"use strict"; var __importDefault = (this && this.__importDefault) || function (mod) { return (mod && mod.__esModule) ? mod : { "default": mod }; }; Object.defineProperty(exports, "__esModule", { value: true }); const express_1 = require("express"); const bcryptjs_1 = __importDefault(require("bcryptjs")); const jsonwebtoken_1 = __importDefault(require("jsonwebtoken")); const index_1 = require("../index"); const router = (0, express_1.Router)(); const JWT_SECRET = process.env.JWT_SECRET || 'treasure-trails-secret-key'; router.post('/register', async (req, res) => { try { const { email, password, name, inviteCode } = req.body; if (!email || !password || !name) { return res.status(400).json({ error: 'Email, password, and name are required' }); } const settings = await index_1.prisma.systemSettings.findUnique({ where: { id: 'default' } }); const isBanned = await index_1.prisma.bannedEmail.findUnique({ where: { email: email.toLowerCase() } }); if (isBanned) { return res.status(403).json({ error: 'This email is not allowed to register' }); } if (settings && !settings.registrationEnabled) { if (!inviteCode || settings.inviteCode !== inviteCode) { return res.status(403).json({ error: 'Registration is currently closed. An invite code may be required.' }); } } const existingUser = await index_1.prisma.user.findUnique({ where: { email } }); if (existingUser) { return res.status(400).json({ error: 'Email already registered' }); } const passwordHash = await bcryptjs_1.default.hash(password, 10); const userCount = await index_1.prisma.user.count(); const isFirstUser = userCount === 0; const user = await index_1.prisma.user.create({ data: { email, passwordHash, name, isAdmin: isFirstUser } }); const token = jsonwebtoken_1.default.sign({ userId: user.id }, JWT_SECRET, { expiresIn: '7d' }); res.json({ token, user: { id: user.id, email: user.email, name: user.name, isAdmin: user.isAdmin } }); } catch (error) { console.error('Register error:', error); res.status(500).json({ error: 'Failed to register' }); } }); router.post('/login', async (req, res) => { try { const { email, password } = req.body; if (!email || !password) { return res.status(400).json({ error: 'Email and password are required' }); } const user = await index_1.prisma.user.findUnique({ where: { email } }); if (!user) { return res.status(401).json({ error: 'Invalid credentials' }); } const validPassword = await bcryptjs_1.default.compare(password, user.passwordHash); if (!validPassword) { return res.status(401).json({ error: 'Invalid credentials' }); } const token = jsonwebtoken_1.default.sign({ userId: user.id }, JWT_SECRET, { expiresIn: '7d' }); res.json({ token, user: { id: user.id, email: user.email, name: user.name, isAdmin: user.isAdmin } }); } catch (error) { console.error('Login error:', error); res.status(500).json({ error: 'Failed to login' }); } }); router.get('/registration-status', async (req, res) => { try { const settings = await index_1.prisma.systemSettings.findUnique({ where: { id: 'default' } }); res.json({ enabled: !settings || settings.registrationEnabled }); } catch (error) { res.json({ enabled: true }); } }); router.get('/me', async (req, res) => { try { const authHeader = req.headers.authorization; if (!authHeader || !authHeader.startsWith('Bearer ')) { return res.status(401).json({ error: 'No token provided' }); } const token = authHeader.split(' ')[1]; const decoded = jsonwebtoken_1.default.verify(token, JWT_SECRET); const user = await index_1.prisma.user.findUnique({ where: { id: decoded.userId }, select: { id: true, email: true, name: true, isAdmin: true, isApiEnabled: true, createdAt: true } }); if (!user) { return res.status(401).json({ error: 'User not found' }); } res.json(user); } catch { res.status(401).json({ error: 'Invalid token' }); } }); exports.default = router;