trace-system/backend-node
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e98dbcb0f4231bc967dfe2c02ed52ec938eef140
backend-node/routes/auth.js
ZHENG XIAOYI e98dbcb0f4 Initial commit
2026-02-06 14:29:29 +08:00

139 lines
4.0 KiB
JavaScript
Raw Blame History

const express = require('express');
const jwt = require('jsonwebtoken');
const bcrypt = require('bcryptjs');
const db = require('../utils/database');
const { authenticateToken } = require('../middleware/auth');
const router = express.Router();
// 用户登录
router.post('/login', async (req, res) => {
try {
const { username, password } = req.body;
if (!username || !password) {
return res.status(400).json({ error: '用户名和密码不能为空' });
}
// 查询用户
const user = await db.get('SELECT * FROM users WHERE username = ?', [username]);
if (!user) {
return res.status(401).json({ error: '用户名或密码错误' });
}
// 验证密码
const isValidPassword = await bcrypt.compare(password, user.password);
if (!isValidPassword) {
return res.status(401).json({ error: '用户名或密码错误' });
}
// 生成JWT令牌
const token = jwt.sign(
{ userId: user.id, username: user.username, role: user.role },
process.env.JWT_SECRET,
{ expiresIn: '24h' }
);
// 返回用户信息和令牌
res.json({
accessToken: token,
user: {
id: user.id,
username: user.username,
name: user.name,
email: user.email,
role: user.role
}
});
} catch (error) {
console.error('登录错误:', error);
res.status(500).json({ error: '服务器内部错误' });
}
});
// 获取用户信息
router.get('/profile', authenticateToken, async (req, res) => {
try {
const user = await db.get('SELECT id, username, name, email, role, created_at FROM users WHERE id = ?', [req.user.id]);
if (!user) {
return res.status(404).json({ error: '用户不存在' });
}
res.json(user);
} catch (error) {
console.error('获取用户信息错误:', error);
res.status(500).json({ error: '服务器内部错误' });
}
});
// 修改密码
router.post('/change-password', authenticateToken, async (req, res) => {
try {
const { currentPassword, newPassword } = req.body;
if (!currentPassword || !newPassword) {
return res.status(400).json({ error: '当前密码和新密码不能为空' });
}
if (newPassword.length < 6) {
return res.status(400).json({ error: '新密码长度至少为6位' });
}
// 查询用户
const user = await db.get('SELECT password FROM users WHERE id = ?', [req.user.id]);
if (!user) {
return res.status(404).json({ error: '用户不存在' });
}
// 验证当前密码
const isValidPassword = await bcrypt.compare(currentPassword, user.password);
if (!isValidPassword) {
return res.status(401).json({ error: '当前密码错误' });
}
// 哈希新密码
const hashedPassword = await bcrypt.hash(newPassword, 10);
// 更新密码
await db.run('UPDATE users SET password = ?, updated_at = CURRENT_TIMESTAMP WHERE id = ?', [hashedPassword, req.user.id]);
res.json({ message: '密码修改成功' });
} catch (error) {
console.error('修改密码错误:', error);
res.status(500).json({ error: '服务器内部错误' });
}
});
// 更新用户资料
router.put('/profile', authenticateToken, async (req, res) => {
try {
const { name, email } = req.body;
// 验证输入
if (!name) {
return res.status(400).json({ error: '姓名不能为空' });
}
if (email && !email.match(/^[^\s@]+@[^\s@]+\.[^\s@]+$/)) {
return res.status(400).json({ error: '邮箱格式不正确' });
}
// 更新用户资料
await db.run('UPDATE users SET name = ?, email = ?, updated_at = CURRENT_TIMESTAMP WHERE id = ?', [name, email, req.user.id]);
// 获取更新后的用户资料
const updatedUser = await db.get('SELECT id, username, name, email, role, created_at FROM users WHERE id = ?', [req.user.id]);
res.json(updatedUser);
} catch (error) {
console.error('更新用户资料错误:', error);
res.status(500).json({ error: '服务器内部错误' });
}
});
module.exports = router;
Reference in New Issue View Git Blame Copy Permalink