GitMetricsLab
diff --git a/‎SECURITY.md‎
Lines changed: 0 additions & 120 deletions b/‎SECURITY.md‎
Lines changed: 0 additions & 120 deletions
diff --git a/‎backend/.env.example‎
Lines changed: 0 additions & 14 deletions b/‎backend/.env.example‎
Lines changed: 0 additions & 14 deletions
diff --git a/‎backend/config/passportConfig.js‎
Lines changed: 3 additions & 7 deletions b/‎backend/config/passportConfig.js‎
Lines changed: 3 additions & 7 deletions
diff --git a/‎backend/models/User.js‎
Lines changed: 3 additions & 9 deletions b/‎backend/models/User.js‎
Lines changed: 3 additions & 9 deletions
diff --git a/‎backend/routes/auth.js‎
Lines changed: 0 additions & 18 deletions b/‎backend/routes/auth.js‎
Lines changed: 0 additions & 18 deletions
diff --git a/‎backend/server.js‎
Lines changed: 3 additions & 9 deletions b/‎backend/server.js‎
Lines changed: 3 additions & 9 deletions
diff --git a/‎backend/validators/authValidator.js‎
Lines changed: 3 additions & 3 deletions b/‎backend/validators/authValidator.js‎
Lines changed: 3 additions & 3 deletions
@@ -7,7 +7,7 @@ passport.use(
         { usernameField: "email" },
         async (email, password, done) => {
             try {
-                const user = await User.findOne( {email} ).select("+password");;
+                const user = await User.findOne( {email} );
                 if (!user) {
                     return done(null, false, { message: 'Email is invalid '});
                 }
@@ -20,8 +20,7 @@ passport.use(
                 return done(null, {
                     id : user._id.toString(),
                     username: user.username,
-                    email: user.email,
-                    token: user.token
+                    email: user.email
                 });
             } catch (err) {
                 return done(err);
@@ -39,10 +38,7 @@ passport.serializeUser((user, done) => {
 passport.deserializeUser(async (id, done) => {
     try {
         const user = await User.findById(id);
-        if (!user) {
-            return done(null, false);
-        }
-        done(null,user);
+        done(null, user);
     } catch (err) {
         done(err, null);
     }
 
@@ -16,16 +16,11 @@ const UserSchema = new mongoose.Schema({
     type: String,
     required: true,
   },
-  token: {
-    type: String,
-    unique: true,
-    sparse: true,
-  },
 });
 
 // ✅ FIXED: no next()
-UserSchema.pre("save", async function () {
-  if (!this.isModified("password")) return;
+UserSchema.pre('save', async function () {
+  if (!this.isModified('password')) return;
 
   const salt = await bcrypt.genSalt(10);
   this.password = await bcrypt.hash(this.password, salt);
@@ -36,5 +31,4 @@ UserSchema.methods.comparePassword = async function (enteredPassword) {
   return bcrypt.compare(enteredPassword, this.password);
 };
 
-module.exports = mongoose.model("User", UserSchema);
-
+module.exports = mongoose.model("User", UserSchema);
@@ -35,24 +35,6 @@ router.post("/login", validateRequest(loginSchema), passport.authenticate('local
     res.status(200).json( { message: 'Login successful', user: req.user } );
 });
 
-// Save GitHub token route
-router.post("/token", async (req, res) => {
-    if (!req.isAuthenticated()) {
-        return res.status(401).json({ message: 'Not authenticated' });
-    }
-    const { token } = req.body;
-    if (!token) {
-        return res.status(400).json({ message: 'Token is required' });
-    }
-    try {
-        await User.findByIdAndUpdate(req.user._id, { token });
-        req.user.token = token;
-        res.status(200).json({ success: true, message: 'Token saved successfully' });
-    } catch (err) {
-        res.status(500).json({ message: 'Error saving token', error: err.message });
-    }
-});
-
 // Logout route
 router.get("/logout", (req, res) => {
 
 
@@ -13,19 +13,13 @@ const logger = require('./logger');
 
 const app = express();
 
-// CORS configuration — allowed origins are read from the ALLOWED_ORIGINS env var
-// (comma-separated). Falls back to localhost for local development.
-const parsedOrigins = process.env.ALLOWED_ORIGINS
-    ? process.env.ALLOWED_ORIGINS.split(',').map(origin => origin.trim()).filter(Boolean)
-    : [];
-const allowedOrigins = parsedOrigins.length > 0 ? parsedOrigins : ['http://localhost:5173'];
-
+// CORS configuration
+const allowedOrigins = ['http://localhost:5173', 'https://github-spy.etlify.app'];
 app.use(cors({
     origin: function (origin, callback) {
-        // Allow requests with no origin (e.g. server-to-server, curl, mobile apps)
         if (!origin || allowedOrigins.indexOf(origin) !== -1) {
             callback(null, true);
-        } else {
+        } else{
             callback(new Error('Blocked by CORS policy'));
         }
     },
 
@@ -6,8 +6,8 @@ const signupSchema = z.object({
         .min(3, "Username must be at least 3 characters long")
         .max(30, "Username must be at most 30 characters long")
         .regex(/^[a-zA-Z0-9_]+$/, "Username can only contain letters, numbers, and underscores")
-    ,
-
+        ,
+    
     email: z.string()
         .trim()
         .toLowerCase()
@@ -18,7 +18,7 @@ const signupSchema = z.object({
         .min(8, "Password must be at least 8 characters long")
         .max(100, "Password must be at most 100 characters long")
         .regex(
-            /^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]{8,}+$/,
+            /^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]+$/,
             'Password must contain uppercase, lowercase, number, and special character'
         ),
 });