feat:Add JWT-based authentication middleware to protect APIs

Author: LONECODER1

backend/.env.example

@@ -0,0 +1,17 @@
+
+# --- JWT Configuration ---
+# Secret key for signing access tokens. Should be a long, random string.
+JWT_SECRET=your_jwt_secret_key_here
+
+# Secret key for signing refresh tokens. Should be a long, random string, different from JWT_SECRET.
+JWT_REFRESH_SECRET=your_jwt_refresh_secret_key_here
+
+# Access token expiration time (e.g., 10m, 1h, 1d)
+ACCESS_TOKEN_EXPIRY=10m
+
+# Refresh token expiration time (e.g., 7d, 30d)
+REFRESH_TOKEN_EXPIRY=7d
+
+# --- Server Configuration ---
+# Port for the server to run on
+PORT=4000

backend/package-lock.json

@@ -11,18 +11,25 @@
   "author": "",
   "license": "MIT",
   "dependencies": {
+    "bcryptjs": "^3.0.2",
     "body-parser": "^1.20.2",
+    "cookie-parser": "^1.4.7",
     "cors": "^2.8.5",
-    "dotenv": "^16.3.1",
-    "express": "^4.18.2",
+    "dotenv": "^16.6.1",
+    "express": "^4.21.2",
+    "jsonwebtoken": "^9.0.2",
     "morgan": "^1.10.0"
   },
   "devDependencies": {
+    "@types/bcryptjs": "^2.4.6",
     "@types/body-parser": "^1.19.2",
+    "@types/cookie-parser": "^1.4.9",
     "@types/cors": "^2.8.13",
-    "@types/express": "^4.17.21",
+    "@types/express": "^4.17.23",
+    "@types/jsonwebtoken": "^9.0.10",
     "@types/morgan": "^1.9.7",
+    "ts-node": "^10.9.2",
     "ts-node-dev": "^2.0.0",
-    "typescript": "^5.2.2"
+    "typescript": "^5.9.3"
   }
-}
+}

backend/package.json

@@ -0,0 +1,50 @@
+import jwt, { SignOptions, JwtPayload } from "jsonwebtoken";
+import dotenv from "dotenv";
+dotenv.config();
+
+if (!process.env.JWT_SECRET || !process.env.JWT_REFRESH_SECRET) {
+    throw new Error("JWT secrets missing in environment variables");
+}
+
+const accessSecret = process.env.JWT_SECRET as string;
+const refreshSecret = process.env.JWT_REFRESH_SECRET as string;
+
+// Define your payload type
+export interface TokenPayload extends JwtPayload {
+    sub: string;
+    username?: string;
+    role?: string;
+    //role?:"user"|"admin"; // Example roles
+}
+
+export function signAccessToken(payload: TokenPayload) {
+    const options: SignOptions = { expiresIn: process.env.ACCESS_TOKEN_EXPIRY as any };
+    
+    // --- CRITICAL FIX: Create a clean payload copy ---
+    const cleanPayload = { ...payload };
+    delete cleanPayload.iat; // Remove "Issued At" claim
+    delete cleanPayload.exp; // Remove "Expiration" claim to allow options.expiresIn to work
+    // --- END FIX ---
+
+    return jwt.sign(cleanPayload, accessSecret, options);
+}
+
+export function signRefreshToken(payload: TokenPayload) {
+    const options: SignOptions = { expiresIn: process.env.REFRESH_TOKEN_EXPIRY as any };
+    
+    // --- CRITICAL FIX: Create a clean payload copy ---
+    const cleanPayload = { ...payload };
+    delete cleanPayload.iat; // Remove "Issued At" claim
+    delete cleanPayload.exp; // Remove "Expiration" claim to allow options.expiresIn to work
+    // --- END FIX ---
+
+    return jwt.sign(cleanPayload, refreshSecret, options);
+}
+
+export function verifyAccessToken(token: string): TokenPayload {
+    return jwt.verify(token, accessSecret) as TokenPayload;
+}
+
+export function verifyRefreshToken(token: string): TokenPayload {
+    return jwt.verify(token, refreshSecret) as TokenPayload;
+}