From 07883dc5dd8f0a65808d24795c2e5377ca1532e0 Mon Sep 17 00:00:00 2001
From: marsalva <info@marsalva.es>
Date: Thu, 5 Mar 2026 14:36:58 +0000
Subject: [PATCH] Actualizar server.js

---
 server.js | 48 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 48 insertions(+)

diff --git a/server.js b/server.js
index 693d5ae..e8d41a6 100644
--- a/server.js
+++ b/server.js
@@ -381,6 +381,54 @@ async function requirePlan(req, res, next, feature) {
 // 🔐 RUTAS DE AUTENTICACIÓN (LOGIN) - RESTAURADAS
 // ==========================================
 
+app.post("/auth/login", async (req, res) => {
+    try {
+        const { identifier, password } = req.body; 
+        if (!identifier || !password) return res.status(400).json({ ok: false, error: "Faltan datos" });
+
+        const identClean = identifier.replace(/\s+/g, '').trim();
+
+        // Buscamos al usuario por email o por teléfono (con o sin +34)
+        const q = await pool.query(
+            "SELECT * FROM users WHERE email = $1 OR phone LIKE $2 LIMIT 1",
+            [identClean, `%${identClean.replace('+34', '')}%`]
+        );
+
+        if (q.rowCount === 0) return res.status(401).json({ ok: false, error: "Usuario no encontrado" });
+
+        const user = q.rows[0];
+
+        if (user.status !== 'active') return res.status(403).json({ ok: false, error: "Tu cuenta está desactivada" });
+
+        const valid = await bcrypt.compare(password, user.password_hash);
+        if (!valid) return res.status(401).json({ ok: false, error: "Contraseña incorrecta" });
+
+        const token = signToken(user);
+        res.json({
+            ok: true,
+            token,
+            user: { 
+                id: user.id, 
+                name: user.full_name, 
+                role: user.role, 
+                accountId: user.owner_id || user.id 
+            }
+        });
+    } catch (e) {
+        console.error("Error en login:", e);
+        res.status(500).json({ ok: false, error: "Error interno del servidor" });
+    }
+});
+
+app.get("/auth/me", authMiddleware, async (req, res) => {
+    try {
+        const q = await pool.query("SELECT id, full_name, email, phone, role, owner_id, status, company_slug, plan_tier FROM users WHERE id = $1", [req.user.sub]);
+        if (q.rowCount === 0) return res.status(404).json({ ok: false });
+        res.json({ ok: true, user: q.rows[0] });
+    } catch (e) {
+        res.status(500).json({ ok: false });
+    }
+});
 // ==========================================
 // 🔗 PORTAL PÚBLICO DEL CLIENTE 
 // ==========================================