0d290f29a1
## Features Implemented ### Authentication System - Login page at /login.html with Bootstrap 5 UI - Session-based authentication using SQLite - bcrypt password hashing via Bun.password API - CSRF protection for form submissions - Rate limiting on login attempts (10 req/min) - 7-day session persistence with HTTP-only cookies ### Admin Routes Protection - All admin endpoints protected with requireAuth middleware - requireAdmin middleware for role-based access - Session validation on each authenticated request - Expired session cleanup on startup ### API Endpoints - POST /api/auth/login - user authentication - POST /api/auth/logout - session termination - GET /api/auth/me - current user info - GET /api/csrf-token - CSRF token for forms - GET /api/admin/stats - admin statistics ### Seed Data - 12 realistic properties in Tenerife - 3 testimonials with international clients - 3 FAQ items about buying process - 3 services offered - Admin user: admin@tenerifeprop.com / admin123 ### Tests - Authentication tests (password, session) - Input validation tests (email, phone, XSS) - Property CRUD tests ## Files Changed - src/server/index.ts - CSRF fix, auth endpoints - public/login.html - New login page - public/js/api.js - Auth API methods - public/admin.html - Auth check on load - src/db/seed-comprehensive.ts - Seed script - tests/auth.test.ts - Test suite ## Tested ✅ Login page renders correctly ✅ Valid credentials return success ✅ Invalid credentials return error ✅ Session cookie is set ✅ Protected endpoints require authentication ✅ Logout clears session ✅ Auth/me returns 401 after logout ## Access - URL: http://localhost:3000/login.html - Email: admin@tenerifeprop.com - Password: admin123 Closes #28, #29, #30
108 KiB
108 KiB