Kirill
49f24d7482
- auth-session.js: GET /api/me, GET /api/me/auth-methods - auth-password.js: POST /api/me/password, POST /api/me/change-password - auth-oauth.js: DELETE /api/me/oauth/:provider - auth.js: kept only /api/auth/* routes + /api/me/profile - api.js: registers new auth route modules - tests split to separate files per module
50 lines
2.4 KiB
JavaScript
50 lines
2.4 KiB
JavaScript
import { comparePassword, hashPassword, isAdminEmail, validatePassword } from '../lib/auth.js'
|
|
import { prisma } from '../lib/prisma.js'
|
|
|
|
export async function registerAuthPasswordRoutes(fastify) {
|
|
fastify.post('/api/me/password', { preHandler: [fastify.authenticate] }, async (request, reply) => {
|
|
const userId = request.user.sub
|
|
if (isAdminEmail(request.user.email)) {
|
|
return reply.code(403).send({ error: 'Администратор не может устанавливать пароль' })
|
|
}
|
|
|
|
const user = await prisma.user.findUnique({ where: { id: userId } })
|
|
if (!user) return reply.code(404).send({ error: 'Пользователь не найден' })
|
|
if (user.passwordHash) return reply.code(409).send({ error: 'Пароль уже установлен' })
|
|
|
|
const password = String(request.body?.password || '')
|
|
const passwordErr = validatePassword(password)
|
|
if (passwordErr) return reply.code(400).send({ error: passwordErr })
|
|
|
|
const passwordHash = await hashPassword(password)
|
|
await prisma.user.update({ where: { id: userId }, data: { passwordHash } })
|
|
|
|
return { ok: true }
|
|
})
|
|
|
|
fastify.post('/api/me/change-password', { preHandler: [fastify.authenticate] }, async (request, reply) => {
|
|
const userId = request.user.sub
|
|
if (isAdminEmail(request.user.email)) {
|
|
return reply.code(403).send({ error: 'Администратор не может менять пароль' })
|
|
}
|
|
|
|
const user = await prisma.user.findUnique({ where: { id: userId } })
|
|
if (!user) return reply.code(404).send({ error: 'Пользователь не найден' })
|
|
if (!user.passwordHash)
|
|
return reply.code(400).send({ error: 'Пароль не установлен. Используйте установку пароля.' })
|
|
|
|
const oldPassword = String(request.body?.oldPassword || '')
|
|
const valid = await comparePassword(oldPassword, user.passwordHash)
|
|
if (!valid) return reply.code(401).send({ error: 'Неверный текущий пароль' })
|
|
|
|
const newPassword = String(request.body?.newPassword || '')
|
|
const passwordErr = validatePassword(newPassword)
|
|
if (passwordErr) return reply.code(400).send({ error: passwordErr })
|
|
|
|
const passwordHash = await hashPassword(newPassword)
|
|
await prisma.user.update({ where: { id: userId }, data: { passwordHash } })
|
|
|
|
return { ok: true }
|
|
})
|
|
}
|