (user && (await user.comparePassword(password))) { res.json({ _id: user._id, username: user.username, token: generateToken(user._id), honestyScore: user.honestyScore, badges: user.badges }); } else { res.status(401).json({ error: 'Invalid credentials.' }); } } catch (error) { res.status(500).json({ error: 'Login failed.' }); } }; // --- 3. GET CURRENT USER --- exports.getMe = async (req, res) => { // req.user is set by middleware const user = await User.findById(req.user.id); if (user) { res.json(user); } else { res.status(404).json({ error: 'User not found' }); } };