feat: add useDebounce hook for debouncing values

feat: implement checkout API with validation, shipping options, and order management

feat: enhance product API to support pagination and search parameters

feat: create search API with advanced filtering, suggestions, and faceted results

feat: establish a centralized API client with error handling and retry logic

fix: update axios base URL for consistency across environments

feat: implement error handling service for better error management

feat: add validation utilities for form fields and common validation rules

Author: Nick-Lemy

backend/app.js

@@ -3,13 +3,15 @@ import dotenv from 'dotenv'
 import { PORT } from './configs/variables.js';
 import fileUpload from 'express-fileupload';
 import productRouter from './routes/product.route.js'
+import publicProductRouter from './routes/public-product.route.js'
 import userRouter from './routes/user.route.js';
 import authRouter from './routes/auth.route.js'
 import { adminMiddleware, userMiddleware } from './middlewares/auth.middleware.js';
 import cors from 'cors';
 dotenv.config();
 import './configs/database.js';
 import orderRouter from './routes/order.route.js';
+import checkoutRouter from './routes/checkout.route.js';
 
 
 const app = express();
@@ -25,10 +27,15 @@ app.get('/', (req, res) => {
     res.send('Welcome to Wyze Academy!');
 });
 
+// Public routes (no authentication required)
+app.use('/products', publicProductRouter)
+
+// Protected routes (authentication required)  
 app.use('/products', userMiddleware, productRouter)
 app.use('/users', adminMiddleware, userRouter)
 app.use('/auth', authRouter)
 app.use('/orders', userMiddleware, orderRouter)
+app.use('/checkout', checkoutRouter)
 
 app.listen(PORT, () => {
     console.log(`Server is running on port ${PORT}`);

backend/controllers/auth.controller.js

@@ -5,9 +5,23 @@ import { getUserByEmail, createUser, getUserById, updateUser } from "../models/u
 export async function registerController(req, res) {
     try {
         const { firstName, lastName, email, password, address } = req.body
+
+        // Validation
         if (!(email && password && firstName && lastName && address)) {
-            res.status(400).send('All field are required')
+            return res.status(400).send({ message: 'All fields are required' })
+        }
+
+        // Password validation
+        if (password.length < 6) {
+            return res.status(400).send({ message: 'Password must be at least 6 characters long' })
+        }
+
+        // Check if user already exists
+        const existingUser = await getUserByEmail(email.toLowerCase())
+        if (existingUser) {
+            return res.status(409).send({ message: 'User with this email already exists' })
         }
+
         const encryptedPassword = await encryptPassword(password)
 
         const user = await createUser({
@@ -17,33 +31,50 @@ export async function registerController(req, res) {
             password: encryptedPassword,
             address,
         })
-        const token = generateToken({ userId: user._id, email, role: user.role })
-        user.token = token
-        user.password = undefined
-        user.__v = undefined
 
-        res.status(201).json({ user })
+        const token = generateToken({ userId: user._id, email: user.email, role: user.role })
+
+        // Clean user object
+        const userResponse = user.toObject()
+        delete userResponse.password
+        delete userResponse.__v
+
+        res.status(201).json({ user: userResponse, token })
     } catch (error) {
-        console.log(error)
+        console.error('Registration error:', error)
         res.status(500).send({ error: 'Internal Server Error' });
     }
 }
 
 export async function loginController(req, res) {
     try {
         const { email, password } = req.body;
-        const user = await getUserByEmail(email)
+
+        // Validation
+        if (!email || !password) {
+            return res.status(400).send({ message: 'Email and password are required' })
+        }
+
+        const user = await getUserByEmail(email.toLowerCase())
         if (!user) {
-            res.status(404).send({ message: 'User not found' })
+            return res.status(401).send({ message: 'Invalid email or password' })
         }
+
         const passwordValidity = await comparePasswords(password, user.password)
         if (!passwordValidity) {
-            res.status(403).send({ message: "The password is incorrect" })
+            return res.status(401).send({ message: 'Invalid email or password' })
         }
+
         const token = generateToken({ userId: user._id, email: user.email, role: user.role })
-        res.status(200).send({ user, token });
+
+        // Clean user object
+        const userResponse = user.toObject()
+        delete userResponse.password
+        delete userResponse.__v
+
+        res.status(200).send({ user: userResponse, token });
     } catch (error) {
-        console.log(error)
+        console.error('Login error:', error)
         res.status(500).send({ message: 'Internal server error' })
     }
 }

backend/controllers/order.controller.js

@@ -1,37 +1,170 @@
-import { createOrder, getMyOrders, getOrderById, modifyStatus } from "../models/order.model.js"
+import {
+    createOrder,
+    getMyOrders,
+    getOrderById,
+    modifyStatus,
+    getOrderStats,
+    getOrdersByStatus,
+    cancelOrder,
+    getAllOrders
+} from "../models/order.model.js"
 
