trace-system/backend-node
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2c006c33307d19045c24203167a8f2aefc5dc142
backend-node/routes/auth.ts

160 lines
4.4 KiB
TypeScript
Raw Blame History

import express, { Request, Response } from 'express';
import jwt from 'jsonwebtoken';
import bcrypt from 'bcryptjs';
import db from '../utils/database';
import { authenticateToken } from '../middleware/auth';
import { User, LoginRequest, ChangePasswordRequest } from '../types';
const router = express.Router();
router.post('/login', async (req: Request<{}, {}, LoginRequest>, res: Response): Promise<void> => {
try {
const { username, password } = req.body;
if (!username || !password) {
res.status(400).json({ error: '用户名和密码不能为空' });
return;
}
const user = await db.get<User>('SELECT * FROM users WHERE username = ?', [username]);
if (!user) {
res.status(401).json({ error: '用户名或密码错误' });
return;
}
const isValidPassword = await bcrypt.compare(password, user.password);
if (!isValidPassword) {
res.status(401).json({ error: '用户名或密码错误' });
return;
}
const token = jwt.sign(
{ userId: user.id, username: user.username, role: user.role },
process.env.JWT_SECRET!,
{ expiresIn: '24h' }
);
res.json({
accessToken: token,
user: {
id: user.id,
username: user.username,
name: user.name,
email: user.email,
role: user.role,
createdAt: user.created_at
}
});
} catch (error) {
console.error('登录错误:', error);
res.status(500).json({ error: '服务器内部错误' });
}
});
router.get('/profile', authenticateToken, async (req: Request, res: Response): Promise<void> => {
try {
const user = await db.get<User>(
'SELECT id, username, name, email, role, created_at FROM users WHERE id = ?',
[req.user!.id]
);
if (!user) {
res.status(404).json({ error: '用户不存在' });
return;
}
res.json({
id: user.id,
username: user.username,
name: user.name,
email: user.email,
role: user.role,
createdAt: user.created_at
});
} catch (error) {
console.error('获取用户信息错误:', error);
res.status(500).json({ error: '服务器内部错误' });
}
});
router.post('/change-password', authenticateToken, async (req: Request<{}, {}, ChangePasswordRequest>, res: Response): Promise<void> => {
try {
const { currentPassword, newPassword } = req.body;
if (!currentPassword || !newPassword) {
res.status(400).json({ error: '当前密码和新密码不能为空' });
return;
}
if (newPassword.length < 6) {
res.status(400).json({ error: '新密码长度至少为6位' });
return;
}
const user = await db.get<Pick<User, 'password'>>('SELECT password FROM users WHERE id = ?', [req.user!.id]);
if (!user) {
res.status(404).json({ error: '用户不存在' });
return;
}
const isValidPassword = await bcrypt.compare(currentPassword, user.password);
if (!isValidPassword) {
res.status(401).json({ error: '当前密码错误' });
return;
}
const hashedPassword = await bcrypt.hash(newPassword, 10);
await db.run('UPDATE users SET password = ?, updated_at = CURRENT_TIMESTAMP WHERE id = ?', [hashedPassword, req.user!.id]);
res.json({ message: '密码修改成功' });
} catch (error) {
console.error('修改密码错误:', error);
res.status(500).json({ error: '服务器内部错误' });
}
});
router.put('/profile', authenticateToken, async (req: Request, res: Response): Promise<void> => {
try {
const { name, email } = req.body;
if (!name) {
res.status(400).json({ error: '姓名不能为空' });
return;
}
if (email && !email.match(/^[^\s@]+@[^\s@]+\.[^\s@]+$/)) {
res.status(400).json({ error: '邮箱格式不正确' });
return;
}
await db.run(
'UPDATE users SET name = ?, email = ?, updated_at = CURRENT_TIMESTAMP WHERE id = ?',
[name, email, req.user!.id]
);
const updatedUser = await db.get<User>(
'SELECT id, username, name, email, role, created_at FROM users WHERE id = ?',
[req.user!.id]
);
res.json({
id: updatedUser!.id,
username: updatedUser!.username,
name: updatedUser!.name,
email: updatedUser!.email,
role: updatedUser!.role,
createdAt: updatedUser!.created_at
});
} catch (error) {
console.error('更新用户资料错误:', error);
res.status(500).json({ error: '服务器内部错误' });
}
});
export default router;
Reference in New Issue View Git Blame Copy Permalink