29 lines
911 B
JavaScript
29 lines
911 B
JavaScript
/**
|
|
* Auth API - Login endpoint
|
|
*/
|
|
|
|
module.exports = function setupAuthApi(app, { db, bcrypt, jwt, JWT_SECRET }) {
|
|
// POST /api/login
|
|
app.post('/api/login', (req, res) => {
|
|
const { username, password } = req.body;
|
|
try {
|
|
const stmt = db.prepare('SELECT * FROM users WHERE username = ?');
|
|
const user = stmt.get(username);
|
|
|
|
if (!user || !bcrypt.compareSync(password, user.password_hash)) {
|
|
return res.status(401).json({ error: 'Invalid credentials' });
|
|
}
|
|
|
|
const token = jwt.sign({
|
|
id: user.id,
|
|
username: user.username,
|
|
role: user.role
|
|
}, JWT_SECRET, { expiresIn: '24h' });
|
|
|
|
res.json({ token, role: user.role, username: user.username });
|
|
} catch (err) {
|
|
res.status(500).json({ error: err.message });
|
|
}
|
|
});
|
|
};
|