From f4bbad87668f5a115216084ace090dfcd40e37f3 Mon Sep 17 00:00:00 2001
From: joseph <yousufabdiaden@gmail.com>
Date: Sun, 14 Dec 2025 12:47:50 -0600
Subject: [PATCH] done

---
 middleware/auth.js | 36 ++++++++++++++++--
 routes/auth.js     | 92 ++++++++++++++++++++++++++++++++++++++++++++--
 2 files changed, 122 insertions(+), 6 deletions(-)

diff --git a/middleware/auth.js b/middleware/auth.js
index 7deb650..ec679ff 100644
--- a/middleware/auth.js
+++ b/middleware/auth.js
@@ -6,15 +6,45 @@ const JWT_SECRET = process.env.JWT_SECRET || "your-secret-key";
 export const authenticateToken = async (req, res, next) => {
   try {
     // TODO: Implement the authentication middleware
+
     // 1. Get the token from the request header
+    // Expected format: Authorization: Bearer <token>
+    const authHeader = req.headers["authorization"];
+    const token = authHeader ? authHeader.split(" ")[1] : null;
+
+    if (!token) {
+      return res.status(401).json({
+        success: false,
+        message: "Access token required",
+      });
+    }
+
     // 2. Verify the token
+    const decoded = jwt.verify(token, JWT_SECRET);
+
     // 3. Get the user from the database
+    const user = await prisma.user.findUnique({
+      where: { id: decoded.userId },
+      select: {
+        id: true,
+        name: true,
+        email: true,
+      },
+    });
+
     // 4. If the user doesn't exist, throw an error
+    if (!user) {
+      return res.status(401).json({
+        success: false,
+        message: "Invalid token - user not found",
+      });
+    }
+
     // 5. Attach the user to the request object
-    // 6. Call the next middleware
+    req.user = user;
 
-    
-    
+    // 6. Call the next middleware
+    next();
   } catch (error) {
     if (error.name === "JsonWebTokenError") {
       return res.status(401).json({
diff --git a/routes/auth.js b/routes/auth.js
index 7a78cfc..c2c3521 100644
--- a/routes/auth.js
+++ b/routes/auth.js
@@ -1,6 +1,7 @@
 import express from "express";
 import bcrypt from "bcryptjs";
 import jwt from "jsonwebtoken";
+
 import prisma from "../lib/prisma.js";
 import { authenticateToken } from "../middleware/auth.js";
 
@@ -12,14 +13,56 @@ router.post("/register", async (req, res) => {
   try {
     // TODO: Implement the registration logic
     // 1. Validate the input
+           const { name, email, password } = req.body;
+           console.log(req.body)
+
+    if (!name || !email || !password) { 
+      return res.status(400).json({
+        status: "failed",
+        message: "You are missing required fields",
+      });
+    }    
+
     // 2. Check if the user already exists
+ const alreadyExist = await prisma.user.findUnique({
+      where: { email: email },
+    });
+
+    if (alreadyExist) {
+      return res.status(400).json({
+        status: "failed",
+        message: "This user already exists in the database",
+      });
+    }
+
+
     // 3. Hash the password
+     const hashedPassword = await bcrypt.hash(password, 10);
+
+
     // 4. Create the user
-    // 5. Generate a JWT token
-    // 6. Return the user data and token
+     const newUser = await prisma.user.create({
+      data: {
+        name,
+        email,
+        password: hashedPassword,
+      },
+      select: {
+        id: true,
+        name: true,
+        email: true,
+      },
+    });
 
 
 
+    // 6. Return the user data and token
+    res.status(201).json({
+      status: "success",
+      message: "User registered successfully",
+      user: newUser,
+    });
+
   } catch (error) {
     console.error("Registration error:", error);
     res.status(500).json({
@@ -35,10 +78,53 @@ router.post("/login", async (req, res) => {
   try {
     // TODO: Implement the login logic
     // 1. Validate the input
+      const { email, password } = req.body;
+
+    if (!email || !password) {
+      return res.status(400).json({
+        status: "failed",
+        message: "Missing email or password",
+      });
+    }
     // 2. Check if the user exists
+     const user = await prisma.user.findUnique({
+      where: { email },
+    });
+
+    if (!user) {
+      return res.status(400).json({
+        status: "failed",
+        message: "Email does not exist",
+      });
+    }
+
     // 3. Compare the password
+      const isPasswordCorrect = await bcrypt.compare(password, user.password);
+
+    if (!isPasswordCorrect) {
+      return res.status(401).json({
+        success: false,
+        message: "Your password is incorrect",
+      });
+    }
+
     // 4. Generate a JWT token
+  const token = jwt.sign(
+      { userId: user.id },
+      process.env.JWT_SECRET,
+      { expiresIn: "2h" }
+    );
+
+   
     // 5. Return the user data and token
+    return res.status(200).json({
+      status: "success",
+      message: "Login successful",
+      data: {
+        user: { id: user.id, name: user.name, email: user.email },
+        token,
+      },
+    });
     
     
   } catch (error) {
@@ -71,4 +157,4 @@ router.get("/me", authenticateToken, async (req, res) => {
   }
 });
 
-export default router;
+export default router;
\ No newline at end of file