const express = require('express'); const jwt = require('jsonwebtoken'); const User = require('../models/User'); const router = express.Router(); /** * @route POST /api/auth/register * @desc Register a new user * @access Public */ router.post('/register', async (req, res) => { try { const { username, password, role } = req.body; // Check if user already exists const userExists = await User.findOne({ username }); if (userExists) { return res.status(400).json({ message: 'User already exists' }); } // Check if this is the very first user registering const userCount = await User.countDocuments(); let finalRole = 'Thành viên'; if (userCount === 0) { // First user to register in the system gets the supreme admin role finalRole = 'Chủ sở hữu'; } const user = new User({ username, password, role: finalRole }); await user.save(); res.status(201).json({ message: 'User registered successfully', user: { id: user._id, username: user.username, role: user.role } }); } catch (error) { res.status(500).json({ message: error.message }); } }); /** * @route POST /api/auth/login * @desc Authenticate user & get token * @access Public */ router.post('/login', async (req, res) => { try { const { username, password } = req.body; const user = await User.findOne({ username }); if (!user || !(await user.comparePassword(password))) { return res.status(401).json({ message: 'Invalid credentials' }); } // Generate JWT const token = jwt.sign( { id: user._id, role: user.role }, process.env.JWT_SECRET, { expiresIn: '30d' } ); res.json({ token, user: { id: user._id, username: user.username, role: user.role } }); } catch (error) { res.status(500).json({ message: error.message }); } }); module.exports = router;