webdev-service-backend / src /controllers /auth.controller.ts
underrate's picture
Initial commit
d53e5b4 verified
Raw
History Blame Contribute Delete
4.11 kB
import { Request, Response } from 'express';
import prisma from '../models/prisma';
import bcrypt from 'bcryptjs';
// import jwt from 'jsonwebtoken';
// Mock token storage from the previous implementation, but adapted for backend
// In a real app we'd use a DB table or Redis
const resetTokens = new Map<string, { email: string; expires: Date }>();
export const login = async (req: Request, res: Response) => {
try {
const { email, password } = req.body;
// Find user
const user = await prisma.user.findUnique({ where: { email } });
if (!user) {
return res.status(401).json({ error: "Invalid credentials" });
}
// Check password
// In production: await bcrypt.compare(password, user.password);
// For now (legacy mock data compatibility): simple string compare or bcrypt
const isValid = password === user.password;
if (!isValid) {
return res.status(401).json({ error: "Invalid credentials" });
}
// Increment tokenVersion to invalidate old sessions (if we check it)
// Or just track it for new session
const updatedUser = await prisma.user.update({
where: { id: user.id },
data: { tokenVersion: { increment: 1 } }
});
// Generate JWT (Mock for now, or use real one)
// const token = jwt.sign({ id: user.id, role: user.role }, process.env.AUTH_SECRET!);
// Return user info (frontend NextAuth will handle session mostly,
// but if we move fully to backend auth, we return a token)
return res.json({
user: {
id: updatedUser.id,
email: updatedUser.email,
name: updatedUser.name,
role: updatedUser.role,
tokenVersion: updatedUser.tokenVersion
}
// token
});
} catch (error) {
console.error("Login Error:", error);
return res.status(500).json({ error: "Internal server error" });
}
};
export const forgotPassword = async (req: Request, res: Response) => {
try {
const { email } = req.body;
if (!email) return res.status(400).json({ error: "Email required" });
const user = await prisma.user.findUnique({ where: { email } });
if (user) {
const token = Math.random().toString(36).substring(2) + Date.now().toString(36);
const expires = new Date(Date.now() + 3600 * 1000); // 1 hour
resetTokens.set(token, { email, expires });
console.log("----------------------------------------------------------------");
console.log(`[Backend Email] Password Reset Requested for ${email}`);
console.log(`[Link] http://localhost:3000/admin/reset-password?token=${token}`);
console.log("----------------------------------------------------------------");
}
return res.json({ message: "If account exists, email sent" });
} catch (error) {
return res.status(500).json({ error: "Internal server error" });
}
};
export const resetPassword = async (req: Request, res: Response) => {
try {
const { token, password } = req.body;
const tokenData = resetTokens.get(token);
if (!tokenData) return res.status(400).json({ error: "Invalid token" });
if (new Date() > tokenData.expires) {
resetTokens.delete(token);
return res.status(400).json({ error: "Expired token" });
}
// Update password
await prisma.user.update({
where: { email: tokenData.email },
data: { password } // In real app: hash it
});
resetTokens.delete(token);
console.log(`[Backend] Password updated for ${tokenData.email}`);
return res.json({ message: "Password updated successfully" });
} catch (error) {
return res.status(500).json({ error: "Internal server error" });
}
};