From 728197e0ab252ef793fb0af43451c4421bb524a5 Mon Sep 17 00:00:00 2001
From: Atlaskor <atlaskor@mediakor.com>
Date: Thu, 13 Nov 2025 15:45:03 +0000
Subject: [PATCH] Update server/src/index.js

---
 server/src/index.js | 56 ++++++++++++++++++++++++++++-----------------
 1 file changed, 35 insertions(+), 21 deletions(-)

diff --git a/server/src/index.js b/server/src/index.js
index 9c99e62..3d3fe2a 100644
--- a/server/src/index.js
+++ b/server/src/index.js
@@ -24,17 +24,15 @@ const WORLD = {
 
 // ===== Auth helpers =====
 
-const COOKIE = 'auth';
-
-function signToken(uid) {
-  return jwt.sign({ uid }, process.env.JWT_SECRET, { expiresIn: '30d' });
+function signToken(cid) {
+  return jwt.sign({ cid }, process.env.JWT_SECRET, { expiresIn: '30d' });
 }
 
 function authFromReq(req) {
   try {
     const token = req.cookies?.[COOKIE];
     if (!token) return null;
-    return jwt.verify(token, process.env.JWT_SECRET);
+    return jwt.verify(token, process.env.JWT_SECRET); // { cid, iat, exp }
   } catch {
     return null;
   }
@@ -42,13 +40,16 @@ function authFromReq(req) {
 
 // ===== HTTP API =====
 
+// Register a new character with username + password
 app.post('/api/register', async (req, res) => {
   const { username, password } = req.body || {};
-  if (!username || !password)
-    return res.status(400).json({ error: 'Missing fields' });
+  if (!username || !password) {
+    return res.status(400).json({ error: 'Missing username or password' });
+  }
+
   try {
-    const user = await Users.create(username, password);
-    const token = signToken(user.id);
+    const ch = await Characters.create(username, password);
+    const token = signToken(ch.id);
     res
       .cookie(COOKIE, token, { httpOnly: true, sameSite: 'lax' })
       .json({ ok: true });
@@ -58,29 +59,40 @@ app.post('/api/register', async (req, res) => {
   }
 });
 
+// Login as a specific character
 app.post('/api/login', async (req, res) => {
   const { username, password } = req.body || {};
-  const user = await Users.verify(username, password);
-  if (!user) return res.status(401).json({ error: 'Invalid login' });
-  const token = signToken(user.id);
+  if (!username || !password) {
+    return res.status(400).json({ error: 'Missing username or password' });
+  }
+
+  const ch = await Characters.verify(username, password);
+  if (!ch) return res.status(401).json({ error: 'Invalid login' });
+
+  const token = signToken(ch.id);
   res
     .cookie(COOKIE, token, { httpOnly: true, sameSite: 'lax' })
     .json({ ok: true });
 });
 
+// Logout: clear cookie
 app.post('/api/logout', (req, res) => {
   res.clearCookie(COOKIE).json({ ok: true });
 });
 
+// Current character + inventory
 app.get('/api/me', async (req, res) => {
   const auth = authFromReq(req);
   if (!auth) return res.status(401).json({ error: 'Not logged in' });
-  const ch = await Characters.getByUserId(auth.uid);
-  if (!ch) return res.status(404).json({ error: 'No character' });
+
+  const ch = await Characters.getById(auth.cid);
+  if (!ch) return res.status(404).json({ error: 'Character not found' });
+
   const inv = await Inventory.all(ch.id);
   res.json({ character: ch, inventory: inv, world: WORLD });
 });
 
+
 // static client
 app.use(express.static(new URL('../static', import.meta.url).pathname));
 
@@ -113,7 +125,6 @@ spawnNodes();
 const socketsToPlayers = new Map(); // socket.id -> { x,y,name,uid,charId }
 
 io.on('connection', socket => {
-  // auth handshake
   socket.on('auth:join', async ack => {
     try {
       const cookieHeader = socket.handshake.headers.cookie || '';
@@ -121,20 +132,23 @@ io.on('connection', socket => {
       if (!match) return ack?.({ error: 'no auth cookie' });
 
       const token = match[1];
-      const decoded = jwt.verify(token, process.env.JWT_SECRET);
-      const ch = await Characters.getByUserId(decoded.uid);
-      if (!ch) return ack?.({ error: 'no character' });
+      const decoded = jwt.verify(token, process.env.JWT_SECRET); // { cid }
+
+      const ch = await Characters.getById(decoded.cid);
+      if (!ch) return ack?.({ error: 'character missing' });
 
       const player = {
         x: ch.x,
         y: ch.y,
-        name: ch.name,
-        uid: decoded.uid,
+        name: ch.username,
+        cid: decoded.cid,
         charId: ch.id
       };
       socketsToPlayers.set(socket.id, player);
 
       socket.join('world');
+
+      // Send initial nodes in same handler or from separate listener
       socket.emit(
         'nodes:init',
         nodes.map(n => ({
@@ -148,7 +162,7 @@ io.on('connection', socket => {
 
       ack?.({
         ok: true,
-        you: { name: ch.name, x: ch.x, y: ch.y },
+        you: { name: ch.username, x: ch.x, y: ch.y },
         world: WORLD
       });
     } catch (e) {