server/src/routes/auth.ts

import { Router, Request, Response } from 'express';
import User from '../models/User';
import jwt from 'jsonwebtoken';
import { hashPassword, comparePassword } from '../utils/auth';
export const router = Router();

interface AuthenticatedRequest extends Request {
    user?: { id: string };
}

router.post('/register', async (req, res) => {
    try {
        const { email, password } = req.body

        if (!email) return res.status(400).send('Email is required')
        if (!password || password.length < 6) return res.status(400).send('Password is required and must be at least 6 characters')

        let userExist = await User.findOne({ where: { email } });
        if (userExist) return res.status(400).send('User already exists')
        
        const hashedPassword = await hashPassword(password)

        const user = await User.create({ email, password: hashedPassword });

        const token = jwt.sign({ id: user.id }, process.env.JWT_SECRET as string, { expiresIn: '1h' });
        user.password = undefined as unknown as string
        res.cookie('token', token, {
            httpOnly: true
        })
        res.json(user)
    } catch (error: any) {
        res.status(500).send(`Could not register user - ${error.message}`)
    }
})

router.post('/login', async (req, res) => {
    try {
        const { email, password } = req.body;
        if (!email || !password) return res.status(400).send('Email and password are required')
        if (password.length < 6) return res.status(400).send('Password must be at least 6 characters')

        let user = await User.findOne({raw: true, where: { email } });
        if (!user) return res.status(400).send('User does not exist');

        const match = await comparePassword(password, user.password)
        if (!match) return res.status(400).send('Invalid email or password')

        const token = jwt.sign({ id: user?.id }, process.env.JWT_SECRET as string, { expiresIn: '1h' });

        // return user and token to client, exclude hashed password
        if (user) {
            user.password = undefined as unknown as string;
        }
        res.cookie('token', token, {
            httpOnly: true
        })
        res.json(user)
    } catch (error: any) {
        res.status(400).send(`Could not login user - ${error.message}`)
        console.log(`Could not login user - ${error}`)
    }
})

router.get('/logout', async (req, res) => {
    try {
        res.clearCookie('token')
        return res.json({ message: 'Logout successful' })
    } catch (error: any) {
        res.status(500).send(`Could not logout user - ${error.message}`)
    }
})

router.get('/current-user', async (req: AuthenticatedRequest, res) => {
    console.log('Current user request received');
    try {
        if (!req.user) {
            console.log('No user in request');
            return res.status(401).json({ ok: false, error: 'Unauthorized' });
        }
        console.log('Fetching user with id:', req.user.id);
        const user = await User.findByPk(req.user.id, {
            attributes: { exclude: ['password'] },
        });
        if (!user) {
            console.log('User not found in database');
            return res.status(404).json({ ok: false, error: 'User not found' });
        }
        console.log('User found, sending response');
        return res.status(200).json({ ok: true, user: user });
    } catch (error: any) {
        console.error('Error in current-user route:', error);
        return res.status(500).json({ ok: false, error: `Could not fetch current user: ${error.message}` });
    }
});
fix: extend request to include user 2024-09-24 17:39:50 +05:30			`import { Router, Request, Response } from 'express';`
feat: use User for register 2024-09-24 17:29:48 +05:30			`import User from '../models/User';`
feat: register controller 2024-09-23 23:54:19 +05:30			`import jwt from 'jsonwebtoken';`
feat: hashing & comparison 2024-09-25 18:52:03 +05:30			`import { hashPassword, comparePassword } from '../utils/auth';`
feat: register route 2024-09-23 23:57:12 +05:30			`export const router = Router();`
feat: register controller 2024-09-23 23:54:19 +05:30
fix: extend request to include user 2024-09-24 17:39:50 +05:30			`interface AuthenticatedRequest extends Request {`
			`user?: { id: string };`
			`}`

feat: register route 2024-09-23 23:57:12 +05:30			`router.post('/register', async (req, res) => {`
feat: register controller 2024-09-23 23:54:19 +05:30			`try {`
			`const { email, password } = req.body`

			`if (!email) return res.status(400).send('Email is required')`
			`if (!password \|\| password.length < 6) return res.status(400).send('Password is required and must be at least 6 characters')`

feat: use User for register 2024-09-24 17:29:48 +05:30			`let userExist = await User.findOne({ where: { email } });`
feat: register controller 2024-09-23 23:54:19 +05:30			`if (userExist) return res.status(400).send('User already exists')`
feat: hashing & comparison 2024-09-25 18:52:03 +05:30
			`const hashedPassword = await hashPassword(password)`
feat: register controller 2024-09-23 23:54:19 +05:30
feat: hashing & comparison 2024-09-25 18:52:03 +05:30			`const user = await User.create({ email, password: hashedPassword });`
feat: use User for register 2024-09-24 17:29:48 +05:30
			`const token = jwt.sign({ id: user.id }, process.env.JWT_SECRET as string, { expiresIn: '1h' });`
feat: exclude hashed password when return user 2024-09-24 17:46:35 +05:30			`user.password = undefined as unknown as string`
feat: register controller 2024-09-23 23:54:19 +05:30			`res.cookie('token', token, {`
			`httpOnly: true`
			`})`
			`res.json(user)`
fix: set error type explicitly any 2024-09-24 19:07:02 +05:30			`} catch (error: any) {`
feat: register controller 2024-09-23 23:54:19 +05:30			res.status(500).send(`Could not register user - ${error.message}`)
			`}`
feat: register route 2024-09-23 23:57:12 +05:30			`})`
feat: register controller 2024-09-23 23:54:19 +05:30
feat: login route 2024-09-23 23:57:43 +05:30			`router.post('/login', async (req, res) => {`
feat: login controller 2024-09-23 23:55:23 +05:30			`try {`
			`const { email, password } = req.body;`
			`if (!email \|\| !password) return res.status(400).send('Email and password are required')`
			`if (password.length < 6) return res.status(400).send('Password must be at least 6 characters')`

