GitMetricsLab · abdey53 · Jul 30, 2025 · coderabbitai · Jul 30, 2025 · coderabbitai
diff --git a/backend/models/User.js b/backend/models/User.js
@@ -2,39 +2,44 @@ const mongoose = require("mongoose");
 const bcrypt = require("bcryptjs");
 
 const UserSchema = new mongoose.Schema({
-    username: {
-      type: String,
-      required: true,
-      unique: true,
-    },
-    email: {
-      type: String,
-      required: true,
-      unique: true,
-    },
-    password: {
-      type: String,
-      required: true,
-    },
-});
-
-UserSchema.pre('save', async function (next) {
+  username: {
+    type: String,
+    required: [true, "Username is required"],
+    unique: true,
+    trim: true,
+  },
+  email: {
+    type: String,
+    required: [true, "Email is required"],
+    unique: true,
+    trim: true,
+    lowercase: true,
+    match: [/.+\@.+\..+/, "Please enter a valid email address"],
+  },
+  password: {
+    type: String,
+    required: [true, "Password is required"],
+    minlength: [6, "Password must be at least 6 characters long"],
-    minlength: [6, "Password must be at least 6 characters long"],
+   password: {
+     type: String,
+     required: [true, "Password is required"],
+     minlength: [8, "Password must be at least 8 characters long"],
+     validate: {
+       validator: function(password) {
+         return /^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]/.test(password);
+       },
+       message: "Password must contain at least one uppercase letter, one lowercase letter, one number, and one special character"
+     }
+   },
-    minlength: [6, "Password must be at least 6 characters long"],
+   password: {
+     type: String,
+     required: [true, "Password is required"],
+     minlength: [8, "Password must be at least 8 characters long"],
+     validate: {
+       validator: function(password) {
+         return /^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]/.test(password);
+       },
+       message: "Password must contain at least one uppercase letter, one lowercase letter, one number, and one special character"
+     }
+   },
+  },
+}, { timestamps: true });
 
-    if (!this.isModified('password'))
-        return next();
+// Pre-save password hash
+UserSchema.pre("save", async function (next) {
+  if (!this.isModified("password")) return next();
 
-    try {
-      const salt = await bcrypt.genSalt(10);
-      this.password = await bcrypt.hash(this.password, salt);
-      next();
-    } catch (err) {
-      return next(err);
-    }
+  try {
+    const salt = await bcrypt.genSalt(10);
+    this.password = await bcrypt.hash(this.password, salt);
+    return next();
+  } catch (err) {
+    console.error("Password Hashing Error:", err.message);
+    return next(err);
+  }
 });
 
 // Compare passwords during login
 UserSchema.methods.comparePassword = async function (enteredPassword) {
-    return await bcrypt.compare(enteredPassword, this.password);
+  return await bcrypt.compare(enteredPassword, this.password);
 };
 
 module.exports = mongoose.model("User", UserSchema);
diff --git a/backend/routes/auth.js b/backend/routes/auth.js
@@ -5,37 +5,60 @@ const router = express.Router();
 
 // Signup route
 router.post("/signup", async (req, res) => {
-
-    const { username,  email, password } = req.body;
+    const { username, email, password } = req.body;
-    const { username, email, password } = req.body;
+router.post("/signup", async (req, res) => {
+    const { username, email, password } = req.body;
+
+    // Validate required fields
+    if (!username || !email || !password) {
+        return res.status(400).json({ message: 'All fields are required' });
+    }
+
+    try {
+        // … existing signup logic …
+    } catch (err) {
+        // … existing error handling …
+    }
+});
-    const { username, email, password } = req.body;
+router.post("/signup", async (req, res) => {
+    const { username, email, password } = req.body;
+
+    // Validate required fields
+    if (!username || !email || !password) {
+        return res.status(400).json({ message: 'All fields are required' });
+    }
+
+    try {
+        // … existing signup logic …
+    } catch (err) {
+        // … existing error handling …
+    }
+});
 
     try {
-        const existingUser = await User.findOne( {email} );
+        const existingUser = await User.findOne({ email });
 
-        if (existingUser)
-            return res.status(400).json( {message: 'User already exists'} );
+        if (existingUser) {
+            return res.status(400).json({ message: 'User already exists' });
+        }
 
