OPCODE-Open-Spring-Fest
diff --git a/‎backend/package-lock.json‎
Lines changed: 3 additions & 0 deletions b/‎backend/package-lock.json‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎backend/src/app.ts‎
Lines changed: 4 additions & 7 deletions b/‎backend/src/app.ts‎
Lines changed: 4 additions & 7 deletions
diff --git a/‎backend/src/controllers/auth.controller.ts‎
Lines changed: 102 additions & 0 deletions b/‎backend/src/controllers/auth.controller.ts‎
Lines changed: 102 additions & 0 deletions
diff --git a/‎backend/src/controllers/auth.ts‎
Lines changed: 0 additions & 50 deletions b/‎backend/src/controllers/auth.ts‎
Lines changed: 0 additions & 50 deletions
diff --git a/‎backend/src/middleware/authMiddleware.ts‎
Lines changed: 18 additions & 31 deletions b/‎backend/src/middleware/authMiddleware.ts‎
Lines changed: 18 additions & 31 deletions
diff --git a/‎backend/src/models/user.model.ts‎
Lines changed: 28 additions & 6 deletions b/‎backend/src/models/user.model.ts‎
Lines changed: 28 additions & 6 deletions
diff --git a/‎backend/src/routes/cartRoutes.ts‎
Lines changed: 8 additions & 6 deletions b/‎backend/src/routes/cartRoutes.ts‎
Lines changed: 8 additions & 6 deletions
diff --git a/‎backend/src/routes/product.routes.ts‎
Lines changed: 0 additions & 1 deletion b/‎backend/src/routes/product.routes.ts‎
Lines changed: 0 additions & 1 deletion
@@ -60,14 +60,10 @@ app.post("/login", async (req: Request, res: Response) => {
     const accessToken = signAccessToken(payload);
     const refreshToken = signRefreshToken(payload);
 
-    refreshTokens.set(user.id, refreshToken);
 
-    res.cookie("refreshToken", refreshToken, {
-        httpOnly: true,
-        sameSite: "strict",
-        secure: process.env.NODE_ENV === "production",
-        maxAge: 7 * 24 * 60 * 60 * 1000,
-    });
+// app.get("/protected", authenticate, (req: AuthRequest, res: Response) => {
+//     res.json({ message: "Protected route accessed", user: req.user });
+// });
 
     res.json({ accessToken });
 });
@@ -206,6 +202,7 @@ app.use("/api", authRoutes);
 app.get("/", (_req, res) => {
     res.send("API is running");
 });
+app.use("/api/users", userRoutes);
 
 // ------------------- DATABASE -------------------
 
 
@@ -0,0 +1,102 @@
+// src/controllers/authController.ts
+import { Request, Response } from "express";
+import jwt from "jsonwebtoken";
+import crypto from "crypto";
+import nodemailer from "nodemailer";
+import { User } from "../models/user.model";
+
+const JWT_SECRET = process.env.JWT_SECRET || "secretkey";
+const CLIENT_URL = process.env.CLIENT_URL || "http://localhost:3000";
+
+const transporter = nodemailer.createTransport({
+    // service: "gmail",
+    // auth: {
+    //     user: process.env.EMAIL_USER,
+    //     pass: process.env.EMAIL_PASS,
+    // },
+    host: 'smtp.ethereal.email',
+    port: 587,
+    auth: {
+        user: '[email protected]',
+        pass: 'Du8rSm184HzwwHsHYm'
+    }
+});
+
+const generateToken = (id: string) => {
+    return jwt.sign({ id }, JWT_SECRET, { expiresIn: "7d" });
+};
+
+// Register user
+export const register = async (req: Request, res: Response) => {
+    try {
+        const { name, email, password } = req.body;
+        const existingUser = await User.findOne({ email });
+        if (existingUser) return res.status(400).json({ message: "User already exists" });
+
+        const verificationToken = crypto.randomBytes(20).toString("hex");
+        const user = await User.create({ name, email, password, verificationToken });
+
+        const verificationLink = `${CLIENT_URL}/verify/${verificationToken}`;
+        await transporter.sendMail({
+            to: email,
+            subject: "Verify your email",
+            html: `<p>Click <a href="${verificationLink}">here</a> to verify your account.</p>`,
+        });
+
+        res.status(201).json({ message: "User registered. Check your email for verification link." });
+    } catch (error) {
+        res.status(500).json({ message: "Registration failed", error });
+    }
+};
+
+// Verify email
+export const verifyEmail = async (req: Request, res: Response) => {
+    try {
+        const { token } = req.params;
+        const user = await User.findOne({ verificationToken: token });
+
+        if (!user) return res.status(400).json({ message: "Invalid or expired token" });
+
+        user.isVerified = true;
+        user.verificationToken = undefined;
+        await user.save();
+
+        res.status(200).json({ message: "Email verified successfully" });
+    } catch (error) {
+        res.status(500).json({ message: "Verification failed", error });
+    }
+};
+
+// Login
+export const login = async (req: Request, res: Response) => {
+    try {
+        const { email, password } = req.body;
+        const user = await User.findOne({ email });
+
+        if (!user) return res.status(400).json({ message: "Invalid credentials" });
+        if (!user.isVerified) return res.status(403).json({ message: "Please verify your email" });
+
+        const isMatch = await user.comparePassword(password);
+        if (!isMatch) return res.status(400).json({ message: "Invalid credentials" });
+
+        const token = generateToken(String(user._id));
+        res.status(200).json({ token, user: { name: user.name, email: user.email } });
+    } catch (error) {
+        res.status(500).json({ message: "Login failed", error });
+    }
+};
+
+// Get current user
+export const getMe = async (req: Request, res: Response) => {
+    try {
+        const userId = (req as any).user?.id;
+        if (!userId) return res.status(401).json({ message: "Unauthorized" });
+
+        const user = await User.findById(userId).select("-password");
+        if (!user) return res.status(404).json({ message: "User not found" });
+
+        res.status(200).json(user);
+    } catch (error) {
+        res.status(500).json({ message: "Error fetching user", error });
+    }
+};
@@ -1,41 +1,28 @@
-import { Request, Response, NextFunction } from 'express';
-import { verifyAccessToken } from '../controllers/auth';
+// src/middlewares/authMiddleware.ts
+import { Request, Response, NextFunction } from "express";
+import jwt from "jsonwebtoken";
+import { User } from "../models/user.model";
 
