From c13f267154d73aab2abf663062ed237eb91b1d3e Mon Sep 17 00:00:00 2001 From: Hassan1290 Date: Tue, 19 Aug 2025 09:37:38 -0400 Subject: [PATCH] week_20 --- middleware/auth.js | 35 +++++++++++++-- routes/auth.js | 106 ++++++++++++++++++++++++++++++++++++++++++--- routes/tasks.js | 2 +- 3 files changed, 134 insertions(+), 9 deletions(-) diff --git a/middleware/auth.js b/middleware/auth.js index 7deb650..653478b 100644 --- a/middleware/auth.js +++ b/middleware/auth.js @@ -7,14 +7,43 @@ export const authenticateToken = async (req, res, next) => { try { // TODO: Implement the authentication middleware // 1. Get the token from the request header + const authHeader = req.headers["authorization"]; + const token = authHeader && authHeader.split(" ")[1]; + + //check the token + if (!token) { + return res.status(401).json({ + success: false, + message: "Access token required", + }); + } + // 2. Verify the token + const decoded = jwt.verify(token, process.env.JWT_SECRET || "mysecret"); + // 3. Get the user from the database + const user = await prisma.user.findUnique({ + where: { id: decoded.userId }, + select: { + id: true, + name: true, + email: true, + }, + }); + // 4. If the user doesn't exist, throw an error + if (!user) { + return res.status(401).json({ + success: false, + message: "Invalid token - user not found", + }); + } + // 5. Attach the user to the request object - // 6. Call the next middleware + req.user = user; - - + // 6. Call the next middleware + next(); } catch (error) { if (error.name === "JsonWebTokenError") { return res.status(401).json({ diff --git a/routes/auth.js b/routes/auth.js index 7a78cfc..c3bb700 100644 --- a/routes/auth.js +++ b/routes/auth.js @@ -11,15 +11,65 @@ const JWT_SECRET = process.env.JWT_SECRET || "your-secret-key"; router.post("/register", async (req, res) => { try { // TODO: Implement the registration logic + const { name, email, password } = req.body; + // 1. Validate the input + if (!name || !email || !password) { + return res.status(400).json({ + success: false, + message: "name, email, and password are required", + }); + } + // 2. Check if the user already exists + const existingUser = await prisma.user.findUnique({ + where: { email }, + }); + + if (existingUser) { + return res.status(400).json({ + success: false, + message: "User with this email already exists", + }); + } + // 3. Hash the password + const saltRound = 10; + const hashedPassword = await bcrypt.hash(password, saltRound); + // 4. Create the user - // 5. Generate a JWT token - // 6. Return the user data and token + const newUser = await prisma.user.create({ + data: { + name, + email, + password: hashedPassword, + }, + select: { + // id: true, + name: true, + email: true, + password: true, + createdAt: true, + }, + }); + // 5. Generate a JWT token + const token = jwt.sign( + { userId: newUser.id }, + process.env.JWT_SECRET || "mysecret", + { expiresIn: "24" } + ); + // 6. Return the user data and token + res.status(201).json({ + success: true, + message: "User registered successfully", + data: { + user: newUser, + token: token, + }, + }); } catch (error) { console.error("Registration error:", error); res.status(500).json({ @@ -33,14 +83,60 @@ router.post("/register", async (req, res) => { // POST /api/auth/login - Login user router.post("/login", async (req, res) => { try { - // TODO: Implement the login logic + // TODO: Implement th login logic + const { email, password } = req.body; + // 1. Validate the input + if(!email || !password) { + return res.status(400).json({ + success: false, + message: "Email and password are required" + }) + } + // 2. Check if the user exists + const user = await prisma.user.findUnique({ + where: { email } + }); + + if(!user) { + return res.status(401).json({ + success: false, + message: "Invalid email or password", + }); + } + // 3. Compare the password + const isUserPasswordValid = await bcrypt.compare(password, user.password) + + if(!isUserPasswordValid){ + return res.status(401).json({ + success: false, + message: "your password is wrong" + }) + } + // 4. Generate a JWT token + const token = jwt.sign( + { userId: user.id, email: email }, + process.env.JWT_SECRET || "mysecret", + { expiresIn: "24h"} + ) + + // return user info and token, but don't include password + const { password: _, ...userData} = user; + // 5. Return the user data and token - - + res.status(200).json({ + success: true, + message: "Loggin successful", + data: { + user: userData, + token, + } + }) + + } catch (error) { console.error("Login error:", error); res.status(500).json({ diff --git a/routes/tasks.js b/routes/tasks.js index dca9b03..d7867f3 100644 --- a/routes/tasks.js +++ b/routes/tasks.js @@ -22,7 +22,7 @@ router.use(authenticateToken); // This route handles GET requests to /api/tasks // req = request object (contains data sent by client) // res = response object (used to send data back to client) -router.get("/tasks", async (req, res) => { +router.get("/tasks", authenticateToken, async (req, res) => { try { const tasks = await getAllTasks(req.user.id);