OpenLake · codewkaushik404 · Jan 29, 2026 · Jan 29, 2026 · Jan 29, 2026 · Jan 29, 2026
diff --git a/.husky/pre-commit b/.husky/pre-commit
@@ -1,4 +1,4 @@
 #!/usr/bin/env sh
 . "$(dirname -- "$0")/_/husky.sh"
 
-cd frontend && npx lint-staged && cd ../backend && npx lint-staged
+npx lint-staged
diff --git a/backend/db.js → backend/config/db.js b/backend/db.js → backend/config/db.js
@@ -5,10 +5,8 @@ dotenv.config();
 const connectDB = async () => {
   try {
     const ConnectDB = process.env.MONGODB_URI;
-    await mongoose.connect(ConnectDB, {
-      useNewUrlParser: true,
-      useUnifiedTopology: true,
-    });
+    //Removing the options as they are no longer needed from mongoose6+
+    await mongoose.connect(ConnectDB);
     console.log("MongoDB Connected");
   } catch (error) {
     console.error("MongoDB Connection Error:", error);

diff --git a/backend/config/passportConfig.js b/backend/config/passportConfig.js
@@ -0,0 +1,116 @@
+const passport = require("passport");
+const GoogleStrategy = require("passport-google-oauth20").Strategy;
+const LocalStrategy = require("passport-local").Strategy;
+const isIITBhilaiEmail = require("../utils/isIITBhilaiEmail");
+const User = require("../models/userSchema");
+const { loginValidate } = require("../utils/authValidate");
+const bcrypt = require("bcrypt");
+// Google OAuth Strategy
+passport.use(
+  new GoogleStrategy(
+    {
+      clientID: process.env.GOOGLE_CLIENT_ID,
+      clientSecret: process.env.GOOGLE_CLIENT_SECRET,
+      callbackURL: `${process.env.BACKEND_URL}/auth/google/verify`, // Update with your callback URL
+    },
+    async (accessToken, refreshToken, profile, done) => {
+      // Check if the user already exists in your database
+      const email = profile.emails?.[0]?.value;  
+      if (!email) {  
+        //console.log("No email found in Google profile");
+        return done(null, false, { message: "Email not available from Google." });  
+      }  
+
+      if (!isIITBhilaiEmail(profile.emails[0].value)) {
+        console.log("Google OAuth blocked for: ", profile.emails[0].value);
+        return done(null, false, {
+          message: "Only @iitbhilai.ac.in emails are allowed.",
+        });
+      }  
+      try {
+        const user = await User.findOne({ username: email });
+        //console.log("Looking for existing user with email:", email, "Found:", !!user);
+
+        if (user) {
+          // If user exists, return the user
+          //console.log("Returning existing user:", user.username);
+          return done(null, user);
+        }
+        // If user doesn't exist, create a new user in your database
+        const newUser = await User.create({
+          username: email,
+          role: "STUDENT",
+          strategy: "google",
+          personal_info: {
+            name: profile.displayName || "No Name",
+            email: email,
+            profilePic:
+              profile.photos && profile.photos.length > 0
+                ? profile.photos[0].value
+                : "https://www.gravatar.com/avatar/?d=mp",
+          },
+          onboardingComplete: false,
+        });
+        //console.log("User is",newUser);
+        return done(null, newUser);
+      } catch (error) {
+        console.error("Error in Google strategy:", error);
+        return done(error);
+      }
+    },
+  ),
+);
+
+//Local Strategy
+passport.use(new LocalStrategy(async (username, password, done) => {
+
+  const result = loginValidate.safeParse({ username, password });
+
+  if (!result.success) {
+    let errors = result.error.issues.map((issue) => issue.message);
+    return done(null, false, {message: errors});
+  }
+
+  try{
+
+      const user = await User.findOne({ username });
+      if (!user) {
+        return done(null, false, {message: "Invalid user credentials"});
+      }
+
+
+      if (user.strategy !== "local" || !user.password) {
+          return done(null, false, { message: "Invalid login method" });
+      }
+
+      const isValid = await bcrypt.compare(password, user.password);
+      if (!isValid) {
+        return done(null, false, { message: "Invalid user credentials" });
+      }
+      return done(null, user);
+  }catch(err){
+    return done(err);
+  }
+
+}));
+
+
+//When login succeeds this will run 
+// serialize basically converts user obj into a format that can be transmitted(like a string, etc...)
+// here take user obj and done callback and store only userId in session 
+passport.serializeUser((user, done) => {
+  done(null, user._id.toString());
+});
+
+//When a request comes in, take the stored id, fetch full user from DB, and attach it to req.user.
+passport.deserializeUser(async (id, done) => {
+  try {
+    let user = await User.findById(id);
+    if(!user) return done(null, false);
+    done(null, user);
+  } catch (err) {
+    done(err, null);
+  }
+});
+
+module.exports = passport;
diff --git a/backend/controllers/analyticsController.js b/backend/controllers/analyticsController.js
@@ -1,7 +1,13 @@
-const {User, Achievement, UserSkill, Event, Position, PositionHolder,OrganizationalUnit}=require('../models/schema');
 const mongoose = require("mongoose");
 const getCurrentTenureRange = require('../utils/getTenureRange');
 
