28 lines
1.1 KiB
JavaScript
28 lines
1.1 KiB
JavaScript
const express = require('express');
|
|
const db = global.db;
|
|
const router = express.Router();
|
|
|
|
// GET /login
|
|
router.get('/', (req, res) => {
|
|
if (req.session.user) return res.redirect('/dashboard');
|
|
res.render('login'); // Assumes you have a 'login' view/template
|
|
});
|
|
|
|
// POST /login
|
|
router.post('/', (req, res) => {
|
|
if (req.session.user) return res.redirect('/dashboard');
|
|
const { username, password } = req.body;
|
|
if (!username || !password) return res.status(400).render('login', { error: 'Username and password are required.' });
|
|
db.query('SELECT * FROM users WHERE username = ?', [username]).then(async (user) => {
|
|
if (!user) return res.status(401).render('login', { error: 'Invalid username or password.' });
|
|
const match = await global.comparePassword(password, user.passwordHash);
|
|
if (!match) return res.status(401).render('login', { error: 'Invalid username or password.' });
|
|
req.session.user = { user };
|
|
res.redirect('/dashboard');
|
|
}).catch(err => {
|
|
global.log.error(`Database error during login: ${err}`);
|
|
res.status(500).render('login', { error: 'Internal server error.' });
|
|
})
|
|
});
|
|
|
|
module.exports = router; |