be2b090ddc
- Adiciona coluna 'role' na tabela agentes (agente|admin)
- Migra admins existentes para tabela agentes com role='admin'
- Unifica login em /login com redirect baseado em role
- Sessao unificada req.session.user com {id, email, nome, role, agente_id}
- Middleware requireRole() para proteger rotas por role
- Admin panel com selector de role ao criar/editar usuarios
- Atualiza branding para "BI - CCC" com logo CambioReal
- Redirects: /admin/login -> /login, /admin/logout -> /logout
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
38 lines
1.0 KiB
JavaScript
38 lines
1.0 KiB
JavaScript
/**
|
|
* Admin Authentication - login/logout with bcrypt + express-session
|
|
*/
|
|
const bcrypt = require('bcrypt');
|
|
const db = require('./db-local');
|
|
|
|
const SALT_ROUNDS = 10;
|
|
|
|
async function createAdmin(email, senha, nome) {
|
|
const hash = await bcrypt.hash(senha, SALT_ROUNDS);
|
|
return db.prepare(
|
|
'INSERT INTO admins (email, senha_hash, nome) VALUES (?, ?, ?)'
|
|
).run(email, hash, nome);
|
|
}
|
|
|
|
async function authenticateAdmin(email, senha) {
|
|
const row = db.prepare(
|
|
'SELECT * FROM admins WHERE email = ?'
|
|
).get(email);
|
|
if (!row) return null;
|
|
const match = await bcrypt.compare(senha, row.senha_hash);
|
|
return match ? row : null;
|
|
}
|
|
|
|
function requireAdmin(req, res, next) {
|
|
if (req.session && req.session.admin) return next();
|
|
res.redirect('/admin/login');
|
|
}
|
|
|
|
async function updateAdminPassword(id, novaSenha) {
|
|
const hash = await bcrypt.hash(novaSenha, SALT_ROUNDS);
|
|
return db.prepare(
|
|
'UPDATE admins SET senha_hash = ? WHERE id = ?'
|
|
).run(hash, id);
|
|
}
|
|
|
|
module.exports = { createAdmin, authenticateAdmin, requireAdmin, updateAdminPassword };
|