From 6c0c6cf5c9675cb5cdd947b41cfe53efaac17ca1 Mon Sep 17 00:00:00 2001 From: Mohazmuhanad Date: Fri, 22 Aug 2025 23:24:35 +0300 Subject: [PATCH] done --- middleware/auth.js | 22 +++++++++++++++ routes/auth.js | 68 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 90 insertions(+) diff --git a/middleware/auth.js b/middleware/auth.js index 7deb650..903f70d 100644 --- a/middleware/auth.js +++ b/middleware/auth.js @@ -1,5 +1,6 @@ import jwt from "jsonwebtoken"; import prisma from "../lib/prisma.js"; +import { User } from "lucide-react"; const JWT_SECRET = process.env.JWT_SECRET || "your-secret-key"; @@ -7,11 +8,32 @@ export const authenticateToken = async (req, res, next) => { try { // TODO: Implement the authentication middleware // 1. Get the token from the request header + const authHeader=req.headers["authorization"]; + + const token = authHeader && authHeader.split("")[1]; + + if(!token) { + return res.status(401).json({ + success:false, + message:"Access token required", + }); + } // 2. Verify the token + const decoded = jwt.verify(token, process.env.JWT_SECRET || "ttdtdtgulgytfdsassdfgkliop" ); // 3. Get the user from the database + const user= await User.FindById(decoded.id); + // 4. If the user doesn't exist, throw an error + if(!user) { + return res.status(404).json({ + success:false, + message:"User not found", + }); + } // 5. Attach the user to the request object + req.task = decoded; // 6. Call the next middleware + next(); diff --git a/routes/auth.js b/routes/auth.js index 7a78cfc..2249bd4 100644 --- a/routes/auth.js +++ b/routes/auth.js @@ -17,8 +17,43 @@ router.post("/register", async (req, res) => { // 4. Create the user // 5. Generate a JWT token // 6. Return the user data and token + +// 1. Validate input + if (!name || !email || !password) { + return res.status(400).json({ success: false, message: "All fields are required" }); + } + // 2. Check if the user already exists + const existingUser = await User.findOne({ email }); + if (existingUser) { + return res.status(400).json({ success: false, message: "User already exists" }); + } + + // 3. Hash the password + const salt = await bcrypt.genSalt(10); + const hashedPassword = await bcrypt.hash(password, salt); + + // 4. Create the user + const user = await User.create({ + name, + email, + password: hashedPassword, + }); + // 5. Generate a JWT token + const token = jwt.sign({ id: user._id }, process.env.JWT_SECRET, { expiresIn: "1h" }); + + // 6. Return the user data and token + res.status(201).json({ + success: true, + message: "User registered successfully", + user: { + id: user._id, + name: user.name, + email: user.email, + }, + token, + }); } catch (error) { console.error("Registration error:", error); @@ -39,6 +74,39 @@ router.post("/login", async (req, res) => { // 3. Compare the password // 4. Generate a JWT token // 5. Return the user data and token +// 1. Validate input + if (!email || !password) { + return res.status(400).json({ success: false, message: "All fields are required" }); + } + + // 2. Check if user exists + const user = await User.findOne({ email }); + if (!user) { + return res.status(400).json({ success: false, message: "Invalid credentials" }); + } + + // 3. Compare password + const isMatch = await bcrypt.compare(password, user.password); + if (!isMatch) { + return res.status(400).json({ success: false, message: "Invalid credentials" }); + } + + // 4. Generate JWT token + const token = jwt.sign({ id: user._id }, process.env.JWT_SECRET, { expiresIn: "1h" }); + + // 5. Return user data and token + res.status(200).json({ + success: true, + message: "Login successful", + user: { + id: user._id, + name: user.name, + email: user.email, + }, + token, + }); + + } catch (error) {