添加改密接口

server/index.js

@@ -80,6 +80,34 @@ app.post('/api/auth/logout', (req, res) => {
   res.json({ success: true });
 });
 
+app.post('/api/auth/change-password', requireAuth, async (req, res) => {
+  const { oldPassword, newPassword } = req.body;
+  if (!oldPassword || !newPassword) {
+    return res.status(400).json({ error: '需要输入旧密码和新密码' });
+  }
+
+  try {
+    const [rows] = await db.query('SELECT * FROM users WHERE id = ?', [req.user.id]);
+    if (rows.length === 0) return res.status(404).json({ error: '用户不存在' });
+
+    const user = rows[0];
+    const oldHash = crypto.pbkdf2Sync(oldPassword, user.salt, 1000, 64, 'sha512').toString('hex');
+
+    if (oldHash !== user.password) {
+      return res.status(401).json({ error: '旧密码输入错误' });
+    }
+
+    const newSalt = crypto.randomBytes(16).toString('hex');
+    const newHash = crypto.pbkdf2Sync(newPassword, newSalt, 1000, 64, 'sha512').toString('hex');
+
+    await db.query('UPDATE users SET password = ?, salt = ? WHERE id = ?', [newHash, newSalt, user.id]);
+    res.json({ success: true, message: '密码修改成功' });
+  } catch (err) {
+    console.error('Password update error:', err);
+    res.status(500).json({ error: '服务器错误，修改失败' });
+  }
+});
+
 app.get('/api/auth/status', (req, res) => {
   const sessionId = getCookie(req, 'session_id');
   if (sessionId && sessions.has(sessionId)) {