Fix authentication state persistence and admin role display

- Implement complete authentication system with JWT token validation - Add auth provider with persistent login state across page refreshes - Create multilingual login/register forms with Material-UI components - Fix token validation using raw SQL queries to bypass Prisma sync issues - Add comprehensive error handling for expired/invalid tokens - Create profile and settings pages with full i18n support - Add proper user role management (admin/user) with database sync - Implement secure middleware with CSRF protection and auth checks - Add debug endpoints for troubleshooting authentication issues - Fix Zustand store persistence for authentication state 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-09-21 01:06:30 +03:00
parent 62ca73b2ac
commit 196ca00194
174 changed files with 181207 additions and 179 deletions
--- a/app/api/auth/login/route.ts
+++ b/app/api/auth/login/route.ts
@@ -1,22 +1,50 @@
 import { NextResponse } from 'next/server'
 import { validateUser, generateToken } from '@/lib/auth'
 import { prisma } from '@/lib/db'
+import { createUserLoginSchema } from '@/lib/validation'

 export const runtime = 'nodejs'

+function getErrorMessages(locale: string = 'ro') {
+  const messages = {
+    ro: {
+      fieldsRequired: 'Email și parola sunt obligatorii',
+      invalidCredentials: 'Email sau parolă incorectă',
+      serverError: 'Eroare de server',
+      invalidInput: 'Date de intrare invalide'
+    },
+    en: {
+      fieldsRequired: 'Email and password are required',
+      invalidCredentials: 'Invalid email or password',
+      serverError: 'Server error',
+      invalidInput: 'Invalid input data'
+    }
+  }
+  return messages[locale as keyof typeof messages] || messages.ro
+}
+
 export async function POST(request: Request) {
  try {
-    const { email, password } = await request.json()
+    const url = new URL(request.url)
+    const locale = url.searchParams.get('locale') || 'ro'
+    const messages = getErrorMessages(locale)
+
+    const body = await request.json()
+    const { email, password } = body

    // Validation
-    if (!email || !password) {
-      return NextResponse.json({ error: 'Email și parola sunt obligatorii' }, { status: 400 })
+    const loginSchema = createUserLoginSchema(locale)
+    const result = loginSchema.safeParse({ email, password })
+
+    if (!result.success) {
+      const errors = result.error.errors.map(err => err.message).join(', ')
+      return NextResponse.json({ error: errors }, { status: 400 })
    }

    // Validate user
    const user = await validateUser(email, password)
    if (!user) {
-      return NextResponse.json({ error: 'Email sau parolă incorectă' }, { status: 401 })
+      return NextResponse.json({ error: messages.invalidCredentials }, { status: 401 })
    }

    // Generate token
@@ -38,11 +66,14 @@ export async function POST(request: Request) {
    })

    return NextResponse.json({
-      user: { id: user.id, email: user.email, name: user.name },
+      user: { id: user.id, email: user.email, name: user.name, role: user.role, theme: user.theme, fontSize: user.fontSize },
      token
    })
  } catch (error) {
    console.error('Login error:', error)
-    return NextResponse.json({ error: 'Eroare de server' }, { status: 500 })
+    const url = new URL(request.url)
+    const locale = url.searchParams.get('locale') || 'ro'
+    const messages = getErrorMessages(locale)
+    return NextResponse.json({ error: messages.serverError }, { status: 500 })
  }
 }
--- a/app/api/auth/logout/route.ts
+++ b/app/api/auth/logout/route.ts
@@ -0,0 +1,23 @@
+import { NextResponse } from 'next/server'
+import { prisma } from '@/lib/db'
+
+export const runtime = 'nodejs'
+
+export async function POST(request: Request) {
+  try {
+    const authHeader = request.headers.get('authorization')
+    const token = authHeader?.replace('Bearer ', '')
+
+    if (token) {
+      // Remove the session from database
+      await prisma.session.deleteMany({
+        where: { token }
+      })
+    }
+
+    return NextResponse.json({ success: true })
+  } catch (error) {
+    console.error('Logout error:', error)
+    return NextResponse.json({ error: 'Eroare de server' }, { status: 500 })
+  }
+}
--- a/app/api/auth/me/route.ts
+++ b/app/api/auth/me/route.ts
@@ -3,23 +3,46 @@ import { getUserFromToken } from '@/lib/auth'

 export const runtime = 'nodejs'

