Fixed multiple bugs

backend/services/authService.js

@@ -1,6 +1,7 @@
 import bcrypt from 'bcrypt';
 import jwt from 'jsonwebtoken';
 import User from '../models/User.js';
+import UserToken from '../models/UserToken.js';
 import { sendActivationEmail } from './emailService.js';
 
 const register = async (email, password) => {
@@ -25,22 +26,28 @@ const activateUser = async (activationCode) => {
 };
 
 const login = async (email, password) => {
+  if (!email || !password) {
+    throw { status: 400, message: 'Email und Passwort sind erforderlich.' };
+  }
   const user = await User.findOne({ where: { email } });
-  if (!user || !user.isActive) throw new Error('Invalid email or password.');
-  const isPasswordValid = await bcrypt.compare(password, user.password);
-  if (!isPasswordValid) throw new Error('Invalid email or password!');
-  const token = jwt.sign({ userId: user.hashedId }, process.env.JWT_SECRET, { expiresIn: '1h' });
-  user.authCode = token;
-  await user.save();
+  if (!user || !(await bcrypt.compare(password, user.password))) {
+    throw { status: 401, message: 'Ungültige Anmeldedaten' };
+  }
+  const token = jwt.sign({ userId: user.id }, process.env.JWT_SECRET, { expiresIn: '1h' });
+  await UserToken.create({
+    userId: user.id,
+    token,
+    expiresAt: new Date(Date.now() + 3600 * 1000),
+  });
   return { token };
 };
 
-const logout = async(userId, authToken) => {
-  const user = await User.findOne({ where: { id: userId, authToken: authToken }});
-  if (!user) {
-    throw new Error('not found');
+const logout = async (token) => {
+  if (!token) {
+    throw { status: 400, message: 'Token fehlt' };
   }
-  user.update({ authToken: null });
-}
+  await UserToken.destroy({ where: { token } });
+  return { message: 'Logout erfolgreich' };
+};
 
 export { register, activateUser, login, logout };