V0.9.23
This commit is contained in:
130
backend/src/routes/auth.js
Normal file
130
backend/src/routes/auth.js
Normal file
@@ -0,0 +1,130 @@
|
||||
const express = require('express');
|
||||
const bcrypt = require('bcryptjs');
|
||||
const { getDb, getOrCreateSupportGroup } = require('../models/db');
|
||||
const { generateToken, authMiddleware, setActiveSession, clearActiveSession } = require('../middleware/auth');
|
||||
|
||||
module.exports = function(io) {
|
||||
const router = express.Router();
|
||||
|
||||
// Login
|
||||
router.post('/login', (req, res) => {
|
||||
const { email, password, rememberMe } = req.body;
|
||||
const db = getDb();
|
||||
|
||||
const user = db.prepare('SELECT * FROM users WHERE email = ?').get(email);
|
||||
if (!user) return res.status(401).json({ error: 'Invalid credentials' });
|
||||
|
||||
if (user.status === 'suspended') {
|
||||
const adminUser = db.prepare('SELECT email FROM users WHERE is_default_admin = 1').get();
|
||||
return res.status(403).json({
|
||||
error: 'suspended',
|
||||
adminEmail: adminUser?.email
|
||||
});
|
||||
}
|
||||
if (user.status === 'deleted') return res.status(403).json({ error: 'Account not found' });
|
||||
|
||||
const valid = bcrypt.compareSync(password, user.password);
|
||||
if (!valid) return res.status(401).json({ error: 'Invalid credentials' });
|
||||
|
||||
const token = generateToken(user.id);
|
||||
const ua = req.headers['user-agent'] || '';
|
||||
const device = setActiveSession(user.id, token, ua); // displaces prior session on same device class
|
||||
// Kick any live socket on the same device class — it now holds a stale token
|
||||
if (io) {
|
||||
io.to(`user:${user.id}`).emit('session:displaced', { device });
|
||||
}
|
||||
|
||||
const { password: _, ...userSafe } = user;
|
||||
res.json({
|
||||
token,
|
||||
user: userSafe,
|
||||
mustChangePassword: !!user.must_change_password,
|
||||
rememberMe: !!rememberMe
|
||||
});
|
||||
});
|
||||
|
||||
// Change password
|
||||
router.post('/change-password', authMiddleware, (req, res) => {
|
||||
const { currentPassword, newPassword } = req.body;
|
||||
const db = getDb();
|
||||
const user = db.prepare('SELECT * FROM users WHERE id = ?').get(req.user.id);
|
||||
|
||||
if (!bcrypt.compareSync(currentPassword, user.password)) {
|
||||
return res.status(400).json({ error: 'Current password is incorrect' });
|
||||
}
|
||||
if (newPassword.length < 8) return res.status(400).json({ error: 'Password must be at least 8 characters' });
|
||||
|
||||
const hash = bcrypt.hashSync(newPassword, 10);
|
||||
db.prepare("UPDATE users SET password = ?, must_change_password = 0, updated_at = datetime('now') WHERE id = ?").run(hash, req.user.id);
|
||||
|
||||
res.json({ success: true });
|
||||
});
|
||||
|
||||
// Get current user
|
||||
router.get('/me', authMiddleware, (req, res) => {
|
||||
const { password, ...user } = req.user;
|
||||
res.json({ user });
|
||||
});
|
||||
|
||||
// Logout — clear active session for this device class only
|
||||
router.post('/logout', authMiddleware, (req, res) => {
|
||||
clearActiveSession(req.user.id, req.device);
|
||||
res.json({ success: true });
|
||||
});
|
||||
|
||||
// Public support contact form — no auth required
|
||||
router.post('/support', (req, res) => {
|
||||
const { name, email, message } = req.body;
|
||||
if (!name?.trim() || !email?.trim() || !message?.trim()) {
|
||||
return res.status(400).json({ error: 'All fields are required' });
|
||||
}
|
||||
if (message.trim().length > 2000) {
|
||||
return res.status(400).json({ error: 'Message too long (max 2000 characters)' });
|
||||
}
|
||||
|
||||
const db = getDb();
|
||||
|
||||
// Get or create the Support group
|
||||
const groupId = getOrCreateSupportGroup();
|
||||
if (!groupId) return res.status(500).json({ error: 'Support group unavailable' });
|
||||
|
||||
// Find a system/admin user to post as (default admin)
|
||||
const admin = db.prepare('SELECT id FROM users WHERE is_default_admin = 1').get();
|
||||
if (!admin) return res.status(500).json({ error: 'No admin configured' });
|
||||
|
||||
// Format the support message
|
||||
const content = `📬 **Support Request**
|
||||
**Name:** ${name.trim()}
|
||||
**Email:** ${email.trim()}
|
||||
|
||||
${message.trim()}`;
|
||||
|
||||
const msgResult = db.prepare(`
|
||||
INSERT INTO messages (group_id, user_id, content, type)
|
||||
VALUES (?, ?, ?, 'text')
|
||||
`).run(groupId, admin.id, content);
|
||||
|
||||
// Emit socket event so online admins see the message immediately
|
||||
const newMsg = db.prepare(`
|
||||
SELECT m.*, u.name as user_name, u.display_name as user_display_name, u.avatar as user_avatar
|
||||
FROM messages m JOIN users u ON m.user_id = u.id
|
||||
WHERE m.id = ?
|
||||
`).get(msgResult.lastInsertRowid);
|
||||
|
||||
if (newMsg) {
|
||||
newMsg.reactions = [];
|
||||
io.to(`group:${groupId}`).emit('message:new', newMsg);
|
||||
}
|
||||
|
||||
// Notify each admin via their user channel so they can reload groups if needed
|
||||
const admins = db.prepare("SELECT id FROM users WHERE role = 'admin' AND status = 'active'").all();
|
||||
for (const a of admins) {
|
||||
io.to(`user:${a.id}`).emit('notification:new', { type: 'support', groupId });
|
||||
}
|
||||
|
||||
console.log(`[Support] Message from ${email} posted to Support group`);
|
||||
res.json({ success: true });
|
||||
});
|
||||
|
||||
return router;
|
||||
};
|
||||
Reference in New Issue
Block a user