-        const newUser = new User( {username, email, password} );
+        const newUser = new User({ username, email, password });
         await newUser.save();
-        res.status(201).json( {message: 'User created successfully'} );
+
+        return res.status(201).json({ message: 'User created successfully' });
     } catch (err) {
-        res.status(500).json({ message: 'Error creating user', error: err.message });
+        console.error("Signup Error:", err.message);
+        return res.status(500).json({
+            message: 'Error creating user',
+            error: err.message
+        });
     }
-        console.error("Signup Error:", err.message);
-        return res.status(500).json({
-            message: 'Error creating user',
-            error: err.message
-        });
-    }
+     } catch (err) {
+         console.error("Signup Error:", err.message);
+         return res.status(500).json({
+             message: 'Error creating user'
+         });
+     }
-        console.error("Signup Error:", err.message);
-        return res.status(500).json({
-            message: 'Error creating user',
-            error: err.message
-        });
-    }
+     } catch (err) {
+         console.error("Signup Error:", err.message);
+         return res.status(500).json({
+             message: 'Error creating user'
+         });
+     }
 });
 
 // Login route
-router.post("/login", passport.authenticate('local'), (req, res) => {
-    res.status(200).json( { message: 'Login successful', user: req.user } );
+router.post("/login", (req, res, next) => {
+    passport.authenticate('local', (err, user, info) => {
+        if (err) {
+            console.error("Login Error:", err.message);
+            return res.status(500).json({ message: 'Internal Server Error', error: err.message });
+        }
+
+        if (!user) {
+            return res.status(401).json({ message: 'Invalid credentials', error: info?.message || 'Authentication failed' });
+        }
+
+        req.logIn(user, (err) => {
+            if (err) {
+                console.error("Session Error:", err.message);
+                return res.status(500).json({ message: 'Login failed', error: err.message });
+            }
+
+            return res.status(200).json({ message: 'Login successful', user });
-            return res.status(200).json({ message: 'Login successful', user });
+            return res.status(200).json({ 
+                message: 'Login successful', 
+                user: { id: user._id, username: user.username, email: user.email }
+            });
-            return res.status(200).json({ message: 'Login successful', user });
+            return res.status(200).json({ 
+                message: 'Login successful', 
+                user: { id: user._id, username: user.username, email: user.email }
+            });
+        });
+    })(req, res, next);
 });
 
 // Logout route
 router.get("/logout", (req, res) => {
-
     req.logout((err) => {
-
-        if (err)
+        if (err) {
+            console.error("Logout Error:", err.message);
             return res.status(500).json({ message: 'Logout failed', error: err.message });
-        else
-            res.status(200).json({ message: 'Logged out successfully' });
+        }
+
+        return res.status(200).json({ message: 'Logged out successfully' });
     });
 });
 

diff --git a/backend/server.js b/backend/server.js
@@ -11,29 +11,51 @@ require('./config/passportConfig');
 
 const app = express();
 
-// CORS configuration
-app.use(cors('*'));
+// ✅ CORS configuration (recommended)
+app.use(cors({
+    origin: '*', // You can replace * with specific domains in production
+    credentials: true,
+}));
-app.use(cors({
-    origin: '*', // You can replace * with specific domains in production
-    credentials: true,
-}));
+app.use(cors({
+    origin: process.env.ALLOWED_ORIGINS?.split(',') || ['http://localhost:3000'],
+    credentials: true,
+}));
-app.use(cors({
-    origin: '*', // You can replace * with specific domains in production
-    credentials: true,
-}));
+app.use(cors({
+    origin: process.env.ALLOWED_ORIGINS?.split(',') || ['http://localhost:3000'],
+    credentials: true,
+}));
 
-// Middleware
+// ✅ Middleware
 app.use(bodyParser.json());
+
 app.use(session({
     secret: process.env.SESSION_SECRET,
     resave: false,
     saveUninitialized: false,
 }));
+
 app.use(passport.initialize());
 app.use(passport.session());
 
-// Routes
+// ✅ Routes
 const authRoutes = require('./routes/auth');
 app.use('/api/auth', authRoutes);
 
-// Connect to MongoDB
-mongoose.connect(process.env.MONGO_URI, {}).then(() => {
-    console.log('Connected to MongoDB');
-    app.listen(process.env.PORT, () => {
-        console.log(`Server running on port ${process.env.PORT}`);
+// ✅ Fallback route for 404 Not Found
+app.use((req, res, next) => {
+    res.status(404).json({ message: 'Route not found' });
+});
+
+// ✅ Global error-handling middleware
+app.use((err, req, res, next) => {
+    console.error('Unhandled Error:', err.stack);
+    res.status(err.status || 500).json({
+        message: err.message || 'Internal Server Error',
+        error: process.env.NODE_ENV === 'production' ? undefined : err.stack,
     });
-}).catch((err) => {
-    console.log('MongoDB connection error:', err);
 });
+
+// ✅ Connect to MongoDB and start server
+mongoose.connect(process.env.MONGO_URI, {})
+    .then(() => {
+        console.log('Connected to MongoDB');
+        app.listen(process.env.PORT, () => {
+            console.log(`Server running on port ${process.env.PORT}`);
+        });
+    })
+    .catch((err) => {
+        console.error('MongoDB connection error:', err);
+        process.exit(1); // exit the process on DB failure
+    });