diff --git a/middleware/auth.js b/middleware/auth.js index 7deb650..a561f56 100644 --- a/middleware/auth.js +++ b/middleware/auth.js @@ -1,20 +1,42 @@ import jwt from "jsonwebtoken"; import prisma from "../lib/prisma.js"; -const JWT_SECRET = process.env.JWT_SECRET || "your-secret-key"; +const JWT_SECRET = process.env.JWT_SECRET || "mysecret"; export const authenticateToken = async (req, res, next) => { try { // TODO: Implement the authentication middleware // 1. Get the token from the request header + const authHeader = req.headers["authorization"]; + const token = authHeader && authHeader.split(" ")[1]; + if (!token) { + return res.status(401).json ({ + success: false, + message: "Access token required", + }); + } // 2. Verify the token + const decoded = jwt.verify(token, process.env.JWT_SECRET || "mysecret"); // 3. Get the user from the database + const user = await prisma.user.findUnique ({ + where : { id: decoded.userId}, + select: { + id: true, + name: true, + email: true, + }, + }); // 4. If the user doesn't exist, throw an error + if (!user){ + return res.status(401).json ({ + success: false, + message: "Invalid token- user not found", + }); + } // 5. Attach the user to the request object + req.user = user // 6. Call the next middleware - - - + next() } catch (error) { if (error.name === "JsonWebTokenError") { return res.status(401).json({ diff --git a/routes/auth.js b/routes/auth.js index 7a78cfc..df1cd88 100644 --- a/routes/auth.js +++ b/routes/auth.js @@ -11,15 +11,56 @@ const JWT_SECRET = process.env.JWT_SECRET || "your-secret-key"; router.post("/register", async (req, res) => { try { // TODO: Implement the registration logic + const { name, email, password } = req.body; // 1. Validate the input + if (!name || !email || !password) { + return res.status(400).json({ + success: false, + message: "Name, email, and password are required", + }); + } // 2. Check if the user already exists + const existingUser = await prisma.user.findUnique({ + where: { email }, + }); + if (existingUser) { + return res.status(400).json({ + success: false, + message: "Task with this email already exists", + }); + } // 3. Hash the password + const saltRounds = 10; + const hashedPassword = await bcrypt.hash(password, saltRounds); // 4. Create the user + const newUser = await prisma.user.create({ + data: { + name, + email, + password: hashedPassword, + }, + select: { + id: true, + name: true, + email: true, + createdAt: true, + }, + }); // 5. Generate a JWT token + const token = jwt.sign( + { userId: newUser.id, name: name, email: email }, + process.env.JWT_SECRET || "mysecret", + { expiresIn: "24h" } + ); // 6. Return the user data and token - - - + res.status(201).json({ + success: true, + message: "User Registered Successfully", + data: { + user: newUser, + token, + }, + }); } catch (error) { console.error("Registration error:", error); res.status(500).json({ @@ -34,13 +75,49 @@ router.post("/register", async (req, res) => { router.post("/login", async (req, res) => { try { // TODO: Implement the login logic + const {email, password} = req.body; // 1. Validate the input + if (!email || !password) { + return res.status(400).json({ + success:false, + message: "Email and Passowrd are required" + }) + } // 2. Check if the user exists + const user = await prisma.user.findUnique({ + where: {email}, + }); + if (!user){ + return res.status(401).json({ + success: false, + message: "Invalid email or Password" + + }); + } // 3. Compare the password + const isPasswordValid = await bcrypt.compare(password, user.password) + if (!isPasswordValid){ + return res.status(401).json ({ + success: false, + message: "Sorry, your password is wrong" + }) + } // 4. Generate a JWT token + const token = jwt.sign( + { userId: user.id, email: email }, + process.env.JWT_SECRET || "mysecret", + { expiresIn: "24h" } + ); // 5. Return the user data and token - - + const {password: _, ...userData} = user; + res.json ({ + success: true, + message: "Login successful", + data:{ + user: userData, + token, + }, + }); } catch (error) { console.error("Login error:", error); res.status(500).json({