37 lines
1.5 KiB
JavaScript
37 lines
1.5 KiB
JavaScript
import bcrypt from 'bcrypt';
|
|
import { getCollections } from '../db/mongo.js';
|
|
|
|
export function registerAuthRoutes(app) {
|
|
const { usersCollection } = getCollections();
|
|
const errText = 'Falsche Email oder falsches Passwort.'
|
|
|
|
app.get('/register', (req, res) => res.render('register', { error: null }));
|
|
|
|
app.post('/register', async (req, res) => {
|
|
const { email, password } = req.body;
|
|
if (!email || !password) return res.render('register', { error: 'Bitte Email und Passwort angeben.' });
|
|
const existingUser = await usersCollection.findOne({ email: email.toLowerCase() });
|
|
if (existingUser) return res.render('register', { error: 'Email schon registriert.' });
|
|
const hash = await bcrypt.hash(password, 10);
|
|
await usersCollection.insertOne({ email: email.toLowerCase(), passwordHash: hash });
|
|
res.redirect('/login');
|
|
});
|
|
|
|
app.get('/login', (req, res) => res.render('login', { error: null }));
|
|
|
|
app.post('/login', async (req, res) => {
|
|
const { email, password } = req.body;
|
|
const user = await usersCollection.findOne({ email: email.toLowerCase() });
|
|
if (!user) return res.render('login', { error: errText });
|
|
const match = await bcrypt.compare(password, user.passwordHash);
|
|
if (!match) return res.render('login', { error: errText });
|
|
req.session.userId = user._id;
|
|
req.session.isAdmin = user.role === 'admin';
|
|
res.redirect('/');
|
|
});
|
|
|
|
app.get('/logout', (req, res) => {
|
|
req.session.destroy(() => res.redirect('/login'));
|
|
});
|
|
}
|