Login Probleme

app.js

@@ -1,34 +1,46 @@
-require('dotenv').config(); 
-const express = require('express');
-const session = require('express-session');
-const bodyParser = require('body-parser');
-
-const authRoutes = require('./routes/auth');
-const userRoutes = require('./routes/users');
-const widerrufRoutes = require('./routes/widerruf');
+require("dotenv").config();
+const express = require("express");
+const session = require("express-session");
 
+const authRoutes = require("./routes/auth");
+const userRoutes = require("./routes/users");
+const widerrufRoutes = require("./routes/widerruf");
 
 const app = express();
-app.use(express.static('public'));
-app.set('view engine', 'ejs');
-app.use(bodyParser.urlencoded({ extended: false }));
 
-app.use(session({
-    secret: 'plusfit_secret_key',
+// Body Parser (modern)
+app.use(express.urlencoded({ extended: false }));
+app.use(express.json());
+
+// Session MUSS vor den Routen
+app.use(
+  session({
+    name: "plusfit.sid", // eigener Cookie-Name
+    secret: "plusfit_secret_key",
     resave: false,
-    saveUninitialized: false
-}));
+    saveUninitialized: false,
+    cookie: {
+      httpOnly: true,
+      secure: false, // true nur bei https
+      maxAge: 1000 * 60 * 60 * 2, // 2h
+    },
+  }),
+);
 
-app.use('/', authRoutes);
-app.use('/users', userRoutes);
-app.use('/sepa', require('./routes/sepa'));
-app.use('/sepa', require('./routes/sepaExport'));
-app.use('/contracts', require('./routes/contracts'));
-app.use('/register', require('./routes/register'));
-app.use('/company', require('./routes/company'));
-app.use('/widerruf', widerrufRoutes);
+// Static + Views
+app.use(express.static("public"));
+app.set("view engine", "ejs");
 
+// Routes NACH Session
+app.use("/", authRoutes);
+app.use("/users", userRoutes);
+app.use("/sepa", require("./routes/sepa"));
+app.use("/sepa", require("./routes/sepaExport"));
+app.use("/contracts", require("./routes/contracts"));
+app.use("/register", require("./routes/register"));
+app.use("/company", require("./routes/company"));
+app.use("/widerruf", widerrufRoutes);
 
 app.listen(3005, () => {
-    console.log('Plusfit läuft auf http://localhost:3005');
+  console.log("Plusfit läuft auf http://localhost:3005");
 });

middleware/authMiddleware.js

@@ -1,6 +1,6 @@
 module.exports = (req, res, next) => {
   if (!req.session.loggedIn) {
-        return res.redirect('/');
+    return res.redirect("/");
   }
   next();
 };

routes/auth.js

@@ -1,32 +1,40 @@
-const express = require('express');
-const bcrypt = require('bcrypt');
-const Database = require('better-sqlite3');
+const express = require("express");
+const bcrypt = require("bcrypt");
+const Database = require("better-sqlite3");
 
-const db = new Database('plusfit.db');
+const db = new Database("plusfit.db");
 const router = express.Router();
 
-router.get('/', (req, res) => {
-    res.render('login');
+router.get("/", (req, res) => {
+  res.render("login");
 });
 
-router.post('/login', async (req, res) => {
+router.post("/login", async (req, res) => {
   const { username, password } = req.body;
 
   const admin = db
-        .prepare('SELECT * FROM admins WHERE username = ?')
+    .prepare("SELECT * FROM admins WHERE username = ?")
     .get(username);
 
-    if (!admin) return res.send('Login fehlgeschlagen');
+  if (!admin) return res.send("Login fehlgeschlagen");
 
   const ok = await bcrypt.compare(password, admin.password);
-    if (!ok) return res.send('Login fehlgeschlagen');
+  if (!ok) return res.send("Login fehlgeschlagen");
 
   req.session.loggedIn = true;
-    res.redirect('/users/dashboard');
+
+  req.session.save((err) => {
+    if (err) {
+      console.error("Session Save Error:", err);
+      return res.send("Login-Fehler");
+    }
+
+    res.redirect("/users/dashboard");
+  });
 });
 
-router.get('/logout', (req, res) => {
-    req.session.destroy(() => res.redirect('/'));
+router.get("/logout", (req, res) => {
+  req.session.destroy(() => res.redirect("/"));
 });
 
 module.exports = router;