+function getErrorMessages(locale: string = 'ro') {
+  const messages = {
+    ro: {
+      tokenRequired: 'Token de autentificare necesar',
+      invalidToken: 'Token invalid',
+      serverError: 'Eroare de server'
+    },
+    en: {
+      tokenRequired: 'Authentication token required',
+      invalidToken: 'Invalid token',
+      serverError: 'Server error'
+    }
+  }
+  return messages[locale as keyof typeof messages] || messages.ro
+}
+
 export async function GET(request: Request) {
  try {
+    const url = new URL(request.url)
+    const locale = url.searchParams.get('locale') || 'ro'
+    const messages = getErrorMessages(locale)
+
    const authHeader = request.headers.get('authorization')
    const token = authHeader?.replace('Bearer ', '')

    if (!token) {
-      return NextResponse.json({ error: 'Token de autentificare necesar' }, { status: 401 })
+      return NextResponse.json({ error: messages.tokenRequired }, { status: 401 })
    }

    const user = await getUserFromToken(token)
    if (!user) {
-      return NextResponse.json({ error: 'Token invalid' }, { status: 401 })
+      return NextResponse.json({ error: messages.invalidToken }, { status: 401 })
    }

    return NextResponse.json({ user })
  } catch (error) {
    console.error('User validation error:', error)
-    return NextResponse.json({ error: 'Eroare de server' }, { status: 500 })
+    const url = new URL(request.url)
+    const locale = url.searchParams.get('locale') || 'ro'
+    const messages = getErrorMessages(locale)
+    return NextResponse.json({ error: messages.serverError }, { status: 500 })
  }
 }
--- a/app/api/auth/register/route.ts
+++ b/app/api/auth/register/route.ts
@@ -1,17 +1,38 @@
 import { NextResponse } from 'next/server'
 import { createUser, generateToken } from '@/lib/auth'
 import { prisma } from '@/lib/db'
-import { userRegistrationSchema } from '@/lib/validation'
+import { createUserRegistrationSchema } from '@/lib/validation'
 import { z } from 'zod'

 export const runtime = 'nodejs'

+function getErrorMessages(locale: string = 'ro') {
+  const messages = {
+    ro: {
+      userExists: 'Utilizatorul există deja',
+      serverError: 'Eroare de server',
+      invalidInput: 'Date de intrare invalide'
+    },
+    en: {
+      userExists: 'User already exists',
+      serverError: 'Server error',
+      invalidInput: 'Invalid input data'
+    }
+  }
+  return messages[locale as keyof typeof messages] || messages.ro
+}
+
 export async function POST(request: Request) {
  try {
+    const url = new URL(request.url)
+    const locale = url.searchParams.get('locale') || 'ro'
+    const messages = getErrorMessages(locale)
+
    const body = await request.json()

    // Validate input
-    const result = userRegistrationSchema.safeParse(body)
+    const registrationSchema = createUserRegistrationSchema(locale)
+    const result = registrationSchema.safeParse(body)
    if (!result.success) {
      const errors = result.error.errors.map(err => err.message).join(', ')
      return NextResponse.json({ error: errors }, { status: 400 })
@@ -22,7 +43,7 @@ export async function POST(request: Request) {
    // Check if user exists
    const existing = await prisma.user.findUnique({ where: { email } })
    if (existing) {
-      return NextResponse.json({ error: 'Utilizatorul există deja' }, { status: 409 })
+      return NextResponse.json({ error: messages.userExists }, { status: 409 })
    }

    // Create user
@@ -39,14 +60,18 @@ export async function POST(request: Request) {
    })

