openclaw/helpyourneighbour
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

auto(agent): improved error handling and validation in auth.js

Browse source
This commit is contained in:
OpenClaw 2026-03-06 17:27:33 +00:00
parent 2d24125498
commit fe6c17309a
1 changed files with 45 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

61
backend/src/routes/auth.js
View file

@ -12,14 +12,24 @@ const registerSchema = z.object({
displayName: z.string().min(2).max(120)
});
const loginSchema = z.object({
email: z.string().email(),
password: z.string().min(1)
});
router.post('/register', async (req, res) => {
const parsed = registerSchema.safeParse(req.body);
if (!parsed.success) return res.status(400).json({ error: parsed.error.flatten() });
const { email, password, displayName } = parsed.data;
const passwordHash = await bcrypt.hash(password, 12);
try {
const parsed = registerSchema.safeParse(req.body);
if (!parsed.success) {
return res.status(400).json({
error: 'Validation failed',
details: parsed.error.flatten()
});
}
const { email, password, displayName } = parsed.data;
const passwordHash = await bcrypt.hash(password, 12);
const [result] = await pool.query(
'INSERT INTO users (email, password_hash, display_name) VALUES (?, ?, ?)',
[email, passwordHash, displayName]
@ -28,26 +38,43 @@ router.post('/register', async (req, res) => {
const token = jwt.sign({ userId: result.insertId, email }, process.env.JWT_SECRET, { expiresIn: '7d' });
return res.status(201).json({ token });
} catch (err) {
if (err.code === 'ER_DUP_ENTRY') return res.status(409).json({ error: 'Email already exists' });
console.error('Registration error:', err);
if (err.code === 'ER_DUP_ENTRY') {
return res.status(409).json({ error: 'Email already exists' });
}
return res.status(500).json({ error: 'Registration failed' });
}
});
router.post('/login', async (req, res) => {
const parsed = z.object({ email: z.string().email(), password: z.string().min(1) }).safeParse(req.body);
if (!parsed.success) return res.status(400).json({ error: parsed.error.flatten() });
try {
const parsed = loginSchema.safeParse(req.body);
if (!parsed.success) {
return res.status(400).json({
error: 'Validation failed',
details: parsed.error.flatten()
});
}
const { email, password } = parsed.data;
const [rows] = await pool.query('SELECT id, email, password_hash FROM users WHERE email = ? LIMIT 1', [email]);
const user = rows[0];
const { email, password } = parsed.data;
const [rows] = await pool.query('SELECT id, email, password_hash FROM users WHERE email = ? LIMIT 1', [email]);
const user = rows[0];
if (!user) return res.status(401).json({ error: 'Invalid credentials' });
if (!user) {
return res.status(401).json({ error: 'Invalid credentials' });
}
const ok = await bcrypt.compare(password, user.password_hash);
if (!ok) return res.status(401).json({ error: 'Invalid credentials' });
const ok = await bcrypt.compare(password, user.password_hash);
if (!ok) {
return res.status(401).json({ error: 'Invalid credentials' });
}
const token = jwt.sign({ userId: user.id, email: user.email }, process.env.JWT_SECRET, { expiresIn: '7d' });
return res.json({ token });
const token = jwt.sign({ userId: user.id, email: user.email }, process.env.JWT_SECRET, { expiresIn: '7d' });
return res.json({ token });
} catch (err) {
console.error('Login error:', err);
return res.status(500).json({ error: 'Login failed' });
}
});
export default router;