Initial commit — Shop Manager for Tony Moon
Full auto mechanic shop management tool: jobs, invoices, estimates, inspections, inventory, recommendations, technicians, appointments, reports, file uploads, kanban board, and more. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
71
server/src/routes/auth.ts
Normal file
71
server/src/routes/auth.ts
Normal file
@@ -0,0 +1,71 @@
|
||||
import { Router, Response } from 'express';
|
||||
import bcrypt from 'bcryptjs';
|
||||
import db from '../database';
|
||||
import { AuthRequest, generateToken, authMiddleware } from '../middleware/auth';
|
||||
import { User } from '../types';
|
||||
|
||||
const router = Router();
|
||||
|
||||
router.post('/register', (req: AuthRequest, res: Response) => {
|
||||
try {
|
||||
const { username, password, displayName } = req.body;
|
||||
if (!username || !password) {
|
||||
return res.status(400).json({ error: 'Username and password required' });
|
||||
}
|
||||
|
||||
// Only allow registration if no users exist (first-run setup)
|
||||
const userCount = db.prepare('SELECT COUNT(*) as count FROM users').get() as { count: number };
|
||||
if (userCount.count > 0) {
|
||||
return res.status(403).json({ error: 'Registration disabled. User already exists.' });
|
||||
}
|
||||
|
||||
const hash = bcrypt.hashSync(password, 10);
|
||||
const result = db.prepare(
|
||||
'INSERT INTO users (username, password_hash, display_name) VALUES (?, ?, ?)'
|
||||
).run(username, hash, displayName || null);
|
||||
|
||||
const token = generateToken(result.lastInsertRowid as number);
|
||||
res.json({ token, user: { id: result.lastInsertRowid, username, displayName: displayName || null } });
|
||||
} catch (error: any) {
|
||||
if (error.code === 'SQLITE_CONSTRAINT_UNIQUE') {
|
||||
return res.status(409).json({ error: 'Username already exists' });
|
||||
}
|
||||
res.status(500).json({ error: error.message });
|
||||
}
|
||||
});
|
||||
|
||||
router.post('/login', (req: AuthRequest, res: Response) => {
|
||||
try {
|
||||
const { username, password } = req.body;
|
||||
if (!username || !password) {
|
||||
return res.status(400).json({ error: 'Username and password required' });
|
||||
}
|
||||
|
||||
const user = db.prepare('SELECT * FROM users WHERE username = ?').get(username) as User | undefined;
|
||||
if (!user || !bcrypt.compareSync(password, user.password_hash)) {
|
||||
return res.status(401).json({ error: 'Invalid credentials' });
|
||||
}
|
||||
|
||||
const token = generateToken(user.id);
|
||||
res.json({ token, user: { id: user.id, username: user.username, displayName: user.display_name } });
|
||||
} catch (error: any) {
|
||||
res.status(500).json({ error: error.message });
|
||||
}
|
||||
});
|
||||
|
||||
router.get('/me', authMiddleware, (req: AuthRequest, res: Response) => {
|
||||
try {
|
||||
const user = db.prepare('SELECT id, username, display_name FROM users WHERE id = ?').get(req.userId) as User | undefined;
|
||||
if (!user) return res.status(404).json({ error: 'User not found' });
|
||||
res.json({ id: user.id, username: user.username, displayName: user.display_name });
|
||||
} catch (error: any) {
|
||||
res.status(500).json({ error: error.message });
|
||||
}
|
||||
});
|
||||
|
||||
router.get('/setup-required', (_req: AuthRequest, res: Response) => {
|
||||
const userCount = db.prepare('SELECT COUNT(*) as count FROM users').get() as { count: number };
|
||||
res.json({ setupRequired: userCount.count === 0 });
|
||||
});
|
||||
|
||||
export default router;
|
||||
Reference in New Issue
Block a user