feat: Add seed script with demo authentication and environment-based …

[shubh-gitpush]

📌 Description

Implemented a comprehensive seeding and demo authentication system for DailyForge with database-optional test mode. This enables developers and new contributors to quickly set up the project and test features without requiring external database configuration. Also includes security hardening for production deployments.

🔗 Related Issue

Closes #201

🛠 Changes Made

Backend Changes

• Seed Script (backend/scripts/seed.js)

  • Auto-populates database with 8 sample tasks and 1 routine with 10 time slots
  • Idempotent design - safe to run multiple times
  • Detects empty MONGO_URI and enters test mode automatically
  • Displays demo credentials without database requirement

• Authentication System (backend/controllers/authController.js)

  • Added demo user support: demo@dailyforge.dev / DemoPassword123!
  • Demo mode only enabled when NODE_ENV=development
  • Automatically disabled in production for security
  • Returns JWT token for demo account without database queries

• Task Controller (backend/controllers/taskController.js)

  • Demo user returns empty task array without DB queries
  • Mock task creation for demo mode (not saved to database)
  • Development-only demo mode checks

• Routine Controller (backend/controllers/routineController.js)

  • Demo user creates routines without validation or database persistence
  • Returns empty routines list for demo user
  • Production-safe with environment checks

• Database Configuration (backend/config/db.js)

  • MongoDB connection now optional
  • Skips connection if MONGO_URI is empty
  • Allows app to start without database in test mode

• Server Configuration (backend/src/server.js)

  • Updated CORS to allow localhost development (ports 5173, 3000)
  • Maintains production URL whitelisting

• Environment Files

  • .env - Local development config with NODE_ENV=development
  • .env.example - Documentation for all environment variables

• Package.json

  • Added npm run seed script for database seeding

Frontend Changes

• Axios Configuration (frontend/src/api/axios.js)

  • Smart environment detection for API base URL
  • Development: Auto-uses http://localhost:5000/api/
  • Production: Uses VITE_API_URL env var or defaults to deployed backend
  • No manual configuration needed for switching environments

• Environment Files

  • .env - Optional production API URL override
  • .env.example - Configuration documentation

Documentation Updates

• README.md

  • Removed hardcoded backend URL warnings
  • Updated environment variables section with security notes
  • Documented demo mode and when it's enabled/disabled
  • Added quick start instructions for seed script
  • Simplified frontend setup steps

• CONTRIBUTING.md

  • Added seed script setup for quick local development
  • Documented idempotent nature of seed script
  • Clarified <5 minute setup time with demo data

CI/CD & Automation

• Pull Request Template (.github/pull_request_template.md)

  • Standardized PR format for contributors
  • Includes description, change type, checklist

• CI Pipeline (.github/workflows/ci.yml)

  • Linting checks for frontend and backend (ESLint)
  • Build verification (Vite for frontend, syntax check for backend)
  • Automated test runs on PR and push to main/develop
  • Status checks before merge

Bug Fixes

• Fixed duplicate sensors declaration in RoutineBuilder.jsx
• Resolved merge conflicts between main and feature branch
• Fixed unused variable warnings in routineController.js (ESLint)

🔐 Security Highlights

✅ Demo credentials only work in development mode (NODE_ENV=development)
✅ Production deployments have NODE_ENV=production - demo login is rejected
✅ CORS configured for both local dev and production URLs
✅ Password hashing with bcrypt maintained
✅ JWT token expiration set to 24 hours

✅ Testing & Validation

• ✅ Frontend linting: PASS
• ✅ Backend linting: PASS
• ✅ Frontend build: PASS
• ✅ npm run seed: Runs without database
• ✅ Demo credentials work in development
• ✅ Demo credentials blocked in production
• ✅ CORS errors resolved
• ✅ Merge conflicts resolved

🚀 How to Test

1. Install dependencies: npm install (both frontend and backend)
2. Seed demo data: npm run seed (in backend directory)
3. Start backend: npm run dev (in backend directory)
4. Start frontend: npm run dev (in frontend directory)
5. Login with: demo@dailyforge.dev / DemoPassword123!
6. Access dashboard and manage tasks without database

📝 Notes

• Demo mode is completely transparent to production deployments
• New contributors can start development in <5 minutes without MongoDB setup
• Seed script can be run multiple times safely (idempotent)
• All changes backward compatible with existing production deployments

📸 Screenshots (if applicable)

Add screenshots or GIFs to explain UI changes.

✅ Checklist

• Code runs locally
• Followed project structure
• No console errors
• Properly tested changes
• Linked the issue

🚀 Notes for Reviewers

Anything specific you want reviewed.

[shubh-gitpush]

@aryandas2911 Could you please review this? It may cause merge conflicts if additional PRs get merged meanwhile.

[aryandas2911]

pls use the updated task categories

[aryandas2911]

pls use the existing URLs and dont add extra URLS

[aryandas2911]

pls use the existing URLs and no extra URLs

[shubh-gitpush]

@aryandas2911 please check once more there are dfferent links for development and production.Feel feel to suggest any changes.

[aryandas2911]

for development we are using

app.use(
cors({
origin: [
"https://dailyforge-frontend-lhjq.onrender.com",
"http://localhost:5173",
"http://127.0.0.1:5173",
process.env.CLIENT_ORIGIN,
],
credentials: true,
})
);

and

const api = axios.create({
baseURL: import.meta.env.VITE_API_BASE_URL || import.meta.env.VITE_API_URL || (import.meta.env.DEV ? "http://localhost:5000/api/" : "https://dailyforge-backend.onrender.com/api/"),
timeout: Number(import.meta.env.VITE_API_TIMEOUT) || 15000, // updated 15s as default
withCredentials: true,
});

kindly keep it like that only and update the tasks categories with the updated task categories in the seed.js

[shubh-gitpush]

@aryandas2911 made the changes kindly check

[shubh-gitpush]

@aryandas2911 Could you please review this? It may cause merge conflicts if additional PRs get merged meanwhile.

[shubh-gitpush]

@aryandas2911 are there any updates required from my side,if yes feel free to tell.

[shubh-gitpush]

@aryandas2911 could you please provide some feedback as it has been 4 days since i have opened a pr.

[shubh-gitpush]

@aryandas2911 any update on this pr?