42 lines
1.2 KiB
JavaScript
42 lines
1.2 KiB
JavaScript
import express from "express";
|
|
import bcrypt from "bcryptjs";
|
|
import jwt from "jsonwebtoken";
|
|
import User from "../models/User.js";
|
|
|
|
const router = express.Router();
|
|
|
|
// Registrazione
|
|
router.post("/register", async (req, res) => {
|
|
const { email, password } = req.body;
|
|
if (!email || !password)
|
|
return res.status(400).json({ error: "Email e password richiesti" });
|
|
|
|
const existing = await User.findOne({ email });
|
|
if (existing) return res.status(400).json({ error: "Email già registrata" });
|
|
|
|
const passwordHash = await bcrypt.hash(password, 10);
|
|
|
|
const user = await User.create({ email, passwordHash });
|
|
|
|
res.json({ id: user._id, email: user.email });
|
|
});
|
|
|
|
// Login
|
|
router.post("/login", async (req, res) => {
|
|
const { email, password } = req.body;
|
|
const user = await User.findOne({ email });
|
|
if (!user) return res.status(400).json({ error: "Credenziali non valide" });
|
|
|
|
const valid = await bcrypt.compare(password, user.passwordHash);
|
|
if (!valid) return res.status(400).json({ error: "Credenziali non valide" });
|
|
|
|
const token = jwt.sign(
|
|
{ userId: user._id },
|
|
process.env.JWT_SECRET || "devsecret",
|
|
{ expiresIn: "7d" }
|
|
);
|
|
|
|
res.json({ token });
|
|
});
|
|
|
|
export default router;
|