Full auto mechanic shop management tool: jobs, invoices, estimates, inspections, inventory, recommendations, technicians, appointments, reports, file uploads, kanban board, and more. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
72 lines
2.8 KiB
TypeScript
72 lines
2.8 KiB
TypeScript
import { Router, Response } from 'express';
|
|
import bcrypt from 'bcryptjs';
|
|
import db from '../database';
|
|
import { AuthRequest, generateToken, authMiddleware } from '../middleware/auth';
|
|
import { User } from '../types';
|
|
|
|
const router = Router();
|
|
|
|
router.post('/register', (req: AuthRequest, res: Response) => {
|
|
try {
|
|
const { username, password, displayName } = req.body;
|
|
if (!username || !password) {
|
|
return res.status(400).json({ error: 'Username and password required' });
|
|
}
|
|
|
|
// Only allow registration if no users exist (first-run setup)
|
|
const userCount = db.prepare('SELECT COUNT(*) as count FROM users').get() as { count: number };
|
|
if (userCount.count > 0) {
|
|
return res.status(403).json({ error: 'Registration disabled. User already exists.' });
|
|
}
|
|
|
|
const hash = bcrypt.hashSync(password, 10);
|
|
const result = db.prepare(
|
|
'INSERT INTO users (username, password_hash, display_name) VALUES (?, ?, ?)'
|
|
).run(username, hash, displayName || null);
|
|
|
|
const token = generateToken(result.lastInsertRowid as number);
|
|
res.json({ token, user: { id: result.lastInsertRowid, username, displayName: displayName || null } });
|
|
} catch (error: any) {
|
|
if (error.code === 'SQLITE_CONSTRAINT_UNIQUE') {
|
|
return res.status(409).json({ error: 'Username already exists' });
|
|
}
|
|
res.status(500).json({ error: error.message });
|
|
}
|
|
});
|
|
|
|
router.post('/login', (req: AuthRequest, res: Response) => {
|
|
try {
|
|
const { username, password } = req.body;
|
|
if (!username || !password) {
|
|
return res.status(400).json({ error: 'Username and password required' });
|
|
}
|
|
|
|
const user = db.prepare('SELECT * FROM users WHERE username = ?').get(username) as User | undefined;
|
|
if (!user || !bcrypt.compareSync(password, user.password_hash)) {
|
|
return res.status(401).json({ error: 'Invalid credentials' });
|
|
}
|
|
|
|
const token = generateToken(user.id);
|
|
res.json({ token, user: { id: user.id, username: user.username, displayName: user.display_name } });
|
|
} catch (error: any) {
|
|
res.status(500).json({ error: error.message });
|
|
}
|
|
});
|
|
|
|
router.get('/me', authMiddleware, (req: AuthRequest, res: Response) => {
|
|
try {
|
|
const user = db.prepare('SELECT id, username, display_name FROM users WHERE id = ?').get(req.userId) as User | undefined;
|
|
if (!user) return res.status(404).json({ error: 'User not found' });
|
|
res.json({ id: user.id, username: user.username, displayName: user.display_name });
|
|
} catch (error: any) {
|
|
res.status(500).json({ error: error.message });
|
|
}
|
|
});
|
|
|
|
router.get('/setup-required', (_req: AuthRequest, res: Response) => {
|
|
const userCount = db.prepare('SELECT COUNT(*) as count FROM users').get() as { count: number };
|
|
res.json({ setupRequired: userCount.count === 0 });
|
|
});
|
|
|
|
export default router;
|