Domovská stránka Prehľadávať Pomoc
Prihlásiť sa
Front
/
sporttery
3
0
Fork 0
Súbory Issues 0 Pull requesty 1 Wiki
Strom: bffc192b62
Branche Tagy
sporttery
/
server
/
routes
/
user.js

user.js 2.3 KB
História Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586 
  1. const express = require('express');
    2. 

  2. const bcrypt = require('bcryptjs');
    3. 

  3. const jwt = require('jsonwebtoken');
    4. 

  4. const router = express.Router();
    5. 

  5. 

  6. const authMiddleware = require('../middleware/authMiddleware');
    7. 

  7. 

  8. const User = require('../models/User');
    9. 

  9. 

  10. // 注册
    11. 

  11. router.post('/register', async (req, res) => {
    12. 

  12.   const { username, password } = req.body;
    13. 

  13.   try {
    14. 

  14.     const existing = await User.findOne({ username });
    15. 

  15.     if (existing) {
    16. 

  16.       return res.badRequest('用户已存在');
    17. 

  17.     }
    18. 

  18. 

  19.     const hashedPassword = await bcrypt.hash(password, 10);
    20. 

  20.     const user = new User({ username, password: hashedPassword });
    21. 

  21.     await user.save();
    22. 

  22.     res.sendSuccess('注册成功');
    23. 

  23.   }
    24. 

  24.   catch (err) {
    25. 

  25.     res.serverError();
    26. 

  26.   }
    27. 

  27. });
    28. 

  28. 

  29. // 登录
    30. 

  30. router.post('/login', async (req, res) => {
    31. 

  31.   const { username, password } = req.body;
    32. 

  32.   try {
    33. 

  33.     const user = await User.findOne({ username });
    34. 

  34.     if (!user) {
    35. 

  35.       return res.badRequest('用户不存在');
    36. 

  36.     }
    37. 

  37. 

  38.     const isMatch = await bcrypt.compare(password, user.password);
    39. 

  39.     if (!isMatch) {
    40. 

  40.       return res.badRequest('密码错误');
    41. 

  41.     }
    42. 

  42. 

  43.     // 签发 Access Token 和 Refresh Token
    44. 

  44.     const accessToken = jwt.sign({ userId: user._id }, process.env.JWT_SECRET, { expiresIn: '1h' });
    45. 

  45.     const refreshToken = jwt.sign({ userId: user._id }, process.env.JWT_SECRET, { expiresIn: '7d' });
    46. 

  46. 

  47.     res.json({ access_token: accessToken, refresh_token: refreshToken });
    48. 

  48.   }
    49. 

  49.   catch (err) {
    50. 

  50.     res.serverError();
    51. 

  51.   }
    52. 

  52. });
    53. 

  53. 

  54. // 刷新 Token
    55. 

  55. router.post('/refresh_token', async (req, res) => {
    56. 

  56.   const { refreshToken } = req.body;
    57. 

  57. 

  58.   if (!refreshToken) {
    59. 

  59.     return res.unauthorized('无效的 "refresh token"');
    60. 

  60.   }
    61. 

  61. 

  62.   try {
    63. 

  63.     // 验证 Refresh Token
    64. 

  64.     const decoded = jwt.verify(refreshToken, process.env.JWT_SECRET);
    65. 

  65.     const user = await User.findById(decoded.userId);
    66. 

  66.     if (!user) {
    67. 

  67.       return res.unauthorized('用户不存在');
    68. 

  68.     }
    69. 

  69. 

  70.     // 签发新的 Access Token
    71. 

  71.     const newAccessToken = jwt.sign({ userId: user._id }, process.env.JWT_SECRET, { expiresIn: '1h' });
    72. 

  72. 

  73.     res.json({ access_token: newAccessToken });
    74. 

  74.   }
    75. 

  75.   catch (err) {
    76. 

  76.     res.unauthorized('无效或已过期的 "refresh token"');
    77. 

  77.   }
    78. 

  78. });
    79. 

  79. 

  80. // 受保护接口
    81. 

  81. // router.get('/profile', authMiddleware, async (req, res) => {
    82. 

  82. //   const user = await User.findById(req.userId).select('-password');
    83. 

  83. //   res.json(user);
    84. 

  84. // });
    85. 

  85. 

  86. module.exports = router;
    87.