From f5145e0236232f84bbde18b46d7b8f0369e3c352 Mon Sep 17 00:00:00 2001
From: SUMIQVERSE <sumitkumar807640@gmail.com>
Date: Wed, 27 May 2026 17:43:45 +0530
Subject: [PATCH 1/3] fix(auth): resolve CORS policy, cross-origin cookies, and
 dynamic API routing

---
 backend/server.js           | 10 +++++++++-
 src/pages/Login/Login.tsx   |  2 +-
 src/pages/Signup/Signup.tsx | 10 +++++++---
 3 files changed, 17 insertions(+), 5 deletions(-)

diff --git a/backend/server.js b/backend/server.js
index 48d6ccfb..53965f09 100644
--- a/backend/server.js
+++ b/backend/server.js
@@ -13,8 +13,11 @@ const logger = require('./logger');
 
 const app = express();
 
+// Enable trust proxy
+app.set('trust proxy', 1); 
+
 // CORS configuration
-const allowedOrigins = ['http://localhost:5173', 'https://github-spy.etlify.app'];
+const allowedOrigins = ['http://localhost:5173', 'https://github-spy.netlify.app']; // there was a typo error in the url, it is fixed now.
 app.use(cors({
     origin: function (origin, callback) {
         if (!origin || allowedOrigins.indexOf(origin) !== -1) {
@@ -32,6 +35,11 @@ app.use(session({
     secret: process.env.SESSION_SECRET,
     resave: false,
     saveUninitialized: false,
+    cookie: {
+        secure: process.env.NODE_ENV === 'production', // Only send cookies over HTTPS in production
+        sameSite: process.env.NODE_ENV === 'production' ? 'none' : 'lax', //Cross-domain cookies = 'none'
+        maxAge: 24 * 60 * 60 * 1000
+    }
 }));
 app.use(passport.initialize());
 app.use(passport.session());
diff --git a/src/pages/Login/Login.tsx b/src/pages/Login/Login.tsx
index 92b7073e..191c6c82 100644
--- a/src/pages/Login/Login.tsx
+++ b/src/pages/Login/Login.tsx
@@ -4,7 +4,7 @@ import { useNavigate, Link } from "react-router-dom";
 import { ThemeContext } from "../../context/ThemeContext";
 import type { ThemeContextType } from "../../context/ThemeContext";
 
-const backendUrl = import.meta.env.VITE_BACKEND_URL;
+const backendUrl = import.meta.env.VITE_BACKEND_URL || ""; // Fallback to an empty string if VITE_BACKEND_URL is undefined to ensure relative routing
 
 interface LoginFormData {
   email: string;
diff --git a/src/pages/Signup/Signup.tsx b/src/pages/Signup/Signup.tsx
index 2ac51dcc..1676ab0a 100644
--- a/src/pages/Signup/Signup.tsx
+++ b/src/pages/Signup/Signup.tsx
@@ -6,7 +6,7 @@ import { User, Mail, Lock, Eye, EyeOff } from "lucide-react";
 import { ThemeContext } from "../../context/ThemeContext";
 import type { ThemeContextType } from "../../context/ThemeContext";
 
-const backendUrl = import.meta.env.VITE_BACKEND_URL;
+const backendUrl = import.meta.env.VITE_BACKEND_URL || ""; // Fallback to an empty string if VITE_BACKEND_URL is undefined to ensure relative routing
 
 interface SignUpFormData {
   username: string;
@@ -92,8 +92,12 @@ const SignUp: React.FC = () => {
       if (response.data.message === 'User created successfully') {
         navigate("/login");
       }
-    } catch (error: any) {
-      setMessage(error.response?.data?.message || "Something went wrong. Please try again.");
+    } catch (error) {
+      if (axios.isAxiosError(error)) {
+        setMessage(error.response?.data?.message || "Something went wrong. Please try again.");
+      } else {
+        setMessage("An unexpected error occurred. Please try again.");
+      }
     } finally {
       setIsLoading(false);
     }

From 1ab3e161f58fa1b3f4df58a47a58841cb89f4970 Mon Sep 17 00:00:00 2001
From: SUMIQVERSE <sumitkumar807640@gmail.com>
Date: Wed, 27 May 2026 20:16:18 +0530
Subject: [PATCH 2/3] restoring the default regex

---
 backend/validators/authValidator.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/backend/validators/authValidator.js b/backend/validators/authValidator.js
index 1c67259b..ab4dac07 100644
--- a/backend/validators/authValidator.js
+++ b/backend/validators/authValidator.js
@@ -18,7 +18,7 @@ const signupSchema = z.object({
         .min(8, "Password must be at least 8 characters long")
         .max(100, "Password must be at most 100 characters long")
         .regex(
-            /^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[\W_]).{8,}$/,
+            /^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]+$/,
             'Password must contain uppercase, lowercase, number, and special character'
         ),
 });

From 3a7fe3fbf0aa4521c56d61cd169abcb624bf512b Mon Sep 17 00:00:00 2001
From: SUMIQVERSE <sumitkumar807640@gmail.com>
Date: Wed, 27 May 2026 20:29:58 +0530
Subject: [PATCH 3/3] fix: add withCredentials to axios requests for
 cross-origin session cookies

---
 src/pages/Login/Login.tsx   | 4 +++-
 src/pages/Signup/Signup.tsx | 6 +++---
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/pages/Login/Login.tsx b/src/pages/Login/Login.tsx
index 191c6c82..34275e99 100644
--- a/src/pages/Login/Login.tsx
+++ b/src/pages/Login/Login.tsx
@@ -30,7 +30,9 @@ const Login: React.FC = () => {
     setIsLoading(true);
 
     try {
-      const response = await axios.post(`${backendUrl}/api/auth/login`, formData);
+      const response = await axios.post(`${backendUrl}/api/auth/login`, formData, {
+        withCredentials: true
+      });
       setMessage(response.data.message);
 
       if (response.data.message === 'Login successful') {
diff --git a/src/pages/Signup/Signup.tsx b/src/pages/Signup/Signup.tsx
index 1676ab0a..8a6f190f 100644
--- a/src/pages/Signup/Signup.tsx
+++ b/src/pages/Signup/Signup.tsx
@@ -83,9 +83,9 @@ const SignUp: React.FC = () => {
     }
     setIsLoading(true);
     try {
-      const response = await axios.post(`${backendUrl}/api/auth/signup`,
-        formData // Include cookies for session
-      );
+      const response = await axios.post(`${backendUrl}/api/auth/signup`, formData, { 
+        withCredentials: true 
+      });
       setMessage(response.data.message); // Show success message from backend
 
       // Navigate to login page after successful signup