OwlCyberSecurity - MANAGER

Edit File: authController.mjs

import bcrypt from 'bcrypt';
import jwt from 'jsonwebtoken';
import Employee from '../models/employee.mjs'

export const getCaptcha = (req, res) => {
  const num1 = Math.floor(Math.random() * 10) + 1; // 1 to 10
  const num2 = Math.floor(Math.random() * 10) + 1;
  const question = `${num1} + ${num2}`;
  const answer = num1 + num2;

req.session.captcha = answer; // Store the correct answer in session

res.json({ question }); // Send question as text
};

export const loginUser = async (req, res) => {
  console.log('ЁЯзк loginUser called with:', req.body); // confirm execution

const { EmpNo, password, captcha } = req.body;

if (parseInt(captcha) !== req.session.captcha) {
    return res.status(400).json({ message: 'Invalid captcha answer' });
  }

try {
    const user = await Employee.findOne({ where: { EmpNo } });

if (!user) {
      return res.status(404).json({ message: 'Employee not found' });
    }

console.log('🔍 Checking password for user:', user.EmpNo);
console.log('🔑 Hashed password from DB:', user.password);

const isMatch = await bcrypt.compare(password, user.password);

if (!isMatch) {
      return res.status(401).json({ message: 'Incorrect password' });
    }

const token = jwt.sign(
      {
        empNo: user.EmpNo,
        role: user.role,
      },
      process.env.JWT_SECRET,
      { expiresIn: '1d' }
    );

console.log('🔐 Token generated:', token);

return res.json({
      message: 'Login successful',
      role: user.role,
      EmpNo: user.EmpNo,
      token,
    });

} catch (err) {
      console.error('❌ Login error:', err.message);
        console.error('❌ Stack:', err.stack);
    return res.status(500).json({ message: 'Server error' });
  }
};