From d9e65c89f4e7ee78fd50b081085a3975be27dd14 Mon Sep 17 00:00:00 2001 From: Anurag Bhoite Date: Mon, 23 Sep 2024 22:23:44 +0530 Subject: [PATCH] Added bcrypt , zod validation --- routes/user.js | 134 +++++++++++++++++++++++++++++++------------------ 1 file changed, 84 insertions(+), 50 deletions(-) diff --git a/routes/user.js b/routes/user.js index 30957a7..9c780df 100644 --- a/routes/user.js +++ b/routes/user.js @@ -1,77 +1,111 @@ -const { Router } = require("express"); +const express = require("express"); const { userModel, purchaseModel, courseModel } = require("../db"); const jwt = require("jsonwebtoken"); -const { JWT_USER_PASSWORD } = require("../config"); +const { JWT_USER_PASSWORD } = require("../config"); const { userMiddleware } = require("../middleware/user"); +const bcrypt = require("bcrypt"); // For hashing passwords +const { z } = require("zod"); // For validation -const userRouter = Router(); +const userRouter = express.Router(); -userRouter.post("/signup", async function(req, res) { - const { email, password, firstName, lastName } = req.body; // TODO: adding zod validation - // TODO: hash the password so plaintext pw is not stored in the DB +// Zod schema for validating user input +const signupSchema = z.object({ + email: z.string().email(), + password: z.string().min(6), // Adjust the minimum length as needed + firstName: z.string().min(1), + lastName: z.string().min(1), +}); - // TODO: Put inside a try catch block +userRouter.post("/signup", async function (req, res) { + try { + // Validate request body + const { email, password, firstName, lastName } = signupSchema.parse(req.body); + + // Hash the password + const hashedPassword = await bcrypt.hash(password, 10); + + // Create user in the database await userModel.create({ - email: email, - password: password, - firstName: firstName, - lastName: lastName - }) - + email, + password: hashedPassword, + firstName, + lastName, + }); + res.json({ - message: "Signup succeeded" - }) -}) + message: "Signup succeeded", + }); + } catch (error) { + console.error(error); + res.status(500).json({ + message: "An error occurred during signup", + }); + } +}); -userRouter.post("/signin",async function(req, res) { - const { email, password } = req.body; +userRouter.post("/signin", async function (req, res) { + try { + const { email, password } = req.body; - // TODO: ideally password should be hashed, and hence you cant compare the user provided password and the database password - const user = await userModel.findOne({ - email: email, - password: password - }); //[] + // Find user by email + const user = await userModel.findOne({ email }); - if (user) { - const token = jwt.sign({ - id: user._id, - }, JWT_USER_PASSWORD); + // Check if user exists and compare hashed passwords + if (user && (await bcrypt.compare(password, user.password))) { + const token = jwt.sign( + { + id: user._id, + }, + JWT_USER_PASSWORD + ); - // Do cookie logic + // Cookie logic can be added here - res.json({ - token: token - }) + res.json({ + token, + }); } else { - res.status(403).json({ - message: "Incorrect credentials" - }) + res.status(403).json({ + message: "Incorrect credentials", + }); } -}) + } catch (error) { + console.error(error); + res.status(500).json({ + message: "An error occurred during signin", + }); + } +}); -userRouter.get("/purchases", userMiddleware, async function(req, res) { +userRouter.get("/purchases", userMiddleware, async function (req, res) { + try { const userId = req.userId; + // Fetch purchases for the user const purchases = await purchaseModel.find({ - userId, + userId, }); - let purchasedCourseIds = []; - - for (let i = 0; i purchase.courseId); + // Fetch course data for the purchased course IDs const coursesData = await courseModel.find({ - _id: { $in: purchasedCourseIds } - }) + _id: { $in: purchasedCourseIds }, + }); res.json({ - purchases, - coursesData - }) -}) + purchases, + coursesData, + }); + } catch (error) { + console.error(error); + res.status(500).json({ + message: "An error occurred while fetching purchases", + }); + } +}); module.exports = { - userRouter: userRouter -} \ No newline at end of file + userRouter, +};