175 lines
3.8 KiB
JavaScript
175 lines
3.8 KiB
JavaScript
const express = require('express');
|
|
const router = express.Router();
|
|
const bcrypt = require('bcryptjs');
|
|
const db = require('../config/database');
|
|
const { requireAuth } = require('../middleware/auth');
|
|
|
|
// Login
|
|
router.post('/login', async (req, res) => {
|
|
try {
|
|
const { username, password } = req.body;
|
|
|
|
if (!username || !password) {
|
|
return res.status(400).json({
|
|
success: false,
|
|
message: 'Username and password are required'
|
|
});
|
|
}
|
|
|
|
// Get user from database
|
|
const [users] = await db.query(
|
|
'SELECT * FROM admin_users WHERE username = ?',
|
|
[username]
|
|
);
|
|
|
|
if (users.length === 0) {
|
|
return res.status(401).json({
|
|
success: false,
|
|
message: 'Invalid username or password'
|
|
});
|
|
}
|
|
|
|
const user = users[0];
|
|
|
|
// Verify password
|
|
const isValidPassword = await bcrypt.compare(password, user.password);
|
|
|
|
if (!isValidPassword) {
|
|
return res.status(401).json({
|
|
success: false,
|
|
message: 'Invalid username or password'
|
|
});
|
|
}
|
|
|
|
// Update last login
|
|
await db.query(
|
|
'UPDATE admin_users SET last_login = NOW() WHERE id = ?',
|
|
[user.id]
|
|
);
|
|
|
|
// Set session
|
|
req.session.userId = user.id;
|
|
req.session.username = user.username;
|
|
|
|
res.json({
|
|
success: true,
|
|
message: 'Login successful',
|
|
user: {
|
|
id: user.id,
|
|
username: user.username,
|
|
email: user.email
|
|
}
|
|
});
|
|
} catch (error) {
|
|
console.error('Login error:', error);
|
|
res.status(500).json({
|
|
success: false,
|
|
message: 'Login failed'
|
|
});
|
|
}
|
|
});
|
|
|
|
// Logout
|
|
router.post('/logout', (req, res) => {
|
|
req.session.destroy((err) => {
|
|
if (err) {
|
|
return res.status(500).json({
|
|
success: false,
|
|
message: 'Logout failed'
|
|
});
|
|
}
|
|
res.json({
|
|
success: true,
|
|
message: 'Logout successful'
|
|
});
|
|
});
|
|
});
|
|
|
|
// Check auth status
|
|
router.get('/status', (req, res) => {
|
|
if (req.session && req.session.userId) {
|
|
res.json({
|
|
success: true,
|
|
authenticated: true,
|
|
user: {
|
|
id: req.session.userId,
|
|
username: req.session.username
|
|
}
|
|
});
|
|
} else {
|
|
res.json({
|
|
success: true,
|
|
authenticated: false
|
|
});
|
|
}
|
|
});
|
|
|
|
// Change password
|
|
router.post('/change-password', requireAuth, async (req, res) => {
|
|
try {
|
|
const { current_password, new_password } = req.body;
|
|
const userId = req.session.userId;
|
|
|
|
if (!current_password || !new_password) {
|
|
return res.status(400).json({
|
|
success: false,
|
|
message: '当前密码和新密码不能为空'
|
|
});
|
|
}
|
|
|
|
if (new_password.length < 6) {
|
|
return res.status(400).json({
|
|
success: false,
|
|
message: '新密码长度至少6位'
|
|
});
|
|
}
|
|
|
|
// 获取当前用户信息
|
|
const [users] = await db.query(
|
|
'SELECT * FROM admin_users WHERE id = ?',
|
|
[userId]
|
|
);
|
|
|
|
if (users.length === 0) {
|
|
return res.status(404).json({
|
|
success: false,
|
|
message: '用户不存在'
|
|
});
|
|
}
|
|
|
|
const user = users[0];
|
|
|
|
// 验证当前密码
|
|
const isValidPassword = await bcrypt.compare(current_password, user.password);
|
|
|
|
if (!isValidPassword) {
|
|
return res.status(401).json({
|
|
success: false,
|
|
message: '当前密码错误'
|
|
});
|
|
}
|
|
|
|
// 生成新密码哈希
|
|
const hashedPassword = await bcrypt.hash(new_password, 10);
|
|
|
|
// 更新密码
|
|
await db.query(
|
|
'UPDATE admin_users SET password = ? WHERE id = ?',
|
|
[hashedPassword, userId]
|
|
);
|
|
|
|
res.json({
|
|
success: true,
|
|
message: '密码修改成功'
|
|
});
|
|
} catch (error) {
|
|
console.error('Change password error:', error);
|
|
res.status(500).json({
|
|
success: false,
|
|
message: '密码修改失败'
|
|
});
|
|
}
|
|
});
|
|
|
|
module.exports = router;
|