Merge pull request #39 from youneedgreg/backend-auth-update

Update: Update Backend Auth Module for Signup Flow (Model, Controller, Validator, Types)

Author: abhishek-nexgen-dev

LocalMind-Backend/package.json

@@ -55,6 +55,7 @@
     "@types/mongoose": "^5.11.97",
     "@types/morgan": "^1.9.10",
     "argon2": "^0.44.0",
+    "bcrypt": "^5.1.1",
     "axios": "^1.12.2",
     "bcrypt": "^6.0.0",
     "chalk": "^5.6.2",

LocalMind-Backend/src/api/v1/user/__test__/user.test.ts

@@ -38,8 +38,10 @@ describe('User Registration Tests', () => {
     }
 
     try {
-      const res = await axios.post(`${env.BACKEND_URL}/user/register`, {
-        name: 'Test User',
+      const res = await axios.post(`${env.BACKEND_URL}/auth/signup`, {
+        firstName: 'Test User',
+        birthPlace: 'Test City',
+        location: 'Test Country',
         email: testEmail,
         password: 'Test@1234',
       })
@@ -70,8 +72,10 @@ describe('User Registration Tests', () => {
     }
 
     try {
-      const res = await axios.post(`${env.BACKEND_URL}/user/register`, {
-        name: 'Duplicate User',
+      const res = await axios.post(`${env.BACKEND_URL}/auth/signup`, {
+        firstName: 'Duplicate User',
+        birthPlace: 'Duplicate City',
+        location: 'Duplicate Country',
         email: testEmail,
         password: 'Test@1234',
       })
@@ -81,7 +85,7 @@ describe('User Registration Tests', () => {
       throw Error('Should not be able to register with existing email')
     } catch (error: any) {
       expect(error.response).toBeDefined()
-      expect(error.response.status).toBe(404)
+      expect(error.response.status).toBe(409)
       expect(error.response.data.message).toMatch(/already exists/i)
     }
   }, 10000)

LocalMind-Backend/src/api/v1/user/user.constant.ts

@@ -60,6 +60,12 @@ enum UserConstant {
   INVALID_INPUT = 'User is not available in request',
   INVALID_CREDENTIALS = 'Invalid credentials',
   NAME_REQUIRED = 'Name is required!',
+  FIRST_NAME_REQUIRED = 'First name is required',
+  BIRTH_PLACE_REQUIRED = 'Birth place is required',
+  LOCATION_REQUIRED = 'Location is required',
+  INVALID_ROLE = 'Invalid user role',
+  INVALID_PORTFOLIO_URL = 'Portfolio URL is invalid',
+  BIO_TOO_LONG = 'Bio exceeds the maximum allowed length',
 
   // ✅ DATABASE & SERVER ERRORS
 
@@ -84,3 +90,15 @@ enum UserConstant {
 }
 
 export default UserConstant
+
+export const AllowedUserRoles = ['user', 'admin', 'creator'] as const
+
+export const PasswordConfig = {
+  minLength: 8,
+  maxLength: 20,
+  saltRounds: 10,
+}
+
+export const BioConfig = {
+  maxLength: 500,
+}

LocalMind-Backend/src/api/v1/user/user.controller.ts

@@ -30,18 +30,17 @@ class UserController {
     try {
       const validatedData = await userRegisterSchema.parseAsync(req.body)
 
-      if (!req.body.password) {
-        throw new Error(UserConstant.PASSWORD_REQUIRED)
+      const existingUser = await UserUtils.findUserByEmail(validatedData.email)
+
+      if (existingUser) {
+        throw new Error(UserConstant.EMAIL_ALREADY_EXISTS)
       }
 
       const user = await userService.createUser(validatedData)
 
-      const userObj = {
-        id: user._id,
-        name: user.name,
-        email: user.email,
-        role: user.role,
-      }
+
+      const userObj = UserUtils.sanitizeUser(user)
+
 
       const token = UserUtils.generateToken({
         userId: String(user._id),
@@ -87,6 +86,10 @@ class UserController {
 
       SendResponse.success(res, UserConstant.LOGIN_USER_SUCCESS, { user, token }, StatusConstant.OK)
     } catch (err: any) {
+      if (err?.name === 'ZodError') {
+        SendResponse.error(res, err.message || UserConstant.INVALID_CREDENTIALS, 400, err)
+        return
+      }
       SendResponse.error(res, err.message || UserConstant.INVALID_CREDENTIALS, 401, err)
     }
   }
@@ -110,7 +113,6 @@ class UserController {
       }
 
       const userObj: Partial<IUser> = { ...user }
-      delete userObj.password
 
       SendResponse.success(res, UserConstant.USER_PROFILE_SUCCESS, userObj, 200)
     } catch (err: any) {

LocalMind-Backend/src/api/v1/user/user.middleware.ts

@@ -12,7 +12,7 @@ class UserMiddleware {
         throw new Error(UserConstant.TOKEN_MISSING)
       }
 
-      const decodedData: IUser | null = UserUtils.verifyToken(token)
+      const decodedData: Partial<IUser> | null = UserUtils.verifyToken(token)
 
       if (!decodedData) {
         throw new Error(UserConstant.INVALID_TOKEN)

