xk/backend/routes/auth.js

const express = require('express');
const router = express.Router();
const bcrypt = require('bcryptjs');
const db = require('../config/database');
const { requireAuth } = require('../middleware/auth');

// Login
router.post('/login', async (req, res) => {
  try {
    const { username, password } = req.body;

    if (!username || !password) {
      return res.status(400).json({
        success: false,
        message: 'Username and password are required'
      });
    }

    // Get user from database
    const [users] = await db.query(
      'SELECT * FROM admin_users WHERE username = ?',
      [username]
    );

    if (users.length === 0) {
      return res.status(401).json({
        success: false,
        message: 'Invalid username or password'
      });
    }

    const user = users[0];

    // Verify password
    const isValidPassword = await bcrypt.compare(password, user.password);

    if (!isValidPassword) {
      return res.status(401).json({
        success: false,
        message: 'Invalid username or password'
      });
    }

    // Update last login
    await db.query(
      'UPDATE admin_users SET last_login = NOW() WHERE id = ?',
      [user.id]
    );

    // Set session
    req.session.userId = user.id;
    req.session.username = user.username;

    res.json({
      success: true,
      message: 'Login successful',
      user: {
        id: user.id,
        username: user.username,
        email: user.email
      }
    });
  } catch (error) {
    console.error('Login error:', error);
    res.status(500).json({
      success: false,
      message: 'Login failed'
    });
  }
});

// Logout
router.post('/logout', (req, res) => {
  req.session.destroy((err) => {
    if (err) {
      return res.status(500).json({
        success: false,
        message: 'Logout failed'
      });
    }
    res.json({
      success: true,
      message: 'Logout successful'
    });
  });
});

// Check auth status
router.get('/status', (req, res) => {
  if (req.session && req.session.userId) {
    res.json({
      success: true,
      authenticated: true,
      user: {
        id: req.session.userId,
        username: req.session.username
      }
    });
  } else {
    res.json({
      success: true,
      authenticated: false
    });
  }
});

// Change password
router.post('/change-password', requireAuth, async (req, res) => {
  try {
    const { current_password, new_password } = req.body;
    const userId = req.session.userId;

    if (!current_password || !new_password) {
      return res.status(400).json({
        success: false,
        message: '当前密码和新密码不能为空'
      });
    }

    if (new_password.length < 6) {
      return res.status(400).json({
        success: false,
        message: '新密码长度至少6位'
      });
    }

    // 获取当前用户信息
    const [users] = await db.query(
      'SELECT * FROM admin_users WHERE id = ?',
      [userId]
    );

    if (users.length === 0) {
      return res.status(404).json({
        success: false,
        message: '用户不存在'
      });
    }

    const user = users[0];

    // 验证当前密码
    const isValidPassword = await bcrypt.compare(current_password, user.password);

    if (!isValidPassword) {
      return res.status(401).json({
        success: false,
        message: '当前密码错误'
      });
    }

    // 生成新密码哈希
    const hashedPassword = await bcrypt.hash(new_password, 10);

    // 更新密码
    await db.query(
      'UPDATE admin_users SET password = ? WHERE id = ?',
      [hashedPassword, userId]
    );

    res.json({
      success: true,
      message: '密码修改成功'
    });
  } catch (error) {
    console.error('Change password error:', error);
    res.status(500).json({
      success: false,
      message: '密码修改失败'
    });
  }
});

module.exports = router;
1 2026-02-02 20:51:52 +08:00			`const express = require('express');`
			`const router = express.Router();`
			`const bcrypt = require('bcryptjs');`
			`const db = require('../config/database');`
			`const { requireAuth } = require('../middleware/auth');`

			`// Login`
			`router.post('/login', async (req, res) => {`
			`try {`
			`const { username, password } = req.body;`

			`if (!username \|\| !password) {`
			`return res.status(400).json({`
			`success: false,`
			`message: 'Username and password are required'`
			`});`
			`}`

			`// Get user from database`
			`const [users] = await db.query(`
			`'SELECT * FROM admin_users WHERE username = ?',`
			`[username]`
			`);`

			`if (users.length === 0) {`
			`return res.status(401).json({`
			`success: false,`
			`message: 'Invalid username or password'`
			`});`
			`}`

			`const user = users[0];`

			`// Verify password`
			`const isValidPassword = await bcrypt.compare(password, user.password);`

			`if (!isValidPassword) {`
			`return res.status(401).json({`
			`success: false,`
			`message: 'Invalid username or password'`
			`});`
			`}`

			`// Update last login`
			`await db.query(`
			`'UPDATE admin_users SET last_login = NOW() WHERE id = ?',`
			`[user.id]`
			`);`

			`// Set session`
			`req.session.userId = user.id;`
			`req.session.username = user.username;`

			`res.json({`
			`success: true,`
			`message: 'Login successful',`
			`user: {`
			`id: user.id,`
			`username: user.username,`
			`email: user.email`
			`}`
			`});`
			`} catch (error) {`
			`console.error('Login error:', error);`
			`res.status(500).json({`
			`success: false,`
			`message: 'Login failed'`
			`});`
			`}`
			`});`

			`// Logout`
			`router.post('/logout', (req, res) => {`
			`req.session.destroy((err) => {`
			`if (err) {`
			`return res.status(500).json({`
			`success: false,`
			`message: 'Logout failed'`
			`});`
			`}`
			`res.json({`
			`success: true,`
			`message: 'Logout successful'`
			`});`
			`});`
			`});`

			`// Check auth status`
			`router.get('/status', (req, res) => {`
			`if (req.session && req.session.userId) {`
			`res.json({`
			`success: true,`
			`authenticated: true,`
			`user: {`
			`id: req.session.userId,`
			`username: req.session.username`
			`}`
			`});`
			`} else {`
			`res.json({`
			`success: true,`
			`authenticated: false`
			`});`
			`}`
			`});`

			`// Change password`
			`router.post('/change-password', requireAuth, async (req, res) => {`
			`try {`
			`const { current_password, new_password } = req.body;`
			`const userId = req.session.userId;`

			`if (!current_password \|\| !new_password) {`
			`return res.status(400).json({`
			`success: false,`
			`message: '当前密码和新密码不能为空'`
			`});`
			`}`

			`if (new_password.length < 6) {`
			`return res.status(400).json({`
			`success: false,`
			`message: '新密码长度至少6位'`
			`});`
			`}`

			`// 获取当前用户信息`
			`const [users] = await db.query(`
			`'SELECT * FROM admin_users WHERE id = ?',`
			`[userId]`
			`);`

			`if (users.length === 0) {`
			`return res.status(404).json({`
			`success: false,`
			`message: '用户不存在'`
			`});`
			`}`

			`const user = users[0];`

			`// 验证当前密码`
			`const isValidPassword = await bcrypt.compare(current_password, user.password);`

			`if (!isValidPassword) {`
			`return res.status(401).json({`
			`success: false,`
			`message: '当前密码错误'`
			`});`
			`}`

			`// 生成新密码哈希`
			`const hashedPassword = await bcrypt.hash(new_password, 10);`

			`// 更新密码`
			`await db.query(`
			`'UPDATE admin_users SET password = ? WHERE id = ?',`
			`[hashedPassword, userId]`
			`);`

			`res.json({`
			`success: true,`
			`message: '密码修改成功'`
			`});`
			`} catch (error) {`
			`console.error('Change password error:', error);`
			`res.status(500).json({`
			`success: false,`
			`message: '密码修改失败'`
			`});`
			`}`
			`});`

			`module.exports = router;`