feat: set raw:true 2024-09-25 19:53:45 +05:30			`let user = await User.findOne({raw: true, where: { email } });`
feat: hashing & comparison 2024-09-25 18:52:03 +05:30			`if (!user) return res.status(400).send('User does not exist');`

			`const match = await comparePassword(password, user.password)`
feat: login controller 2024-09-23 23:55:23 +05:30			`if (!match) return res.status(400).send('Invalid email or password')`

feat: use User for login 2024-09-24 17:31:56 +05:30			`const token = jwt.sign({ id: user?.id }, process.env.JWT_SECRET as string, { expiresIn: '1h' });`

feat: login controller 2024-09-23 23:55:23 +05:30			`// return user and token to client, exclude hashed password`
feat: exclude hashed password when return user 2024-09-24 17:46:35 +05:30			`if (user) {`
			`user.password = undefined as unknown as string;`
			`}`
feat: login controller 2024-09-23 23:55:23 +05:30			`res.cookie('token', token, {`
			`httpOnly: true`
			`})`
			`res.json(user)`
fix: set error type explicitly any 2024-09-24 19:07:02 +05:30			`} catch (error: any) {`
feat: login controller 2024-09-23 23:55:23 +05:30			res.status(400).send(`Could not login user - ${error.message}`)
feat: set raw:true 2024-09-25 19:53:45 +05:30			console.log(`Could not login user - ${error}`)
feat: login controller 2024-09-23 23:55:23 +05:30			`}`
feat: login route 2024-09-23 23:57:43 +05:30			`})`
feat: logout controller 2024-09-23 23:55:41 +05:30
feat: logout route 2024-09-23 23:58:14 +05:30			`router.get('/logout', async (req, res) => {`
feat: logout controller 2024-09-23 23:55:41 +05:30			`try {`
			`res.clearCookie('token')`
			`return res.json({ message: 'Logout successful' })`
fix: set error type explicitly any 2024-09-24 19:07:02 +05:30			`} catch (error: any) {`
feat: logout controller 2024-09-23 23:55:41 +05:30			res.status(500).send(`Could not logout user - ${error.message}`)
			`}`
feat: logout route 2024-09-23 23:58:14 +05:30			`})`
feat: get current user 2024-09-23 23:55:53 +05:30
fix: extend request to include user 2024-09-24 17:39:50 +05:30			`router.get('/current-user', async (req: AuthenticatedRequest, res) => {`
feat: print to console 2024-09-25 16:25:35 +05:30			`console.log('Current user request received');`
feat: get current user 2024-09-23 23:55:53 +05:30			`try {`
fix: extend request to include user 2024-09-24 17:39:50 +05:30			`if (!req.user) {`
feat: print to console 2024-09-25 16:25:35 +05:30			`console.log('No user in request');`
feat: send proper response 2024-09-25 16:16:49 +05:30			`return res.status(401).json({ ok: false, error: 'Unauthorized' });`
fix: extend request to include user 2024-09-24 17:39:50 +05:30			`}`
feat: print to console 2024-09-25 16:25:35 +05:30			`console.log('Fetching user with id:', req.user.id);`
feat: use User for current user 2024-09-24 17:33:51 +05:30			`const user = await User.findByPk(req.user.id, {`
chore: lint 2024-09-24 17:40:20 +05:30			`attributes: { exclude: ['password'] },`
			`});`
feat: return error if !user 2024-09-25 15:59:33 +05:30			`if (!user) {`
feat: print to console 2024-09-25 16:25:35 +05:30			`console.log('User not found in database');`
feat: return error if !user 2024-09-25 15:59:33 +05:30			`return res.status(404).json({ ok: false, error: 'User not found' });`
			`}`
feat: print to console 2024-09-25 16:25:35 +05:30			`console.log('User found, sending response');`
feat: send proper response 2024-09-25 16:16:49 +05:30			`return res.status(200).json({ ok: true, user: user });`
fix: set error type explicitly any 2024-09-24 19:07:02 +05:30			`} catch (error: any) {`
feat: print to console 2024-09-25 16:25:35 +05:30			`console.error('Error in current-user route:', error);`
feat: send proper response 2024-09-25 16:16:49 +05:30			return res.status(500).json({ ok: false, error: `Could not fetch current user: ${error.message}` });
feat: get current user 2024-09-23 23:55:53 +05:30			`}`
feat: current user route 2024-09-24 00:01:32 +05:30			`});`