Update site appearance and user authentication functionality

Implement a new login system, update UI elements, and enable static asset serving for images. Replit-Commit-Author: Agent Replit-Commit-Session-Id: 069d4324-6c40-4355-955e-c714a50de1ea Replit-Commit-Checkpoint-Type: intermediate_checkpoint Replit-Commit-Screenshot-Url: https://storage.googleapis.com/screenshot-production-us-central1/3df548ff-50ae-432f-9be4-25d34eccc983/069d4324-6c40-4355-955e-c714a50de1ea/InMLMqG
2025-09-29 16:29:07 +00:00
parent 9633469631
commit d8491366cf
16 changed files with 331 additions and 167 deletions
--- a/server/index.ts
+++ b/server/index.ts
@ -39,6 +39,9 @@ app.use((req, res, next) => {
 (async () => {
  const server = await registerRoutes(app);

+  // Serve attached assets statically
+  app.use('/attached_assets', express.static('attached_assets'));
+
  app.use((err: any, _req: Request, res: Response, _next: NextFunction) => {
    const status = err.status || err.statusCode || 500;
    const message = err.message || "Internal Server Error";
--- a/server/routes.ts
+++ b/server/routes.ts
@ -1,7 +1,7 @@
 import type { Express } from "express";
 import { createServer, type Server } from "http";
 import { storage } from "./storage";
-import { setupAuth, isAuthenticated } from "./replitAuth";
+import { setupAuth, isAuthenticated } from "./simpleAuth";
 import { insertArticleSchema, insertMediaOutletRequestSchema, insertBidSchema, insertCommentSchema } from "@shared/schema";

 export async function registerRoutes(app: Express): Promise<Server> {
@ -11,8 +11,7 @@ export async function registerRoutes(app: Express): Promise<Server> {
  // Auth routes
  app.get('/api/auth/user', isAuthenticated, async (req: any, res) => {
    try {
-      const userId = req.user.claims.sub;
-      const user = await storage.getUser(userId);
+      const user = req.user;
      res.json(user);
    } catch (error) {
      console.error("Error fetching user:", error);
@ -82,8 +81,7 @@ export async function registerRoutes(app: Express): Promise<Server> {

  app.post('/api/articles', isAuthenticated, async (req: any, res) => {
    try {
-      const userId = req.user.claims.sub;
-      const user = await storage.getUser(userId);
+      const user = req.user;
      
      if (!user || (user.role !== 'admin' && user.role !== 'superadmin')) {
        return res.status(403).json({ message: "Insufficient permissions" });
@ -91,7 +89,7 @@ export async function registerRoutes(app: Express): Promise<Server> {

      const articleData = insertArticleSchema.parse({
        ...req.body,
-        authorId: userId
+        authorId: user.id
      });
      
      const article = await storage.createArticle(articleData);
--- a/server/simpleAuth.ts
+++ b/server/simpleAuth.ts
@ -0,0 +1,89 @@
+import type { Express, RequestHandler } from "express";
+import session from "express-session";
+import connectPg from "connect-pg-simple";
+
+// Hardcoded credentials
+const CREDENTIALS = {
+  admin: { password: "1234", role: "admin", firstName: "Admin", lastName: "User" },
+  superadmin: { password: "1234", role: "superadmin", firstName: "Super", lastName: "Admin" }
+};
+
+export function getSession() {
+  const sessionTtl = 7 * 24 * 60 * 60 * 1000; // 1 week
+  const pgStore = connectPg(session);
+  const sessionStore = new pgStore({
+    conString: process.env.DATABASE_URL,
+    createTableIfMissing: false,
+    ttl: sessionTtl,
+    tableName: "sessions",
+  });
+  return session({
+    secret: process.env.SESSION_SECRET!,
+    store: sessionStore,
+    resave: false,
+    saveUninitialized: false,
+    cookie: {
+      httpOnly: true,
+      secure: false, // Changed to false for development
+      maxAge: sessionTtl,
+    },
+  });
+}
+
+export async function setupAuth(app: Express) {
+  app.set("trust proxy", 1);
+  app.use(getSession());
+
+  // Login route
+  app.post("/api/login", (req, res) => {
+    const { username, password } = req.body;
+    
+    if (!username || !password) {
+      return res.status(400).json({ message: "Username and password required" });
+    }
+
+    const user = CREDENTIALS[username as keyof typeof CREDENTIALS];
+    if (!user || user.password !== password) {
+      return res.status(401).json({ message: "Invalid credentials" });
+    }
+
+    // Set session
+    (req.session as any).user = {
+      id: username,
+      email: `${username}@sapiens.com`,
+      firstName: user.firstName,
+      lastName: user.lastName,
+      role: user.role,
+      isAuthenticated: true
+    };
+
+    res.json({
+      id: username,
+      email: `${username}@sapiens.com`,
+      firstName: user.firstName,
+      lastName: user.lastName,
+      role: user.role
+    });
+  });
+
+  // Logout route
+  app.post("/api/logout", (req, res) => {
+    req.session.destroy((err) => {
+      if (err) {
+        return res.status(500).json({ message: "Could not log out" });
+      }
+      res.json({ message: "Logged out successfully" });
+    });
+  });
+}
+
+export const isAuthenticated: RequestHandler = (req, res, next) => {
+  const user = (req.session as any)?.user;
+  
+  if (!user || !user.isAuthenticated) {
+    return res.status(401).json({ message: "Unauthorized" });
+  }
+
+  req.user = user;
+  next();
+};