import { Request, Response } from 'express'; import prisma from '../models/prisma'; import bcrypt from 'bcryptjs'; // import jwt from 'jsonwebtoken'; // Mock token storage from the previous implementation, but adapted for backend // In a real app we'd use a DB table or Redis const resetTokens = new Map(); export const login = async (req: Request, res: Response) => { try { const { email, password } = req.body; // Find user const user = await prisma.user.findUnique({ where: { email } }); if (!user) { return res.status(401).json({ error: "Invalid credentials" }); } // Check password // In production: await bcrypt.compare(password, user.password); // For now (legacy mock data compatibility): simple string compare or bcrypt const isValid = password === user.password; if (!isValid) { return res.status(401).json({ error: "Invalid credentials" }); } // Increment tokenVersion to invalidate old sessions (if we check it) // Or just track it for new session const updatedUser = await prisma.user.update({ where: { id: user.id }, data: { tokenVersion: { increment: 1 } } }); // Generate JWT (Mock for now, or use real one) // const token = jwt.sign({ id: user.id, role: user.role }, process.env.AUTH_SECRET!); // Return user info (frontend NextAuth will handle session mostly, // but if we move fully to backend auth, we return a token) return res.json({ user: { id: updatedUser.id, email: updatedUser.email, name: updatedUser.name, role: updatedUser.role, tokenVersion: updatedUser.tokenVersion } // token }); } catch (error) { console.error("Login Error:", error); return res.status(500).json({ error: "Internal server error" }); } }; export const forgotPassword = async (req: Request, res: Response) => { try { const { email } = req.body; if (!email) return res.status(400).json({ error: "Email required" }); const user = await prisma.user.findUnique({ where: { email } }); if (user) { const token = Math.random().toString(36).substring(2) + Date.now().toString(36); const expires = new Date(Date.now() + 3600 * 1000); // 1 hour resetTokens.set(token, { email, expires }); console.log("----------------------------------------------------------------"); console.log(`[Backend Email] Password Reset Requested for ${email}`); console.log(`[Link] http://localhost:3000/admin/reset-password?token=${token}`); console.log("----------------------------------------------------------------"); } return res.json({ message: "If account exists, email sent" }); } catch (error) { return res.status(500).json({ error: "Internal server error" }); } }; export const resetPassword = async (req: Request, res: Response) => { try { const { token, password } = req.body; const tokenData = resetTokens.get(token); if (!tokenData) return res.status(400).json({ error: "Invalid token" }); if (new Date() > tokenData.expires) { resetTokens.delete(token); return res.status(400).json({ error: "Expired token" }); } // Update password await prisma.user.update({ where: { email: tokenData.email }, data: { password } // In real app: hash it }); resetTokens.delete(token); console.log(`[Backend] Password updated for ${tokenData.email}`); return res.json({ message: "Password updated successfully" }); } catch (error) { return res.status(500).json({ error: "Internal server error" }); } };