aufgeteilt in Module

routes/auth.js

@@ -0,0 +1,34 @@
+import bcrypt from 'bcrypt';
+import { getCollections } from '../db/mongo.js';
+
+export function registerAuthRoutes(app) {
+  const { usersCollection } = getCollections();
+
+  app.get('/register', (req, res) => res.render('register', { error: null }));
+
+  app.post('/register', async (req, res) => {
+    const { email, password } = req.body;
+    if (!email || !password) return res.render('register', { error: 'Bitte Email und Passwort angeben.' });
+    const existingUser = await usersCollection.findOne({ email: email.toLowerCase() });
+    if (existingUser) return res.render('register', { error: 'Email schon registriert.' });
+    const hash = await bcrypt.hash(password, 10);
+    await usersCollection.insertOne({ email: email.toLowerCase(), passwordHash: hash });
+    res.redirect('/login');
+  });
+
+  app.get('/login', (req, res) => res.render('login', { error: null }));
+
+  app.post('/login', async (req, res) => {
+    const { email, password } = req.body;
+    const user = await usersCollection.findOne({ email: email.toLowerCase() });
+    if (!user) return res.render('login', { error: 'Falsche Email oder Passwort.' });
+    const match = await bcrypt.compare(password, user.passwordHash);
+    if (!match) return res.render('login', { error: 'Falsche Email oder Passwort.' });
+    req.session.userId = user._id;
+    res.redirect('/');
+  });
+
+  app.get('/logout', (req, res) => {
+    req.session.destroy(() => res.redirect('/login'));
+  });
+}