feat: login unificado BI-CCC com deteccao automatica de role

- Adiciona coluna 'role' na tabela agentes (agente|admin) - Migra admins existentes para tabela agentes com role='admin' - Unifica login em /login com redirect baseado em role - Sessao unificada req.session.user com {id, email, nome, role, agente_id} - Middleware requireRole() para proteger rotas por role - Admin panel com selector de role ao criar/editar usuarios - Atualiza branding para "BI - CCC" com logo CambioReal - Redirects: /admin/login -> /login, /admin/logout -> /logout Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-08 13:03:52 -05:00
parent 39900c3fe8
commit be2b090ddc
9 changed files with 2710 additions and 96 deletions
--- a/src/admin-auth.js
+++ b/src/admin-auth.js
@@ -0,0 +1,37 @@
+/**
+ * Admin Authentication - login/logout with bcrypt + express-session
+ */
+const bcrypt = require('bcrypt');
+const db = require('./db-local');
+
+const SALT_ROUNDS = 10;
+
+async function createAdmin(email, senha, nome) {
+  const hash = await bcrypt.hash(senha, SALT_ROUNDS);
+  return db.prepare(
+    'INSERT INTO admins (email, senha_hash, nome) VALUES (?, ?, ?)'
+  ).run(email, hash, nome);
+}
+
+async function authenticateAdmin(email, senha) {
+  const row = db.prepare(
+    'SELECT * FROM admins WHERE email = ?'
+  ).get(email);
+  if (!row) return null;
+  const match = await bcrypt.compare(senha, row.senha_hash);
+  return match ? row : null;
+}
+
+function requireAdmin(req, res, next) {
+  if (req.session && req.session.admin) return next();
+  res.redirect('/admin/login');
+}
+
+async function updateAdminPassword(id, novaSenha) {
+  const hash = await bcrypt.hash(novaSenha, SALT_ROUNDS);
+  return db.prepare(
+    'UPDATE admins SET senha_hash = ? WHERE id = ?'
+  ).run(hash, id);
+}
+
+module.exports = { createAdmin, authenticateAdmin, requireAdmin, updateAdminPassword };