notyclaw
/
e-scooter-rental-system
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

更新 auth 路由 (2026-04-01)

This commit is contained in:
notyclaw 2026-04-01 20:01:23 +08:00
parent 2f050489af
commit 4359654d72
3 changed files with 14 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
server/routes/auth.js
View File

@ -16,17 +16,19 @@ const loginLimiter = rateLimit({
router.post('/login', loginLimiter, async (req, res) => {
try {
const { username, password } = req.body;
const trimmedUsername = username ? username.trim() : '';
const trimmedPassword = password ? password.trim() : '';
if (!username || !password) {
if (!trimmedUsername || !trimmedPassword) {
return res.status(400).json({ success: false, message: '用户名和密码不能为空' });
}
const user = await User.findOne({ username }).select('+password');
const user = await User.findOne({ username: trimmedUsername }).select('+password');
if (!user || user.status !== 'active') {
return res.status(401).json({ success: false, message: '用户名或密码错误' });
}
const isMatch = await comparePassword(password, user.password);
const isMatch = await comparePassword(trimmedPassword, user.password);
if (!isMatch) {
return res.status(401).json({ success: false, message: '用户名或密码错误' });
}

6
server/routes/riders.js
View File

@ -22,15 +22,17 @@ const loginLimiter = rateLimit({
router.post('/login', loginLimiter, validate(schemas.login), async (req, res) => {
try {
const { phone, password } = req.body;
const trimmedPhone = phone ? phone.trim() : '';
const trimmedPassword = password ? password.trim() : '';
// 用 select(false) 主动拉取 password 字段
const rider = await Rider.findOne({ phone }).select('+password');
const rider = await Rider.findOne({ phone: trimmedPhone }).select('+password');
if (!rider) {
return res.status(401).json({ success: false, message: '手机号或密码错误' });
}
// bcrypt 比对密码
const isMatch = await comparePassword(password, rider.password);
const isMatch = await comparePassword(trimmedPassword, rider.password);
if (!isMatch) {
return res.status(401).json({ success: false, message: '手机号或密码错误' });
}

8
server/routes/storeAuth.js
View File

@ -17,12 +17,14 @@ const loginLimiter = rateLimit({
router.post('/login', loginLimiter, async (req, res) => {
try {
const { username, password } = req.body;
if (!username || !password) {
const trimmedUsername = username ? username.trim() : '';
const trimmedPassword = password ? password.trim() : '';
if (!trimmedUsername || !trimmedPassword) {
return res.status(400).json({ success: false, message: '用户名和密码不能为空' });
}
// 从 User 表查 store 类型账号
const user = await User.findOne({ username, type: 'store' }).select('+password');
const user = await User.findOne({ username: trimmedUsername, type: 'store' }).select('+password');
// 查关联的门店
const Store = require('../models/Store');
const store = await Store.findOne({ storeId: user.storeId });
@ -30,7 +32,7 @@ router.post('/login', loginLimiter, async (req, res) => {
return res.status(401).json({ success: false, message: '用户名或密码错误' });
}
const isMatch = await comparePassword(password, user.password);
const isMatch = await comparePassword(trimmedPassword, user.password);
if (!isMatch) {
return res.status(401).json({ success: false, message: '用户名或密码错误' });
}