feat(auth): add input validation for registration and login using Zod

Author: Shreyanshi210205

server/controllers/authController.js

@@ -1,13 +1,18 @@
 const bcrypt = require("bcrypt");
 const jwt = require("jsonwebtoken");
 const User = require("../models/User"); 
+const registerSchema = require("../validations/authValidate").registerSchema;
 
 const tokenBlacklist = [];
 
 const JWT_SECRET = process.env.JWT_SECRET || "your_jwt_secret";
 const JWT_EXPIRES_IN = "1h";
 
 exports.registerUser = async (req, res) => {
+    const validation = registerSchema.safeParse({ body: req.body });
+    if (!validation.success) {
+        return res.status(400).json({ message: "Invalid input", errors: validation.error.errors });
+    }
     try {
         console.log("Register body:", req.body);
         const { email, password } = req.body;
@@ -33,6 +38,10 @@ exports.registerUser = async (req, res) => {
 };
 
 exports.loginUser = async (req, res) => {
+    const validation = registerSchema.safeParse({ body: req.body });
+    if (!validation.success) {
+        return res.status(400).json({ message: "Invalid input", errors: validation.error.errors });
+    }
     try {
         console.log("Login body:", req.body);
         const { email, password } = req.body;

server/package-lock.json

@@ -18,7 +18,8 @@
     "jsonwebtoken": "^9.0.2",
     "mongodb": "^6.20.0",
     "mongoose": "^8.19.2",
-    "socket.io": "^4.8.1"
+    "socket.io": "^4.8.1",
+    "zod": "^4.1.12"
   },
   "devDependencies": {
     "nodemon": "^3.1.10"

server/package.json

@@ -0,0 +1,10 @@
+const zod = require("zod");
+
+const registerSchema = zod.object({
+    body: zod.object({
+        email: zod.string().email(),
+        password: zod.string().min(6).max(100),
+    })
+});
+
+module.exports = { registerSchema };