sync

app/api/auth/login/route.ts

@@ -0,0 +1,74 @@
+import { NextRequest, NextResponse } from 'next/server'
+import pool from '@/lib/db'
+import bcrypt from 'bcrypt'
+
+// POST /api/auth/login - Login with username and password
+export async function POST(request: NextRequest) {
+  try {
+    const body = await request.json()
+    const { username, password } = body
+
+    // Validate required fields
+    if (!username || !password) {
+      return NextResponse.json(
+        { error: 'Username and password are required' },
+        { status: 400 }
+      )
+    }
+
+    // Find user by username
+    const [rows] = await pool.execute(
+      'SELECT * FROM buyers WHERE username = ?',
+      [username]
+    )
+
+    const buyers = rows as any[]
+    if (buyers.length === 0) {
+      return NextResponse.json(
+        { error: 'Invalid username or password' },
+        { status: 401 }
+      )
+    }
+
+    const buyer = buyers[0]
+
+    // Verify password
+    const isValidPassword = await bcrypt.compare(password, buyer.password)
+    if (!isValidPassword) {
+      return NextResponse.json(
+        { error: 'Invalid username or password' },
+        { status: 401 }
+      )
+    }
+
+    // Create session cookie
+    const response = NextResponse.json(
+      {
+        user: {
+          id: buyer.id,
+          username: buyer.username,
+          email: buyer.email,
+        },
+      },
+      { status: 200 }
+    )
+
+    // Set secure cookie with buyer_id
+    response.cookies.set('buyer_id', buyer.id.toString(), {
+      httpOnly: true,
+      secure: process.env.NODE_ENV === 'production',
+      sameSite: 'lax',
+      maxAge: 60 * 60 * 24 * 7, // 7 days
+      path: '/',
+    })
+
+    return response
+  } catch (error) {
+    console.error('Error during login:', error)
+    return NextResponse.json(
+      { error: 'Failed to login' },
+      { status: 500 }
+    )
+  }
+}
+

app/api/auth/logout/route.ts

@@ -0,0 +1,18 @@
+import { NextResponse } from 'next/server'
+
+// POST /api/auth/logout - Logout and clear session
+export async function POST() {
+  const response = NextResponse.json({ success: true }, { status: 200 })
+
+  // Clear the session cookie
+  response.cookies.set('buyer_id', '', {
+    httpOnly: true,
+    secure: process.env.NODE_ENV === 'production',
+    sameSite: 'lax',
+    maxAge: 0,
+    path: '/',
+  })
+
+  return response
+}
+

app/api/auth/register/route.ts

@@ -0,0 +1,117 @@
+import { NextRequest, NextResponse } from 'next/server'
+import pool from '@/lib/db'
+import bcrypt from 'bcrypt'
+
+// POST /api/auth/register - Register a new buyer
+export async function POST(request: NextRequest) {
+  try {
+    const body = await request.json()
+    const { username, password, email } = body
+
+    // Validate required fields
+    if (!username || !password || !email) {
+      return NextResponse.json(
+        { error: 'Username, password, and email are required' },
+        { status: 400 }
+      )
+    }
+
+    // Validate username length
+    if (username.length < 3) {
+      return NextResponse.json(
+        { error: 'Username must be at least 3 characters' },
+        { status: 400 }
+      )
+    }
+
+    // Validate password length
+    if (password.length < 6) {
+      return NextResponse.json(
+        { error: 'Password must be at least 6 characters' },
+        { status: 400 }
+      )
+    }
+
+    // Validate email format
+    const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/
+    if (!emailRegex.test(email)) {
+      return NextResponse.json(
+        { error: 'Invalid email format' },
+        { status: 400 }
+      )
+    }
+
+    // Check if username already exists
+    const [existingUsername] = await pool.execute(
+      'SELECT id FROM buyers WHERE username = ?',
+      [username]
+    )
+    if ((existingUsername as any[]).length > 0) {
+      return NextResponse.json(
+        { error: 'Username already exists' },
+        { status: 400 }
+      )
+    }
+
+    // Check if email already exists
+    const [existingEmail] = await pool.execute(
+      'SELECT id FROM buyers WHERE email = ?',
+      [email]
+    )
+    if ((existingEmail as any[]).length > 0) {
+      return NextResponse.json(
+        { error: 'Email already exists' },
+        { status: 400 }
+      )
+    }
+
+    // Hash password
+    const hashedPassword = await bcrypt.hash(password, 10)
+
+    // Insert new buyer
+    const [result] = await pool.execute(
+      'INSERT INTO buyers (username, password, email) VALUES (?, ?, ?)',
+      [username, hashedPassword, email]
+    )
+
+    const insertId = (result as any).insertId
+
+    // Fetch the created buyer (without password)
+    const [rows] = await pool.execute(
+      'SELECT id, username, email FROM buyers WHERE id = ?',
+      [insertId]
+    )
+
+    const buyer = (rows as any[])[0]
+
+    // Create session cookie
+    const response = NextResponse.json(
+      {
+        user: {
+          id: buyer.id,
+          username: buyer.username,
+          email: buyer.email,
+        },
+      },
+      { status: 201 }
+    )
+
+    // Set secure cookie with buyer_id
+    response.cookies.set('buyer_id', buyer.id.toString(), {
+      httpOnly: true,
+      secure: process.env.NODE_ENV === 'production',
+      sameSite: 'lax',
+      maxAge: 60 * 60 * 24 * 7, // 7 days
+      path: '/',
+    })
+
+    return response
+  } catch (error) {
+    console.error('Error during registration:', error)
+    return NextResponse.json(
+      { error: 'Failed to register' },
+      { status: 500 }
+    )
+  }
+}
+

app/api/auth/session/route.ts

@@ -0,0 +1,22 @@
+import { NextResponse } from 'next/server'
+import { getCurrentUser } from '@/lib/auth'
+
+// GET /api/auth/session - Get current session/user
+export async function GET() {
+  try {
+    const user = await getCurrentUser()
+
+    if (!user) {
+      return NextResponse.json({ user: null }, { status: 200 })
+    }
+
+    return NextResponse.json({ user }, { status: 200 })
+  } catch (error) {
+    console.error('Error getting session:', error)
+    return NextResponse.json(
+      { error: 'Failed to get session' },
+      { status: 500 }
+    )
+  }
+}
+