OwlCyberSecurity - MANAGER

Edit File: auth.controller.js

import bcrypt from 'bcrypt';
import pool from '../db.js'; // this must be a pool created using createPool()

export const loginUser = async (req, res) => {
  const { username, password } = req.body;

try {
    const conn = await pool.getConnection(); // ✅ use getConnection from the pool
    const [rows] = await conn.execute('SELECT * FROM login WHERE username = ?', [username]);
    conn.release(); // ✅ release the connection back to the pool

if (rows.length === 0) {
      return res.status(401).json({ message: 'Invalid credentials' });
    }

const user = rows[0];
    const match = await bcrypt.compare(password, user.password);

if (!match) {
      return res.status(401).json({ message: 'Invalid credentials' });
    }

return res.json({
      message: 'Login successful',
      user: { id: user.id, username: user.username, role: user.role }
    });
  } catch (err) {
    console.error('Login error:', err);
    return res.status(500).json({ message: 'Server error' });
  }
};