 export async function createOrderController(req, res) {
     try {
-        const order = await createOrder(req.user.userId, req.body)
-        res.status(201).send({ order, message: "Order created successfully" })
+        // Validate required fields
+        const { products, shippingAddress, totalPrice } = req.body;
+
+        if (!products || !Array.isArray(products) || products.length === 0) {
+            return res.status(400).send({ error: "Products are required" });
+        }
+
+        if (!shippingAddress || !shippingAddress.fullName || !shippingAddress.addressLine1) {
+            return res.status(400).send({ error: "Complete shipping address is required" });
+        }
+
+        if (!totalPrice || totalPrice <= 0) {
+            return res.status(400).send({ error: "Valid total price is required" });
+        }
+
+        const order = await createOrder(req.user.userId, req.body);
+        res.status(201).send({
+            success: true,
+            order,
+            message: "Order created successfully"
+        });
     } catch (error) {
-        res.status(500).send({ error: error.message })
+        console.log(`Error: ${error.message}`);
+        if (error.message.includes('stock') || error.message.includes('mismatch') || error.message.includes('not found')) {
+            return res.status(400).send({ error: error.message });
+        }
+        res.status(500).send({ error: "Internal Server Error" });
     }
 }
 
 export async function getMyOrdersController(req, res) {
     try {
-        const myOrders = await getMyOrders(req.user.userId)
-        return res.status(200).send(myOrders)
+        const { page = 1, limit = 10, status } = req.query;
+
+        let myOrders;
+        if (status) {
+            myOrders = await getOrdersByStatus(status, parseInt(page), parseInt(limit));
+            // Filter by user
+            myOrders.orders = myOrders.orders.filter(order => order.userId === req.user.userId);
+        } else {
+            myOrders = await getMyOrders(req.user.userId);
+        }
+
+        return res.status(200).send({
+            success: true,
+            orders: myOrders
+        });
     } catch (error) {
-        res.status(500).send({ error: error.message })
+        console.log(`Error: ${error.message}`);
+        res.status(500).send({ error: "Internal Server Error" });
     }
 }
 
 export async function getOrderByIdController(req, res) {
     try {
-        const order = await getOrderById(req.user.userId, req.params.id)
-        res.status(200).send(order)
+        const order = await getOrderById(req.user.userId, req.params.id);
+        res.status(200).send({
+            success: true,
+            order
+        });
     } catch (error) {
-        res.status(500).send({ error: error.message })
+        console.log(`Error: ${error.message}`);
+        if (error.message.includes('not allowed') || error.message.includes('not found')) {
+            return res.status(404).send({ error: error.message });
+        }
+        res.status(500).send({ error: "Internal Server Error" });
     }
 }
 
 export async function modifyStatusController(req, res) {
     try {
-        const order = await modifyStatus(req.params.id, req.body.status)
-        res.status(200).send({ order, message: "Order status modified successfully" })
+        const { status, trackingNumber, estimatedDelivery } = req.body;
+
+        if (!status) {
+            return res.status(400).send({ error: "Status is required" });
+        }
+
+        const order = await modifyStatus(req.params.id, status, trackingNumber, estimatedDelivery);
+        res.status(200).send({
+            success: true,
+            order,
+            message: "Order status updated successfully"
+        });
+    } catch (error) {
+        console.log(`Error: ${error.message}`);
+        if (error.message.includes('Cannot change status')) {
+            return res.status(400).send({ error: error.message });
+        }
+        res.status(500).send({ error: "Internal Server Error" });
+    }
+}
+
+export async function cancelOrderController(req, res) {
+    try {
+        const { reason } = req.body;
+        const order = await cancelOrder(req.params.id, req.user.userId, reason);
+        res.status(200).send({
+            success: true,
+            order,
+            message: "Order cancelled successfully"
+        });
+    } catch (error) {
+        console.log(`Error: ${error.message}`);
+        if (error.message.includes('Cannot cancel') || error.message.includes('not found')) {
+            return res.status(400).send({ error: error.message });
+        }
+        res.status(500).send({ error: "Internal Server Error" });
+    }
+}
+
+export async function getOrderStatsController(req, res) {
+    try {
+        const stats = await getOrderStats(req.user.userId);
+        res.status(200).send({
+            success: true,
+            stats
+        });
+    } catch (error) {
+        console.log(`Error: ${error.message}`);
+        res.status(500).send({ error: "Internal Server Error" });
+    }
+}
+
+// Admin only controllers
+export async function getAllOrdersController(req, res) {
+    try {
+        const { page = 1, limit = 10, status } = req.query;
+
+        let orders;
+        if (status) {
+            orders = await getOrdersByStatus(status, parseInt(page), parseInt(limit));
+        } else {
+            orders = await getAllOrders();
+        }
+
+        res.status(200).send({
+            success: true,
+            orders
+        });
+    } catch (error) {
+        console.log(`Error: ${error.message}`);
+        res.status(500).send({ error: "Internal Server Error" });
+    }
+}
+
+export async function getAdminOrderStatsController(req, res) {
+    try {
+        const stats = await getOrderStats();
+        res.status(200).send({
+            success: true,
+            stats
+        });
     } catch (error) {
-        res.status(500).send({ error: error.message })
+        console.log(`Error: ${error.message}`);
+        res.status(500).send({ error: "Internal Server Error" });
     }
 }