diff --git a/backend/src/routes/auth.js b/backend/src/routes/auth.js index 3f7a9db..ba1ec08 100644 --- a/backend/src/routes/auth.js +++ b/backend/src/routes/auth.js @@ -34,4 +34,18 @@ router.post('/change-password', authenticate, (req, res) => { res.json({ success: true }); }); +// POST /api/auth/change-username +router.post('/change-username', authenticate, (req, res) => { + const { newUsername, password } = req.body; + if (!newUsername || newUsername.trim().length < 3) + return res.status(400).json({ error: 'Mindestens 3 Zeichen erforderlich' }); + const user = db.prepare('SELECT * FROM users WHERE id = ?').get(req.user.id); + if (!bcrypt.compareSync(password, user.password_hash)) + return res.status(400).json({ error: 'Passwort falsch' }); + const exists = db.prepare('SELECT id FROM users WHERE username = ? AND id != ?').get(newUsername.trim(), req.user.id); + if (exists) return res.status(400).json({ error: 'Benutzername bereits vergeben' }); + db.prepare('UPDATE users SET username = ? WHERE id = ?').run(newUsername.trim(), req.user.id); + res.json({ success: true, username: newUsername.trim() }); +}); + module.exports = router;