/ var / www / html / cqt / server / routes / [ HOME SHELL ]

Name	Size	Permission
auth.js	2.8 KB	-rw-r--r--
courses.js	5.97 KB	-rw-r--r--
labs.js	9.38 KB	-rw-r--r--
news.js	6.1 KB	-rw-r--r--
publications.js	8.21 KB	-rw-r--r--
rebuild.js	1.09 KB	-rw-r--r--
research.js	6.83 KB	-rw-r--r--
team.js	6.52 KB	-rw-r--r--
workshops.js	6.01 KB	-rw-r--r--

Code Editor : auth.js

const express = require('express');
const router = express.Router();
const bcrypt = require('bcryptjs');
const jwt = require('jsonwebtoken');
const { body, validationResult } = require('express-validator');

// @route   POST /api/auth/login
// @desc    Login admin user
// @access  Public
router.post('/login', [
  body('username').trim().notEmpty().withMessage('Username is required'),
  body('password').notEmpty().withMessage('Password is required')
], async (req, res) => {
  try {
    // Validate input
    const errors = validationResult(req);
    if (!errors.isEmpty()) {
      return res.status(400).json({ error: 'Please provide username and password' });
    }

const { username, password } = req.body;

// Check credentials against environment variables
    const validUsername = process.env.ADMIN_USERNAME;
    const validPasswordHash = process.env.ADMIN_PASSWORD;

if (!validUsername || !validPasswordHash) {
      console.error('ADMIN_USERNAME or ADMIN_PASSWORD not set in environment');
      return res.status(500).json({ error: 'Server configuration error' });
    }

if (username !== validUsername) {
      return res.status(401).json({ error: 'Invalid credentials' });
    }

// Check if password is hashed (starts with $2b$ for bcrypt)
    let isValidPassword = false;
    if (validPasswordHash.startsWith('$2b$') || validPasswordHash.startsWith('$2a$')) {
      // Compare with hashed password
      isValidPassword = await bcrypt.compare(password, validPasswordHash);
    } else {
      // Fallback to plain text comparison (for backward compatibility)
      // This should be removed after updating the .env file
      console.warn('⚠️  WARNING: Using plain text password comparison. Please hash your ADMIN_PASSWORD!');
      isValidPassword = password === validPasswordHash;
    }

if (!isValidPassword) {
      return res.status(401).json({ error: 'Invalid credentials' });
    }

// Create JWT token
    const payload = {
      username: username,
      role: 'admin'
    };

const token = jwt.sign(
      payload,
      process.env.JWT_SECRET,
      { expiresIn: '24h' }
    );

res.json({
      success: true,
      token,
      user: {
        username,
        role: 'admin'
      }
    });
  } catch (error) {
    console.error('Login error:', error);
    res.status(500).json({ error: 'Server error' });
  }
});

// @route   POST /api/auth/verify
// @desc    Verify token
// @access  Public
router.post('/verify', (req, res) => {
  try {
    const token = req.header('Authorization')?.replace('Bearer ', '');

if (!token) {
      return res.status(401).json({ valid: false });
    }

const decoded = jwt.verify(token, process.env.JWT_SECRET);
    res.json({ valid: true, user: decoded });
  } catch (error) {
    res.status(401).json({ valid: false });
  }
});

module.exports = router;

Urban Research Lab

The Urban Research Lab (URL) at IIIT-Delhi was established in 2020, during a time when the pandemic brought the complexities of urban life more visible than ever. What started as an initiative by faculty and students has grown into a collaborative space for critically exploring and reimagining the urban questions through research, dialogue, and interdisciplinary engagement.

${this.title}

Code Editor : auth.js

Urban Research Lab