Press n or j to go to the next uncovered block, b, p or k for the previous block.
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 | 6x 6x 6x 6x 6x 6x 6x 6x 6x 6x 6x 6x | const passport = require('passport');
const jwt = require('jsonwebtoken');
const User = require('../models/User');
const EmailService = require('../services/emailService');
// Web Authentication
exports.getRegister = (req, res) => {
res.render('auth/register', {
title: 'Register',
messages: {
error: req.flash('error'),
success: req.flash('success')
}
});
};
exports.postRegister = async (req, res) => {
try {
const { username, email, password, confirm_password, full_name, terms } = req.body;
if (!terms) {
req.flash('error', 'You must accept the terms and conditions');
return res.redirect('/auth/register');
}
if (password !== confirm_password) {
req.flash('error', 'Passwords do not match');
return res.redirect('/auth/register');
}
// Check for existing username first (before password hashing)
const existingUsername = await User.findByUsername(username);
if (existingUsername) {
req.flash('error', `Username "${username}" is already taken. Please choose another.`);
return res.redirect('/auth/register');
}
// Then check for existing email
const existingEmail = await User.findByEmail(email);
if (existingEmail) {
req.flash('error', `Email "${email}" is already registered.`);
return res.redirect('/auth/register');
}
const userId = await User.create({
username,
email,
password,
full_name,
role: 'auditor'
});
await EmailService.sendWelcomeEmail(email, username);
req.flash('success', 'Registration successful! Please login');
res.redirect('/auth/login');
} catch (error) {
console.error('Registration error:', error);
req.flash('error', 'Registration failed. Please try again.');
res.redirect('/auth/register');
}
};
exports.getLogin = (req, res) => {
res.render('auth/login', {
title: 'Login',
messages: {
error: req.flash('error'),
success: req.flash('success')
}
});
};
exports.postLogin = (req, res) => {
const token = jwt.sign(
{ id: req.user.id, username: req.user.username, role: req.user.role },
process.env.JWT_SECRET,
{ expiresIn: '8h' }
);
res.cookie('jwt', token, {
httpOnly: true,
secure: process.env.NODE_ENV === 'production',
sameSite: 'strict',
maxAge: 8 * 60 * 60 * 1000
});
res.redirect('/dashboard');
};
exports.viewLogout = (req, res) => {
res.clearCookie('jwt');
req.logout(() => {
res.redirect('/auth/login');
});
};
// API Authentication
exports.apiLogin = async (req, res, next) => {
passport.authenticate('local', { session: false }, (err, user, info) => {
if (err || !user) {
return res.status(401).json({
success: false,
message: info?.message || 'Authentication failed'
});
}
const token = jwt.sign(
{ id: user.id, role: user.role },
process.env.JWT_SECRET,
{ expiresIn: '8h' }
);
return res.json({
success: true,
token,
user: {
id: user.id,
username: user.username,
role: user.role
}
});
})(req, res, next);
};
exports.apiLogout = (req, res) => {
res.clearCookie('jwt');
res.json({
success: true,
message: 'Successfully logged out'
});
};
exports.getCurrentUser = (req, res) => {
res.json({
success: true,
user: req.user
});
}; |