81 lines
2.3 KiB
JavaScript
81 lines
2.3 KiB
JavaScript
const User = require('../../models/User');
|
|
const bcrypt = require('bcryptjs');
|
|
|
|
// 注册
|
|
exports.register = async (req, res) => {
|
|
const { username, password } = req.body;
|
|
if (!username || !password) {
|
|
return res.render('user/register', { error: '用户名和密码不能为空' });
|
|
}
|
|
const exist = await User.findOne({ username });
|
|
if (exist) {
|
|
return res.render('user/register', { error: '用户名已存在' });
|
|
}
|
|
const hash = await bcrypt.hash(password, 10);
|
|
const user = new User({ username, password: hash });
|
|
await user.save();
|
|
res.redirect('/login');
|
|
};
|
|
|
|
// 登录
|
|
exports.login = async (req, res) => {
|
|
const { username, password } = req.body;
|
|
const user = await User.findOne({ username });
|
|
if (!user) {
|
|
return res.render('user/login', { error: '用户不存在' });
|
|
}
|
|
if (user.status === 'frozen') {
|
|
return res.render('user/login', { error: '账号已被冻结' });
|
|
}
|
|
const match = await bcrypt.compare(password, user.password);
|
|
if (!match) {
|
|
return res.render('user/login', { error: '密码错误' });
|
|
}
|
|
req.session.user = {
|
|
_id: user._id,
|
|
username: user.username,
|
|
role: user.role
|
|
};
|
|
if (username === 'admin') {
|
|
// 跳转到后台管理页面
|
|
return res.redirect('/admin');
|
|
}
|
|
|
|
res.redirect('/');
|
|
};
|
|
|
|
// 登出
|
|
exports.logout = (req, res) => {
|
|
req.session.destroy(() => {
|
|
res.redirect('/login');
|
|
});
|
|
};
|
|
|
|
// 修改密码
|
|
exports.changePassword = async (req, res) => {
|
|
if (!req.session.user) {
|
|
return res.status(401).json({ success: false, message: '请先登录' });
|
|
}
|
|
const { oldPassword, newPassword } = req.body;
|
|
if (!oldPassword || !newPassword) {
|
|
return res.json({ success: false, message: '参数不完整' });
|
|
}
|
|
try {
|
|
const user = await User.findById(req.session.user._id);
|
|
if (!user) {
|
|
return res.json({ success: false, message: '用户不存在' });
|
|
}
|
|
const match = await bcrypt.compare(oldPassword, user.password);
|
|
if (!match) {
|
|
return res.json({ success: false, message: '原密码错误' });
|
|
}
|
|
const hash = await bcrypt.hash(newPassword, 10);
|
|
user.password = hash;
|
|
await user.save();
|
|
res.json({ success: true });
|
|
} catch (err) {
|
|
console.error('修改密码失败:', err);
|
|
res.status(500).json({ success: false, message: '服务器错误' });
|
|
}
|
|
};
|