import { Router, Response } from 'express'; import bcrypt from 'bcryptjs'; import db from '../database'; import { AuthRequest, generateToken, authMiddleware } from '../middleware/auth'; import { User } from '../types'; const router = Router(); router.post('/register', (req: AuthRequest, res: Response) => { try { const { username, password, displayName } = req.body; if (!username || !password) { return res.status(400).json({ error: 'Username and password required' }); } // Only allow registration if no users exist (first-run setup) const userCount = db.prepare('SELECT COUNT(*) as count FROM users').get() as { count: number }; if (userCount.count > 0) { return res.status(403).json({ error: 'Registration disabled. User already exists.' }); } const hash = bcrypt.hashSync(password, 10); const result = db.prepare( 'INSERT INTO users (username, password_hash, display_name) VALUES (?, ?, ?)' ).run(username, hash, displayName || null); const token = generateToken(result.lastInsertRowid as number); res.json({ token, user: { id: result.lastInsertRowid, username, displayName: displayName || null } }); } catch (error: any) { if (error.code === 'SQLITE_CONSTRAINT_UNIQUE') { return res.status(409).json({ error: 'Username already exists' }); } res.status(500).json({ error: error.message }); } }); router.post('/login', (req: AuthRequest, res: Response) => { try { const { username, password } = req.body; if (!username || !password) { return res.status(400).json({ error: 'Username and password required' }); } const user = db.prepare('SELECT * FROM users WHERE username = ?').get(username) as User | undefined; if (!user || !bcrypt.compareSync(password, user.password_hash)) { return res.status(401).json({ error: 'Invalid credentials' }); } const token = generateToken(user.id); res.json({ token, user: { id: user.id, username: user.username, displayName: user.display_name } }); } catch (error: any) { res.status(500).json({ error: error.message }); } }); router.get('/me', authMiddleware, (req: AuthRequest, res: Response) => { try { const user = db.prepare('SELECT id, username, display_name FROM users WHERE id = ?').get(req.userId) as User | undefined; if (!user) return res.status(404).json({ error: 'User not found' }); res.json({ id: user.id, username: user.username, displayName: user.display_name }); } catch (error: any) { res.status(500).json({ error: error.message }); } }); router.get('/setup-required', (_req: AuthRequest, res: Response) => { const userCount = db.prepare('SELECT COUNT(*) as count FROM users').get() as { count: number }; res.json({ setupRequired: userCount.count === 0 }); }); export default router;