+const User = require("../models/userSchema"); 
+const Achievement = require("../models/achievementSchema"); 
+const Position = require("../models/positionSchema"); 
+const PositionHolder = require("../models/positionHolderSchema"); 
+const OrganizationalUnit = require("../models/organizationSchema"); 
+const Event = require("../models/eventSchema"); 
+const { UserSkill } = require("../models/schema");
 
 exports.getPresidentAnalytics= async (req,res) => {
    try {

diff --git a/backend/controllers/certificateController.js b/backend/controllers/certificateController.js
@@ -0,0 +1,158 @@
+
+const User = require("../models/userSchema"); 
+const Position = require("../models/positionSchema"); 
+const PositionHolder = require("../models/positionHolderSchema"); 
+const OrganizationalUnit = require("../models/organizationSchema"); 
+const { CertificateBatch } = require("../models/certificateSchema");
+const { validateBatchSchema, zodObjectId } = require("../utils/batchValidate");
+
+async function createBatch(req, res) {
+  //console.log(req.user);
+  try{
+    const id = req.user.id;
+    const user = await User.findById(id);
+    if (!user) {
+      return res.status(404).json({ messge: "Invalid data (User not found)" });
+    }
+
+    if (user.role !== "CLUB_COORDINATOR") {
+      return res.status(403).json({ message: "Not authorized to perform the task" });
+    }
+
+    //to get user club
+    // positionHolders({user_id: id}) -> positions({_id: position_id}) -> organizationalUnit({_id: unit_id}) -> unit_id = "Club name"
+    const { title, unit_id, commonData, template_id, users } = req.body;
+    const validation = validateBatchSchema.safeParse({
+      title,
+      unit_id,
+      commonData,
+      template_id,
+      users,
+    });
+
+    if (!validation.success) {
+      let errors = validation.error.issues.map(issue => issue.message);
+      return res.status(400).json({ message: errors });
+    }
+
+    // Get coordinator's position and unit
+    const positionHolder = await PositionHolder.findOne({ user_id: id });
+    if (!positionHolder) {
+      return res.status(403).json({ message: "You are not part of any position in a unit" });
+    }
+
+    const position = await Position.findById(positionHolder.position_id);
+    console.log(position._id);
+    if (!position) {
+      return res.status(403).json({ message: "Your position is invalid" });
+    }
+
+    const userUnitId = position.unit_id.toString();
+    if (userUnitId !== unit_id) {
+      return res
+        .status(403)
+        .json({
+          message:
+            "You are not authorized to initiate batches outside of your club",
+        });
+    }
+
+    //const clubId = unit_id;
+    // Ensure unit_id is a Club
+    const unitObj = await OrganizationalUnit.findById(unit_id);
+    if (!unitObj || unitObj.type !== "Club") {
+      return res
+        .status(403)
+        .json({ message: "Invalid Data: unit is not a Club" });
+    }
+    //console.log(unitObj._id);
+
+    // Get council (parent unit) and ensure it's a Council
+    if (!unitObj.parent_unit_id) {
+      return res
+        .status(403)
+        .json({ message: "Invalid Data: club does not belong to a council" });
+    }
+    //console.log(unitObj.parent_unit_id);
+
+    const councilObj = await OrganizationalUnit.findById(unitObj.parent_unit_id);
+    if (!councilObj || councilObj.type !== "Council") {
+      return res.status(403).json({ message: "Invalid Data: council not found" });
+    }
+
+    //const councilId = councilObj._id.toString();
+    const presidentOrgUnitId = councilObj.parent_unit_id;
+    const category = councilObj.category.toUpperCase();
+
+    // Resolve General Secretary and President for the council (server-side, tamper-proof)
+    const gensecObj = await User.findOne({ role: `GENSEC_${category}` });
+    if(!gensecObj){
+      return res.status(500).json({ message: "General Secretary not found" });  
+    }
+    //console.log(gensecObj._id);
+
+    const presidentPosition = await Position.findOne({
+      unit_id: presidentOrgUnitId,
+      title: /president/i,
+    });
+    if (!presidentPosition) {
+      return res
+        .status(500)
+        .json({ message: "President position not found for council" });
+    }
+    //console.log(presidentPosition._id);
+
+    const presidentHolder = await PositionHolder.findOne({
+      position_id: presidentPosition._id,
+    });
+    const presidentId = presidentHolder.user_id.toString();
+    //console.log(presidentId);
+    const presidentObj = await User.findById(presidentId);
+
+    console.log(presidentObj._id);
+    if (!presidentObj) {
+      return res.status(500).json({ message: "President not found" });
+    }
+
+    const approverIds = [gensecObj._id.toString(), presidentId];
+
+    const userChecks = await Promise.all(
+      users.map(async (uid) => {
+        const validation = zodObjectId.safeParse(uid);
+        if (!validation) {
+          return { uid, ok: false, reason: "Invalid ID" };
+        }
+
+        const userObj = await User.findById(uid);
+        if (!userObj) return { uid, ok: false, reason: "User not found" };
+
+        return { uid, ok: true };
+      }),
+    );
+
+    const invalidData = userChecks.filter((c) => !c.ok);
+    if (invalidData.length > 0) {
+      return res
+        .status(400)
+        .json({ message: "Invalid user data sent", details: invalidData });
+    }
+
+    const newBatch = await CertificateBatch.create({
+      title,
+      unit_id,
+      commonData,
+      templateId: template_id,
+      initiatedBy: id,
+      approverIds,
+      users,
+    });
+
+    res.json({ message: "New Batch created successfully", details: newBatch });
+  }catch(err){
+    res.status(500).json({message: err.message || "Internal server error"});
+  }
+}
+
+module.exports = {
+  createBatch,
+};
diff --git a/backend/controllers/dashboardController.js b/backend/controllers/dashboardController.js
@@ -1,14 +1,11 @@
 // controllers/dashboardController.js
-const {
-    Feedback,
-    Achievement,
-    UserSkill,
-    Skill,
-    Event,
-    PositionHolder,
-    Position,
-    OrganizationalUnit,
-} = require("../models/schema"); 
+const Feedback = require("../models/feedbackSchema"); 
+const Achievement = require("../models/achievementSchema"); 
+const Position = require("../models/positionSchema"); 
+const PositionHolder = require("../models/positionHolderSchema"); 
+const OrganizationalUnit = require("../models/organizationSchema"); 
+const Event = require("../models/eventSchema"); 
+const { UserSkill, Skill } = require("../models/schema");
 
