gg-backend/backend/src/controllers/auth.controller.js

import prisma from '../prisma/client.js';
import { generateToken } from '../utils/jwt.js';
import { hashPassword, comparePassword } from '../utils/password.js';

/**
 * REGISTER
 * POST /api/auth/register
 */
export async function register(req, res) {
	const { username, password, role } = req.body;

	if (!username || !password) {
		return res.status(400).json({ error: 'Username and password required' });
	}

	const existingUser = await prisma.user.findUnique({
		where: { username },
	});

	if (existingUser) {
		return res.status(409).json({ error: 'Username already exists' });
	}

	const hashedPassword = await hashPassword(password);

	const user = await prisma.user.create({
		data: {
			username,
			password: hashedPassword,
			role: role || 'admin',
		},
	});

	res.status(201).json({
		message: 'User registered successfully',
		user: {
			id: user.id,
			username: user.username,
			role: user.role,
		},
	});
}

/**
 * LOGIN
 * POST /api/auth/login
 */
export async function login(req, res) {
	const { username, password } = req.body;

	if (!username || !password) {
		return res.status(400).json({ error: 'Username and password required' });
	}

	const user = await prisma.user.findUnique({
		where: { username },
	});

	if (!user) {
		return res.status(401).json({ error: 'Invalid credentials' });
	}

	const isValid = await comparePassword(password, user.password);

	if (!isValid) {
		return res.status(401).json({ error: 'Invalid credentials' });
	}

	const token = generateToken({
		userId: user.id,
		username: user.username,
		role: user.role,
	});

	res.json({ token });
}