-export interface AuthenticatedRequest extends Request {
+const JWT_SECRET = process.env.JWT_SECRET || "secretkey";
+
+export interface AuthRequest extends Request {
     user?: any;
 }
 
-export type AuthRequest = AuthenticatedRequest;
-
-// (Middleware file - authMiddleware.ts)
+export const protect = async (req: AuthRequest, res: Response, next: NextFunction) => {
+    let token;
 
-export function authenticate(req: AuthenticatedRequest, res: Response, next: NextFunction) {
-    const header = req.headers.authorization;
-    const token = header?.startsWith('Bearer ') ? header.slice(7) : undefined;
-
-    if (!token) {
-        // Use 401 for NO credentials (token missing entirely)
-        return res.status(401).json({ error: 'No token provided' });
+    if (req.headers.authorization && req.headers.authorization.startsWith("Bearer")) {
+        token = req.headers.authorization.split(" ")[1];
     }
 
+    if (!token) return res.status(401).json({ message: "Not authorized, no token" });
+
     try {
-        const payload = verifyAccessToken(token);
-        req.user = payload;
+        const decoded = jwt.verify(token, JWT_SECRET) as { id: string };
+        req.user = await User.findById(decoded.id).select("-password");
         next();
-    } catch {
-        // Use 403 for INVALID credentials (token present but invalid/expired/rejected)
-        // This is often seen as a better status for expired tokens.
-        return res.status(403).json({ error: 'Invalid or expired token' });
+    } catch (error) {
+        res.status(401).json({ message: "Not authorized, token failed" });
     }
-}
-export function authorizeRole(role: string) {
-    return (req: AuthenticatedRequest, res: Response, next: NextFunction) => {
-        if (!req.user) {
-            return res.status(401).json({ error: 'Not authenticated' });
-        }
-        if (req.user.role !== role) {
-            return res.status(403).json({ error: 'Forbidden' });
-        }
-        next();
-    };
-}
+};
@@ -1,17 +1,39 @@
 import mongoose, { Document, Schema } from "mongoose";
+import bcrypt from "bcryptjs";
 
 export interface IUser extends Document {
+    name: string;
     email: string;
     password: string;
+    isVerified: boolean;
+    verificationToken?: string;
     resetPasswordToken?: string;
     resetPasswordExpires?: Date;
+    comparePassword(candidatePassword: string): Promise<boolean>;
 }
 
-const userSchema = new Schema<IUser>({
-    email: { type: String, required: true, unique: true },
-    password: { type: String, required: true },
-    resetPasswordToken: { type: String },
-    resetPasswordExpires: { type: Date },
+const userSchema = new Schema<IUser>(
+    {
+        name: { type: String, required: true },
+        email: { type: String, required: true, unique: true },
+        password: { type: String, required: true },
+        isVerified: { type: Boolean, default: false },
+        verificationToken: { type: String },
+        resetPasswordToken: { type: String },
+        resetPasswordExpires: { type: Date },
+    },
+    { timestamps: true }
+);
+
+userSchema.pre("save", async function (next) {
+    if (!this.isModified("password")) return next();
+    const salt = await bcrypt.genSalt(10);
+    this.password = await bcrypt.hash(this.password, salt);
+    next();
 });
 
-export default mongoose.model<IUser>("User", userSchema);
+userSchema.methods.comparePassword = async function (candidatePassword: string) {
+    return bcrypt.compare(candidatePassword, this.password);
+};
+
+export const User = mongoose.model<IUser>("User", userSchema);
@@ -6,13 +6,15 @@ import {
   getCart,
   checkout,
 } from "../controllers/cart.controller";
+import { authenticate } from "../middleware/authMiddleware";
 
 const router: Router = express.Router();
 
-router.post("/", addItem);
-router.patch("/:itemId", updateQuantity);
-router.delete("/:itemId", removeItem);
-router.get("/", getCart);
-router.post("/checkout", checkout);
+//Protected routes
+router.post("/", authenticate, addItem);
+router.patch("/:itemId", authenticate, updateQuantity);
+router.delete("/:itemId", authenticate, removeItem);
+router.get("/", authenticate, getCart);
+router.post("/checkout", authenticate, checkout);
 
-export default router;
+export default router;
@@ -6,7 +6,6 @@ import {
     updateProduct,
     deleteProduct,
 } from "../controllers/product.controller";
-// import { verifyAuth } from "../middleware/auth.middleware";
 
 const router = Router();