 const ROLES = {
     PRESIDENT: "PRESIDENT",

diff --git a/backend/controllers/eventControllers.js b/backend/controllers/eventControllers.js
@@ -1,17 +1,20 @@
-const {Event} = require('../models/schema');
+const Event = require('../models/eventSchema');
 
 // fetch 4 most recently updated events
 exports.getLatestEvents = async (req, res) => {
     try{
         const latestEvents = await Event.find({})
          .sort({updated_at: -1})
          .limit(4)
-         .select('title updated_at schedule.venue status');
+         .select('title updatedAt schedule.venue status');
-        const latestEvents = await Event.find({})
-         .sort({updated_at: -1})
-         .limit(4)
-         .select('title updated_at schedule.venue status');
-         .select('title updatedAt schedule.venue status');
+        const latestEvents = await Event.find({})
+         .sort({updatedAt: -1})
+         .limit(4)
+         .select('title updatedAt schedule.venue status');
-        const latestEvents = await Event.find({})
-         .sort({updated_at: -1})
-         .limit(4)
-         .select('title updated_at schedule.venue status');
-         .select('title updatedAt schedule.venue status');
+        const latestEvents = await Event.find({})
+         .sort({updatedAt: -1})
+         .limit(4)
+         .select('title updatedAt schedule.venue status');
 
+         if(!latestEvents){
+            return res.status(404).json({message: "No events are created"});
+         }
-         if(!latestEvents){
-            return res.status(404).json({message: "No events are created"});
-         }
+         if(!latestEvents || latestEvents.length === 0){
+            return res.status(404).json({message: "No events are created"});
+         }
-         if(!latestEvents){
-            return res.status(404).json({message: "No events are created"});
-         }
+         if(!latestEvents || latestEvents.length === 0){
+            return res.status(404).json({message: "No events are created"});
+         }
          const formatedEvents =latestEvents.map(event=>({
             id: event._id,
             title: event.title,
-            date: event.updated_at.toLocaleDateString('en-US', { month: 'short', day: 'numeric' }),
+            date: event.updatedAt?.toLocaleDateString('en-US', { month: 'short', day: 'numeric' }),
             venue: (event.schedule && event.schedule.venue) ? event.schedule.venue : 'TBA',
             status: event.status || 'TBD'
          }))