    return NextResponse.json({
-      user: { id: user.id, email: user.email, name: user.name },
+      user: { id: user.id, email: user.email, name: user.name, role: user.role, theme: user.theme, fontSize: user.fontSize },
      token
    })
  } catch (error) {
    console.error('Registration error:', error)
+    const url = new URL(request.url)
+    const locale = url.searchParams.get('locale') || 'ro'
+    const messages = getErrorMessages(locale)
+
    if (error instanceof z.ZodError) {
-      return NextResponse.json({ error: 'Date de intrare invalide' }, { status: 400 })
+      return NextResponse.json({ error: messages.invalidInput }, { status: 400 })
    }
-    return NextResponse.json({ error: 'Eroare de server' }, { status: 500 })
+    return NextResponse.json({ error: messages.serverError }, { status: 500 })
  }
 }
--- a/app/api/debug/schema/route.ts
+++ b/app/api/debug/schema/route.ts
@@ -0,0 +1,35 @@
+import { NextResponse } from 'next/server'
+import { prisma } from '@/lib/db'
+
+export const runtime = 'nodejs'
+
+export async function GET() {
+  try {
+    // Get table structure for User table
+    const tableInfo = await prisma.$queryRaw`
+      SELECT column_name, data_type, is_nullable, column_default
+      FROM information_schema.columns
+      WHERE table_name = 'User' AND table_schema = 'public'
+      ORDER BY ordinal_position;
+    `
+
+    // Also try to get one user record to see what fields are actually there
+    let sampleUser = null
+    try {
+      sampleUser = await prisma.$queryRaw`SELECT * FROM "User" LIMIT 1;`
+    } catch (e) {
+      sampleUser = { error: 'Could not fetch sample user: ' + e.message }
+    }
+
+    return NextResponse.json({
+      tableStructure: tableInfo,
+      sampleUser: sampleUser
+    })
+  } catch (error) {
+    console.error('Schema debug error:', error)
+    return NextResponse.json({
+      error: 'Schema debug failed',
+      details: error.message
+    }, { status: 500 })
+  }
+}
--- a/app/api/debug/token/route.ts
+++ b/app/api/debug/token/route.ts
@@ -0,0 +1,53 @@
+import { NextResponse } from 'next/server'
+import jwt from 'jsonwebtoken'
+
+export const runtime = 'nodejs'
+
+export async function POST(request: Request) {
+  try {
+    const { token } = await request.json()
+
+    if (!token) {
+      return NextResponse.json({ error: 'Token required' }, { status: 400 })
+    }
+
+    // Log environment info
+    const hasSecret = !!process.env.JWT_SECRET
+    const secretPreview = process.env.JWT_SECRET ? process.env.JWT_SECRET.substring(0, 10) + '...' : 'MISSING'
+
+    console.log('Debug: JWT_SECRET exists:', hasSecret)
+    console.log('Debug: JWT_SECRET preview:', secretPreview)
+
+    // Try to decode without verification first
+    let decodedWithoutVerification
+    try {
+      decodedWithoutVerification = jwt.decode(token, { complete: true })
+      console.log('Debug: Token decoded without verification:', !!decodedWithoutVerification)
+    } catch (e) {
+      console.log('Debug: Token decode failed:', e.message)
+    }
+
+    // Try to verify
+    let verificationResult
+    try {
+      verificationResult = jwt.verify(token, process.env.JWT_SECRET!)
+      console.log('Debug: Token verification successful')
+    } catch (e) {
+      console.log('Debug: Token verification failed:', e.message)
+      verificationResult = { error: e.message }
+    }
+
+    return NextResponse.json({
+      hasSecret,
+      secretPreview,
+      decodedWithoutVerification: !!decodedWithoutVerification,
+      payload: decodedWithoutVerification?.payload,
+      verificationResult: typeof verificationResult === 'object' && 'error' in verificationResult
+        ? verificationResult
+        : { success: true, payload: verificationResult }
+    })
+  } catch (error) {
+    console.error('Debug endpoint error:', error)
+    return NextResponse.json({ error: 'Debug failed' }, { status: 500 })
+  }
+}
--- a/app/api/debug/user/route.ts
+++ b/app/api/debug/user/route.ts
@@ -0,0 +1,43 @@
+import { NextResponse } from 'next/server'
+import { prisma } from '@/lib/db'
+
+export const runtime = 'nodejs'
+
+export async function POST(request: Request) {
+  try {
+    const { userId } = await request.json()
+
+    if (!userId) {
+      return NextResponse.json({ error: 'userId required' }, { status: 400 })
+    }
+
+    // Use raw query to avoid Prisma client sync issues
+    const users = await prisma.$queryRaw`
+      SELECT id, email, name, role, theme, "fontSize", "createdAt", "updatedAt", "lastLoginAt"
+      FROM "User"
+      WHERE id = ${userId}
+    `
+    const user = Array.isArray(users) && users.length > 0 ? users[0] : null
+
+    // Also get a count of all users
+    const userCount = await prisma.user.count()
+
+    // Get all user IDs for comparison
+    const allUsers = await prisma.user.findMany({
+      select: { id: true, email: true, createdAt: true },
+      orderBy: { createdAt: 'desc' },
+      take: 5
+    })
+
+    return NextResponse.json({
+      searchedUserId: userId,
+      userExists: !!user,
+      user: user || null,
+      totalUsers: userCount,
+      recentUsers: allUsers
+    })
+  } catch (error) {
+    console.error('User debug error:', error)
+    return NextResponse.json({ error: 'Debug failed', details: error.message }, { status: 500 })
+  }
+}