Added Backend

2026-01-06 12:07:43 +01:00
parent b013ef8f4b
commit 6f3d4c0bff
165 changed files with 0 additions and 0 deletions
--- a/backend/src/routes/auth/auth-authenticated.ts
+++ b/backend/src/routes/auth/auth-authenticated.ts
@@ -0,0 +1,96 @@
+import { FastifyInstance } from "fastify"
+import bcrypt from "bcrypt"
+import { eq } from "drizzle-orm"
+
+import { authUsers } from "../../../db/schema"  // wichtig: Drizzle Schema importieren!
+
+export default async function authRoutesAuthenticated(server: FastifyInstance) {
+
+    server.post("/auth/password/change", {
+        schema: {
+            tags: ["Auth"],
+            summary: "Change password (after login or forced reset)",
+            body: {
+                type: "object",
+                required: ["old_password", "new_password"],
+                properties: {
+                    old_password: { type: "string" },
+                    new_password: { type: "string" },
+                },
+            },
+            response: {
+                200: {
+                    type: "object",
+                    properties: {
+                        success: { type: "boolean" },
+                    },
+                },
+            },
+        },
+    }, async (req, reply) => {
+
+        try {
+            const { old_password, new_password } = req.body as {
+                old_password: string
+                new_password: string
+            }
+
+            const userId = req.user?.user_id
+            if (!userId) {
+                //@ts-ignore
+                return reply.code(401).send({ error: "Unauthorized" })
+            }
+
+            // -----------------------------------------------------
+            // 1) User laden
+            // -----------------------------------------------------
+            const [user] = await server.db
+                .select({
+                    id: authUsers.id,
+                    passwordHash: authUsers.passwordHash,
+                    mustChangePassword: authUsers.must_change_password
+                })
+                .from(authUsers)
+                .where(eq(authUsers.id, userId))
+                .limit(1)
+
+            if (!user) {
+                //@ts-ignore
+                return reply.code(404).send({ error: "User not found" })
+            }
+
+            // -----------------------------------------------------
+            // 2) Altes PW prüfen
+            // -----------------------------------------------------
+            const valid = await bcrypt.compare(old_password, user.passwordHash)
+            if (!valid) {
+                //@ts-ignore
+                return reply.code(401).send({ error: "Old password incorrect" })
+            }
+
+            // -----------------------------------------------------
+            // 3) Neues PW hashen
+            // -----------------------------------------------------
+            const newHash = await bcrypt.hash(new_password, 10)
+
+            // -----------------------------------------------------
+            // 4) Updaten
+            // -----------------------------------------------------
+            await server.db
+                .update(authUsers)
+                .set({
+                    passwordHash: newHash,
+                    must_change_password: false,
+                    updatedAt: new Date(),
+                })
+                .where(eq(authUsers.id, userId))
+
+            return { success: true }
+
+        } catch (err) {
+            console.error("POST /auth/password/change ERROR:", err)
+            //@ts-ignore
+            return reply.code(500).send({ error: "Internal Server Error" })
+        }
+    })
+}