LocalMind-Backend/src/api/v1/user/user.model.ts

@@ -1,17 +1,21 @@
 import mongoose, { Schema, Model } from 'mongoose'
 import { IUser } from './user.type'
+import { AllowedUserRoles } from './user.constant'
 
 const userSchema: Schema<IUser> = new Schema<IUser>(
   {
-    name: {
+    firstName: {
       type: String,
       required: true,
+      trim: true,
     },
     email: {
       type: String,
       required: true,
       unique: true,
       index: true,
+      lowercase: true,
+      trim: true,
     },
     password: {
       type: String,
@@ -20,8 +24,29 @@ const userSchema: Schema<IUser> = new Schema<IUser>(
     },
     role: {
       type: String,
+      enum: AllowedUserRoles,
       default: 'user',
     },
+    birthPlace: {
+      type: String,
+      required: true,
+      trim: true,
+    },
+    location: {
+      type: String,
+      required: true,
+      trim: true,
+    },
+    portfolioUrl: {
+      type: String,
+      default: null,
+      trim: true,
+    },
+    bio: {
+      type: String,
+      default: null,
+      trim: true,
+    },
     apikey: {
       type: String,
       default: null,

LocalMind-Backend/src/api/v1/user/user.routes.ts

@@ -5,8 +5,8 @@ import userController from './user.controller'
 import userMiddleware from './user.middleware'
 
 router.post('/v1/auth/signup', userController.register)
+router.post('/v1/user/login', userController.login)
 
-router.post('/v1/auth/login', userController.login)
 
 router.get('/v1/auth/apiKey/generate', userMiddleware.middleware, userController.apiEndPointCreater)
 router.get('/v1/auth/profile', userMiddleware.middleware, userController.profile)

LocalMind-Backend/src/api/v1/user/user.service.ts

@@ -28,6 +28,9 @@ class userService {
     const user = await User.create({
       ...data,
       password: hashPassword,
+      role: data.role || 'user',
+      portfolioUrl: data.portfolioUrl ?? null,
+      bio: data.bio ?? null,
     })
     return user
   }

LocalMind-Backend/src/api/v1/user/user.type.ts

@@ -1,10 +1,20 @@
+import { AllowedUserRoles } from './user.constant'
+
+export type UserRole = (typeof AllowedUserRoles)[number]
+
 export interface IUser {
-  _id?: string | undefined
-  name?: string | null
+  _id?: string
+  firstName: string
   email: string
   password?: string
-  role?: string
+  role?: UserRole
+  birthPlace: string
+  location: string
+  portfolioUrl?: string | null
+  bio?: string | null
   apikey?: string | null
   model?: string | null
   modelApiKey?: string | null
+  createdAt?: Date
+  updatedAt?: Date
 }

LocalMind-Backend/src/api/v1/user/user.utils.ts

@@ -2,8 +2,9 @@ import jwt, { SignOptions } from 'jsonwebtoken'
 import { env } from '../../../constant/env.constant'
 import { IUser } from './user.type'
 import User from './user.model'
+import bcrypt from 'bcrypt'
 import * as argon2 from 'argon2'
-import UserConstant from './user.constant'
+import UserConstant, { PasswordConfig } from './user.constant'
 
 export interface JwtPayload {
   userId: string
@@ -21,7 +22,7 @@ class UserUtils {
     } as SignOptions)
   }
 
-  public static verifyToken(token: string): IUser | null {
+  public static verifyToken(token: string): Partial<IUser> | null {
     try {
       const decoded = jwt.verify(token, this.JWT_SECRET)
 
@@ -61,11 +62,11 @@ class UserUtils {
       if (!PassMatch) {
         throw new Error(UserConstant.INVALID_PASSWORD)
       }
-      const userObj: IUser = user.toObject()
-      delete (userObj as { password?: string }).password
-      delete (userObj as { createdAt?: Date }).createdAt
-      delete (userObj as { updatedAt?: Date }).updatedAt
-      delete (userObj as { __v?: number }).__v
+      const userObj = this.sanitizeUser(user)
+
+      if (!userObj) {
+        throw new Error(UserConstant.USER_NOT_FOUND)
+      }
 
       const token = this.generateToken({
         userId: String(user._id),
@@ -84,22 +85,16 @@ class UserUtils {
 
   public static async findById(userId: string): Promise<IUser | null> {
     const user = await User.findById(userId)
-    return user
+    return this.sanitizeUser(user) as IUser | null
   }
 
   public static async passwordHash(password: string): Promise<string> {
-    return await argon2.hash(password)
+    return bcrypt.hash(password, PasswordConfig.saltRounds)
   }
 
   public static async findUserByEmail(email: string): Promise<Partial<IUser> | null> {
     const user = await User.findOne({ email })
-    if (!user) return null
-    const userObj = user.toObject() as IUser
-    delete (userObj as { password?: string }).password
-    delete (userObj as { createdAt?: Date }).createdAt
-    delete (userObj as { updatedAt?: Date }).updatedAt
-    delete (userObj as { __v?: number }).__v
-    return userObj
+    return this.sanitizeUser(user)
   }
 
   private static async passwordMatching({
@@ -109,7 +104,24 @@ class UserUtils {
     dbPass: string
     userPass: string
   }): Promise<boolean> {
-    return await argon2.verify(dbPass, userPass)
+    const isBcryptMatch = await bcrypt.compare(userPass, dbPass)
+    if (isBcryptMatch) return true
+
+    try {
+      return await argon2.verify(dbPass, userPass)
+    } catch {
+      return false
+    }
+  }
+  public static sanitizeUser(user: IUser | null): Partial<IUser> | null {
+    if (!user) return null
+    const userObj = typeof (user as any).toObject === 'function' ? (user as any).toObject() : { ...user }
+
+    delete (userObj as { password?: string }).password
+    delete (userObj as { __v?: number }).__v
+    delete (userObj as { apikey?: string | null }).apikey
+    delete (userObj as { modelApiKey?: string | null }).modelApiKey
+    return userObj as Partial<IUser>
   }
   public static maskApiKey(apiKey: string): string {
     if (!apiKey || apiKey.length < 8) return '*'