Merge branch 'main' into fix-filter-persistence

Author: surjeetkumar8006

.env.example

@@ -7,12 +7,12 @@ WORKDIR /app
 # Copy package.json
 COPY package.json .
 
-# Install production dependencies using Yarn
-RUN npm install --production
+# Install dependencies (dev deps needed for the build step)
+RUN npm install
 # Copy the rest of the application files
 COPY . .
 
-# Build the frontend using Yarn
+# Build the frontend
 RUN npm run build
 
 # Stage 2: Serve the application with Nginx

Dockerfile.prod

@@ -0,0 +1,17 @@
+const { createLogger, format, transports } = require('winston');
+const { combine, timestamp, printf, colorize, errors } = format;
+
+const logFormat = printf(({ level, message, timestamp, stack }) => {
+  const stackTrace = stack ? `\n${stack}` : '';
+  return `${timestamp} ${level}: ${message}${stackTrace}`;
+});
+
+const logger = createLogger({
+  level: process.env.LOG_LEVEL || (process.env.NODE_ENV === 'production' ? 'info' : 'debug'),
+  format: combine(errors({ stack: true }), timestamp(), logFormat),
+  transports: [
+    new transports.Console({ format: combine(errors({ stack: true }), colorize(), timestamp(), logFormat) }),
+  ],
+});
+
+module.exports = logger;

backend/.env.sample

@@ -2,39 +2,33 @@ const mongoose = require("mongoose");
 const bcrypt = require("bcryptjs");
 
 const UserSchema = new mongoose.Schema({
-    username: {
-      type: String,
-      required: true,
-      unique: true,
-    },
-    email: {
-      type: String,
-      required: true,
-      unique: true,
-    },
-    password: {
-      type: String,
-      required: true,
-    },
+  username: {
+    type: String,
+    required: true,
+    unique: true,
+  },
+  email: {
+    type: String,
+    required: true,
+    unique: true,
+  },
+  password: {
+    type: String,
+    required: true,
+  },
 });
 
-UserSchema.pre('save', async function (next) {
+// ✅ FIXED: no next()
+UserSchema.pre('save', async function () {
+  if (!this.isModified('password')) return;
 
-    if (!this.isModified('password'))
-        return next();
-
-    try {
-      const salt = await bcrypt.genSalt(10);
-      this.password = await bcrypt.hash(this.password, salt);
-      next();
-    } catch (err) {
-      return next(err);
-    }
+  const salt = await bcrypt.genSalt(10);
+  this.password = await bcrypt.hash(this.password, salt);
 });
 
-// Compare passwords during login
+// ✅ password comparison
 UserSchema.methods.comparePassword = async function (enteredPassword) {
-    return await bcrypt.compare(enteredPassword, this.password);
+  return bcrypt.compare(enteredPassword, this.password);
 };
 
-module.exports = mongoose.model("User", UserSchema);
+module.exports = mongoose.model("User", UserSchema);

backend/logger.js

@@ -5,7 +5,7 @@
   "scripts": {
     "dev": "nodemon server.js",
     "start": "node server.js",
-    "test": "echo \"Error: no test specified\" && exit 1"
+    "test": "jasmine spec/**/*.spec.cjs"
   },
   "keywords": [],
   "author": "",
@@ -20,7 +20,9 @@
     "express-session": "^1.18.1",
     "mongoose": "^8.8.2",
     "passport": "^0.7.0",
-    "passport-local": "^1.0.0"
+    "passport-local": "^1.0.0",
+    "winston": "^3.19.0",
+    "zod": "^4.4.3"
   },
   "devDependencies": {
     "nodemon": "^3.1.9"

backend/models/User.js

@@ -1,29 +1,37 @@
 const express = require("express");
 const passport = require("passport");
 const User = require("../models/User");
+const { signupSchema, loginSchema } = require("../validators/authValidator");
+const { validateRequest } = require("../validators/validationRequest");
 const router = express.Router();
 
 // Signup route
-router.post("/signup", async (req, res) => {
+router.post("/signup", validateRequest(signupSchema), async (req, res) => {
 
     const { username,  email, password } = req.body;
 
     try {
-        const existingUser = await User.findOne( {email} );
+        const existingUser = await User.findOne({
+            $or: [{ email }, { username }],
+        });
 
         if (existingUser)
-            return res.status(400).json( {message: 'User already exists'} );
+            return res.status(400).json({ message: 'User already exists' });
 
-        const newUser = new User( {username, email, password} );
+        const newUser = new User({ username, email, password });
         await newUser.save();
-        res.status(201).json( {message: 'User created successfully'} );
+        res.status(201).json({ message: 'User created successfully' });
     } catch (err) {
+        if (err && err.code === 11000) {
+            return res.status(400).json({ message: 'User already exists' });
+        }
+
         res.status(500).json({ message: 'Error creating user', error: err.message });
     }
 });
 
 // Login route
-router.post("/login", passport.authenticate('local'), (req, res) => {
+router.post("/login", validateRequest(loginSchema), passport.authenticate('local'), (req, res) => {
     res.status(200).json( { message: 'Login successful', user: req.user } );
 });
 

backend/package.json

@@ -9,6 +9,8 @@ const cors = require('cors');
 // Passport configuration
 require('./config/passportConfig');
 
+const logger = require('./logger');
+
 const app = express();
 
 // CORS configuration
@@ -30,10 +32,10 @@ app.use('/api/auth', authRoutes);
 
 // Connect to MongoDB
 mongoose.connect(process.env.MONGO_URI, {}).then(() => {
-    console.log('Connected to MongoDB');
+    logger.info('Connected to MongoDB');
     app.listen(process.env.PORT, () => {
-        console.log(`Server running on port ${process.env.PORT}`);
+        logger.info(`Server running on port ${process.env.PORT}`);
     });
 }).catch((err) => {
-    console.log('MongoDB connection error:', err);
+    logger.error('MongoDB connection error', err);
 });

backend/routes/auth.js

@@ -0,0 +1,38 @@
+const { z } = require("zod");
+
+const signupSchema = z.object({
+    username: z.string()
+        .trim()
+        .min(3, "Username must be at least 3 characters long")
+        .max(30, "Username must be at most 30 characters long")
+        .regex(/^[a-zA-Z0-9_]+$/, "Username can only contain letters, numbers, and underscores")
+        ,
+    
+    email: z.string()
+        .trim()
+        .toLowerCase()
+        .email("Invalid email address"),
+
+
+    password: z.string()
+        .min(8, "Password must be at least 8 characters long")
+        .max(100, "Password must be at most 100 characters long")
+        .regex(
+            /^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]+$/,
+            'Password must contain uppercase, lowercase, number, and special character'
+        ),
+});
+
+
+const loginSchema = z.object({
+    email: z.string()
+        .trim()
+        .toLowerCase()
+        .email("Invalid email address"),
+    password: z.string()
+        .min(8, "Password must be at least 8 characters long")
+        .max(100, "Password must be at most 100 characters long")
+});
+
+
+module.exports = { signupSchema, loginSchema };

backend/server.js

@@ -0,0 +1,20 @@
+const validateRequest = (schema) => (req, res, next) => {
+    const result = schema.safeParse(req.body);
+
+    if(!result.success) {
+        return res.status(400).json({
+            success: false,
+            message: 'Validation failed',
+            errors: result.error.issues.map((err) => ({
+                field: err.path.join('.'),
+                message: err.message,
+            })),
+        });
+    }
+
+    req.validated = result.data;
+    req.body = result.data;
+    next();
+}
+
+module.exports = { validateRequest };