From 779a660988a12f875533e30b464371252a38a3ae Mon Sep 17 00:00:00 2001
From: Cay <cay@joksch.ch>
Date: Thu, 19 Feb 2026 08:21:57 +0000
Subject: [PATCH] Login Probleme

---
 app.js                       | 60 +++++++++++++++++++++---------------
 middleware/authMiddleware.js |  8 ++---
 routes/auth.js               | 44 +++++++++++++++-----------
 3 files changed, 66 insertions(+), 46 deletions(-)

diff --git a/app.js b/app.js
index c5e42c2..da97d7e 100644
--- a/app.js
+++ b/app.js
@@ -1,34 +1,46 @@
-require('dotenv').config(); 
-const express = require('express');
-const session = require('express-session');
-const bodyParser = require('body-parser');
-
-const authRoutes = require('./routes/auth');
-const userRoutes = require('./routes/users');
-const widerrufRoutes = require('./routes/widerruf');
+require("dotenv").config();
+const express = require("express");
+const session = require("express-session");
 
+const authRoutes = require("./routes/auth");
+const userRoutes = require("./routes/users");
+const widerrufRoutes = require("./routes/widerruf");
 
 const app = express();
-app.use(express.static('public'));
-app.set('view engine', 'ejs');
-app.use(bodyParser.urlencoded({ extended: false }));
 
-app.use(session({
-    secret: 'plusfit_secret_key',
+// Body Parser (modern)
+app.use(express.urlencoded({ extended: false }));
+app.use(express.json());
+
+// Session MUSS vor den Routen
+app.use(
+  session({
+    name: "plusfit.sid", // eigener Cookie-Name
+    secret: "plusfit_secret_key",
     resave: false,
-    saveUninitialized: false
-}));
+    saveUninitialized: false,
+    cookie: {
+      httpOnly: true,
+      secure: false, // true nur bei https
+      maxAge: 1000 * 60 * 60 * 2, // 2h
+    },
+  }),
+);
 
-app.use('/', authRoutes);
-app.use('/users', userRoutes);
-app.use('/sepa', require('./routes/sepa'));
-app.use('/sepa', require('./routes/sepaExport'));
-app.use('/contracts', require('./routes/contracts'));
-app.use('/register', require('./routes/register'));
-app.use('/company', require('./routes/company'));
-app.use('/widerruf', widerrufRoutes);
+// Static + Views
+app.use(express.static("public"));
+app.set("view engine", "ejs");
 
+// Routes NACH Session
+app.use("/", authRoutes);
+app.use("/users", userRoutes);
+app.use("/sepa", require("./routes/sepa"));
+app.use("/sepa", require("./routes/sepaExport"));
+app.use("/contracts", require("./routes/contracts"));
+app.use("/register", require("./routes/register"));
+app.use("/company", require("./routes/company"));
+app.use("/widerruf", widerrufRoutes);
 
 app.listen(3005, () => {
-    console.log('Plusfit läuft auf http://localhost:3005');
+  console.log("Plusfit läuft auf http://localhost:3005");
 });
diff --git a/middleware/authMiddleware.js b/middleware/authMiddleware.js
index 52eb06e..607314f 100644
--- a/middleware/authMiddleware.js
+++ b/middleware/authMiddleware.js
@@ -1,6 +1,6 @@
 module.exports = (req, res, next) => {
-    if (!req.session.loggedIn) {
-        return res.redirect('/');
-    }
-    next();
+  if (!req.session.loggedIn) {
+    return res.redirect("/");
+  }
+  next();
 };
diff --git a/routes/auth.js b/routes/auth.js
index 3a8c5a8..39baa39 100644
--- a/routes/auth.js
+++ b/routes/auth.js
@@ -1,32 +1,40 @@
-const express = require('express');
-const bcrypt = require('bcrypt');
-const Database = require('better-sqlite3');
+const express = require("express");
+const bcrypt = require("bcrypt");
+const Database = require("better-sqlite3");
 
-const db = new Database('plusfit.db');
+const db = new Database("plusfit.db");
 const router = express.Router();
 
-router.get('/', (req, res) => {
-    res.render('login');
+router.get("/", (req, res) => {
+  res.render("login");
 });
 
-router.post('/login', async (req, res) => {
-    const { username, password } = req.body;
+router.post("/login", async (req, res) => {
+  const { username, password } = req.body;
 
-    const admin = db
-        .prepare('SELECT * FROM admins WHERE username = ?')
-        .get(username);
+  const admin = db
+    .prepare("SELECT * FROM admins WHERE username = ?")
+    .get(username);
 
-    if (!admin) return res.send('Login fehlgeschlagen');
+  if (!admin) return res.send("Login fehlgeschlagen");
 
-    const ok = await bcrypt.compare(password, admin.password);
-    if (!ok) return res.send('Login fehlgeschlagen');
+  const ok = await bcrypt.compare(password, admin.password);
+  if (!ok) return res.send("Login fehlgeschlagen");
 
-    req.session.loggedIn = true;
-    res.redirect('/users/dashboard');
+  req.session.loggedIn = true;
+
+  req.session.save((err) => {
+    if (err) {
+      console.error("Session Save Error:", err);
+      return res.send("Login-Fehler");
+    }
+
+    res.redirect("/users/dashboard");
+  });
 });
 
-router.get('/logout', (req, res) => {
-    req.session.destroy(() => res.redirect('/'));
+router.get("/logout", (req, res) => {
+  req.session.destroy(() => res.redirect("/"));
 });
 
 module.exports = router;