initialize git, basic setup for crm

src/controllers/auth.controller.js

@@ -0,0 +1,204 @@
+import * as authService from '../services/auth.service.js';
+import {
+  logLoginAttempt,
+  logPasswordChange,
+  logEmailLink,
+} from '../services/audit.service.js';
+import { formatErrorResponse } from '../utils/errors.js';
+
+/**
+ * KROK 1: Login s temporary password
+ * POST /api/auth/login
+ */
+export const login = async (req, res) => {
+  const { username, password } = req.body;
+  const ipAddress = req.ip || req.connection.remoteAddress;
+  const userAgent = req.headers['user-agent'];
+
+  try {
+    const result = await authService.loginWithTempPassword(
+      username,
+      password,
+      ipAddress,
+      userAgent
+    );
+
+    // Log successful login
+    await logLoginAttempt(username, true, ipAddress, userAgent);
+
+    // Nastav cookie s access tokenom (httpOnly, secure)
+    res.cookie('accessToken', result.tokens.accessToken, {
+      httpOnly: true,
+      secure: process.env.NODE_ENV === 'production',
+      sameSite: 'strict',
+      maxAge: 60 * 60 * 1000, // 1 hodina
+    });
+
+    res.cookie('refreshToken', result.tokens.refreshToken, {
+      httpOnly: true,
+      secure: process.env.NODE_ENV === 'production',
+      sameSite: 'strict',
+      maxAge: 7 * 24 * 60 * 60 * 1000, // 7 dní
+    });
+
+    res.status(200).json({
+      success: true,
+      data: {
+        user: result.user,
+        tokens: result.tokens,
+        needsPasswordChange: result.needsPasswordChange,
+        needsEmailSetup: result.needsEmailSetup,
+      },
+      message: 'Prihlásenie úspešné',
+    });
+  } catch (error) {
+    // Log failed login
+    await logLoginAttempt(username, false, ipAddress, userAgent, error.message);
+
+    const errorResponse = formatErrorResponse(error, process.env.NODE_ENV === 'development');
+    res.status(error.statusCode || 500).json(errorResponse);
+  }
+};
+
+/**
+ * KROK 2: Nastavenie nového hesla
+ * POST /api/auth/set-password
+ * Requires: authentication
+ */
+export const setPassword = async (req, res) => {
+  const { newPassword } = req.body;
+  const userId = req.userId;
+  const ipAddress = req.ip || req.connection.remoteAddress;
+  const userAgent = req.headers['user-agent'];
+
+  try {
+    const result = await authService.setNewPassword(userId, newPassword);
+
+    // Log password change
+    await logPasswordChange(userId, ipAddress, userAgent);
+
+    res.status(200).json({
+      success: true,
+      data: result,
+      message: 'Heslo úspešne nastavené',
+    });
+  } catch (error) {
+    const errorResponse = formatErrorResponse(error, process.env.NODE_ENV === 'development');
+    res.status(error.statusCode || 500).json(errorResponse);
+  }
+};
+
+/**
+ * KROK 3: Pripojenie emailu s JMAP validáciou
+ * POST /api/auth/link-email
+ * Requires: authentication
+ */
+export const linkEmail = async (req, res) => {
+  const { email, emailPassword } = req.body;
+  const userId = req.userId;
+  const ipAddress = req.ip || req.connection.remoteAddress;
+  const userAgent = req.headers['user-agent'];
+
+  try {
+    const result = await authService.linkEmail(userId, email, emailPassword);
+
+    // Log email link
+    await logEmailLink(userId, email, ipAddress, userAgent);
+
+    res.status(200).json({
+      success: true,
+      data: {
+        email,
+        accountId: result.accountId,
+      },
+      message: 'Email účet úspešne pripojený a overený',
+    });
+  } catch (error) {
+    const errorResponse = formatErrorResponse(error, process.env.NODE_ENV === 'development');
+    res.status(error.statusCode || 500).json(errorResponse);
+  }
+};
+
+/**
+ * KROK 3 (alternatíva): Skip email setup
+ * POST /api/auth/skip-email
+ * Requires: authentication
+ */
+export const skipEmail = async (req, res) => {
+  const userId = req.userId;
+
+  try {
+    const result = await authService.skipEmailSetup(userId);
+
+    res.status(200).json({
+      success: true,
+      data: result,
+      message: 'Email setup preskočený',
+    });
+  } catch (error) {
+    const errorResponse = formatErrorResponse(error, process.env.NODE_ENV === 'development');
+    res.status(error.statusCode || 500).json(errorResponse);
+  }
+};
+
+/**
+ * Logout
+ * POST /api/auth/logout
+ * Requires: authentication
+ */
+export const logout = async (req, res) => {
+  try {
+    const result = await authService.logout();
+
+    // Vymaž cookies
+    res.clearCookie('accessToken');
+    res.clearCookie('refreshToken');
+
+    res.status(200).json({
+      success: true,
+      message: result.message,
+    });
+  } catch (error) {
+    const errorResponse = formatErrorResponse(error, process.env.NODE_ENV === 'development');
+    res.status(error.statusCode || 500).json(errorResponse);
+  }
+};
+
+/**
+ * Získanie aktuálnej session info
+ * GET /api/auth/session
+ * Requires: authentication
+ */
+export const getSession = async (req, res) => {
+  try {
+    res.status(200).json({
+      success: true,
+      data: {
+        user: req.user,
+        authenticated: true,
+      },
+    });
+  } catch (error) {
+    const errorResponse = formatErrorResponse(error, process.env.NODE_ENV === 'development');
+    res.status(error.statusCode || 500).json(errorResponse);
+  }
+};
+
+/**
+ * Profil aktuálneho usera
+ * GET /api/auth/me
+ * Requires: authentication
+ */
+export const getMe = async (req, res) => {
+  try {
+    res.status(200).json({
+      success: true,
+      data: {
+        user: req.user,
+      },
+    });
+  } catch (error) {
+    const errorResponse = formatErrorResponse(error, process.env.NODE_ENV === 'development');
+    res.status(error.statusCode || 500).json(errorResponse);
+  }
+};