added init files

2025-12-01 06:55:45 +01:00 · 2025-10-08 02:32:39 +02:00
parent 8d65129e24
commit c70145ca50
51 changed files with 23237 additions and 0 deletions
--- a/backend/src/controllers/authController.ts
+++ b/backend/src/controllers/authController.ts
@@ -0,0 +1,168 @@
+// backend/src/controllers/authController.ts
+import { Request, Response } from 'express';
+import bcrypt from 'bcryptjs';
+import jwt from 'jsonwebtoken';
+import { v4 as uuidv4 } from 'uuid';
+import { db } from '../services/databaseService';
+import { AuthRequest } from '../middleware/auth';
+
+const JWT_SECRET = process.env.JWT_SECRET || 'your-secret-key';
+const JWT_EXPIRES_IN = process.env.JWT_EXPIRES_IN || '7d';
+
+export const login = async (req: Request, res: Response): Promise<void> => {
+  try {
+    const { email, password } = req.body;
+
+    if (!email || !password) {
+      res.status(400).json({ error: 'Email and password are required' });
+      return;
+    }
+
+    // User aus Datenbank holen
+    const user = await db.get<any>(
+      'SELECT * FROM users WHERE email = ?',
+      [email]
+    );
+
+    if (!user) {
+      res.status(401).json({ error: 'Invalid credentials' });
+      return;
+    }
+
+    // Passwort vergleichen
+    const isPasswordValid = await bcrypt.compare(password, user.password);
+    if (!isPasswordValid) {
+      res.status(401).json({ error: 'Invalid credentials' });
+      return;
+    }
+
+    // JWT Token generieren
+    const token = jwt.sign(
+      { 
+        userId: user.id, 
+        email: user.email, 
+        role: user.role 
+      },
+      JWT_SECRET as jwt.Secret,
+      { expiresIn: JWT_EXPIRES_IN as jwt.SignOptions['expiresIn'] }
+    );
+
+    // User ohne Passwort zurückgeben
+    const { password: _, ...userWithoutPassword } = user;
+
+    res.json({
+      user: userWithoutPassword,
+      token,
+      expiresIn: JWT_EXPIRES_IN
+    });
+
+  } catch (error) {
+    console.error('Login error:', error);
+    res.status(500).json({ error: 'Internal server error' });
+  }
+};
+
+export const register = async (req: Request, res: Response): Promise<void> => {
+  try {
+    const { email, password, name, role = 'user' } = req.body;
+
+    if (!email || !password || !name) {
+      res.status(400).json({ error: 'Email, password and name are required' });
+      return;
+    }
+
+    // Check if user already exists
+    const existingUser = await db.get<any>(
+      'SELECT id FROM users WHERE email = ?',
+      [email]
+    );
+
+    if (existingUser) {
+      res.status(409).json({ error: 'User already exists' });
+      return;
+    }
+
+    // Validate role
+    const validRoles = ['admin', 'instandhalter', 'user'];
+    if (!validRoles.includes(role)) {
+      res.status(400).json({ error: 'Invalid role' });
+      return;
+    }
+
+    // Hash password
+    const hashedPassword = await bcrypt.hash(password, 10);
+    const userId = uuidv4();
+
+    // Create user
+    await db.run(
+      'INSERT INTO users (id, email, password, name, role) VALUES (?, ?, ?, ?, ?)',
+      [userId, email, hashedPassword, name, role]
+    );
+
+    // Generate token
+    const token = jwt.sign(
+      { 
+        userId, 
+        email, 
+        role 
+      },
+      JWT_SECRET as jwt.Secret,
+      { expiresIn: JWT_EXPIRES_IN as jwt.SignOptions['expiresIn'] }
+    );
+
+    // Return user without password
+    const user = {
+      id: userId,
+      email,
+      name,
+      role,
+      createdAt: new Date().toISOString()
+    };
+
+    res.status(201).json({
+      user,
+      token,
+      expiresIn: JWT_EXPIRES_IN
+    });
+
+  } catch (error) {
+    console.error('Registration error:', error);
+    res.status(500).json({ error: 'Internal server error' });
+  }
+};
+
+export const logout = async (req: AuthRequest, res: Response): Promise<void> => {
+  try {
+    // Bei JWT gibt es keinen Server-side logout, aber wir können den Token client-seitig entfernen
+    res.json({ message: 'Logged out successfully' });
+  } catch (error) {
+    console.error('Logout error:', error);
+    res.status(500).json({ error: 'Internal server error' });
+  }
+};
+
+export const getCurrentUser = async (req: AuthRequest, res: Response): Promise<void> => {
+  try {
+    const userId = req.user?.userId;
+
+    if (!userId) {
+      res.status(401).json({ error: 'Not authenticated' });
+      return;
+    }
+
+    const user = await db.get<any>(
+      'SELECT id, email, name, role, created_at FROM users WHERE id = ?',
+      [userId]
+    );
+
+    if (!user) {
+      res.status(404).json({ error: 'User not found' });
+      return;
+    }
+
+    res.json(user);
+  } catch (error) {
+    console.error('Get current user error:', error);
+    res.status(500).json({ error: 'Internal server error' });
+  }
+};