const express = require('express'); const router = express.Router(); const bcrypt = require('bcryptjs'); const db = require('../config/database'); const { requireAuth } = require('../middleware/auth'); // Login router.post('/login', async (req, res) => { try { const { username, password } = req.body; if (!username || !password) { return res.status(400).json({ success: false, message: 'Username and password are required' }); } // Get user from database const [users] = await db.query( 'SELECT * FROM admin_users WHERE username = ?', [username] ); if (users.length === 0) { return res.status(401).json({ success: false, message: 'Invalid username or password' }); } const user = users[0]; // Verify password const isValidPassword = await bcrypt.compare(password, user.password); if (!isValidPassword) { return res.status(401).json({ success: false, message: 'Invalid username or password' }); } // Update last login await db.query( 'UPDATE admin_users SET last_login = NOW() WHERE id = ?', [user.id] ); // Set session req.session.userId = user.id; req.session.username = user.username; res.json({ success: true, message: 'Login successful', user: { id: user.id, username: user.username, email: user.email } }); } catch (error) { console.error('Login error:', error); res.status(500).json({ success: false, message: 'Login failed' }); } }); // Logout router.post('/logout', (req, res) => { req.session.destroy((err) => { if (err) { return res.status(500).json({ success: false, message: 'Logout failed' }); } res.json({ success: true, message: 'Logout successful' }); }); }); // Check auth status router.get('/status', (req, res) => { if (req.session && req.session.userId) { res.json({ success: true, authenticated: true, user: { id: req.session.userId, username: req.session.username } }); } else { res.json({ success: true, authenticated: false }); } }); // Change password router.post('/change-password', requireAuth, async (req, res) => { try { const { current_password, new_password } = req.body; const userId = req.session.userId; if (!current_password || !new_password) { return res.status(400).json({ success: false, message: '当前密码和新密码不能为空' }); } if (new_password.length < 6) { return res.status(400).json({ success: false, message: '新密码长度至少6位' }); } // 获取当前用户信息 const [users] = await db.query( 'SELECT * FROM admin_users WHERE id = ?', [userId] ); if (users.length === 0) { return res.status(404).json({ success: false, message: '用户不存在' }); } const user = users[0]; // 验证当前密码 const isValidPassword = await bcrypt.compare(current_password, user.password); if (!isValidPassword) { return res.status(401).json({ success: false, message: '当前密码错误' }); } // 生成新密码哈希 const hashedPassword = await bcrypt.hash(new_password, 10); // 更新密码 await db.query( 'UPDATE admin_users SET password = ? WHERE id = ?', [hashedPassword, userId] ); res.json({ success: true, message: '密码修改成功' }); } catch (error) { console.error('Change password error:', error); res.status(500).json({ success: false, message: '密码修改失败' }); } }); module.exports = router;