From 5bc86587e84d733bab76a8c4d54e559276aeaa5d Mon Sep 17 00:00:00 2001 From: nuur Date: Tue, 16 Sep 2025 18:34:29 -0700 Subject: [PATCH 1/2] first commit --- routes/auth.js | 71 +++++++++++++++++++++++++++++++++++++++-- routes/tasks.js | 84 +++++++++++++++++-------------------------------- 2 files changed, 97 insertions(+), 58 deletions(-) diff --git a/routes/auth.js b/routes/auth.js index 7a78cfc..0583f8a 100644 --- a/routes/auth.js +++ b/routes/auth.js @@ -10,13 +10,47 @@ const JWT_SECRET = process.env.JWT_SECRET || "your-secret-key"; // POST /api/auth/register - Register a new user router.post("/register", async (req, res) => { try { - // TODO: Implement the registration logic // 1. Validate the input + const { name, email, password } = req.body; + if (!name || !email || !password) { + return res.status(400).json({ + success: false, + message: "Name, email, and password are required." + }); + } // 2. Check if the user already exists - // 3. Hash the password + const existingUser = await prisma.user.findUnique({ where: { email } }); + if (existingUser) { + return res.status(409).json({ + success: false, + message: "User with this email already exists." + }); + } + // 3. Hash the password + const salt = await bcrypt.genSalt(10); + const hashedPassword = await bcrypt.hash(password, salt); // 4. Create the user + const user = await prisma.user.create({ + data: { + name, + email, + password: hashedPassword + } + }); // 5. Generate a JWT token + const token = jwt.sign( + { userId: user.id, email: user.email }, + JWT_SECRET, + { expiresIn: "7d" } + ); // 6. Return the user data and token + const { password: _, ...userWithoutPassword } = user; + res.status(201).json({ + success: true, + message: "User registered successfully.", + data: userWithoutPassword, + token + }); @@ -35,10 +69,43 @@ router.post("/login", async (req, res) => { try { // TODO: Implement the login logic // 1. Validate the input + const { email, password } = req.body; + if (!email || !password) { + return res.status(400).json({ + success: false, + message: "Email and password are required." + }); + } // 2. Check if the user exists + const user = await prisma.user.findUnique({ where: { email } }); + if (!user) { + return res.status(401).json({ + success: false, + message: "Invalid email or password." + }); + } // 3. Compare the password + const isMatch = await bcrypt.compare(password, user.password); + if (!isMatch) { + return res.status(401).json({ + success: false, + message: "Invalid email or password." + }); + } // 4. Generate a JWT token + const token = jwt.sign( + { userId: user.id, email: user.email }, + JWT_SECRET, + { expiresIn: "7d" } + ); // 5. Return the user data and token + const { password: _, ...userWithoutPassword } = user; + res.json({ + success: true, + message: "Login successful.", + data: userWithoutPassword, + token + }); } catch (error) { diff --git a/routes/tasks.js b/routes/tasks.js index a9c3ffc..b3f09ab 100644 --- a/routes/tasks.js +++ b/routes/tasks.js @@ -21,15 +21,13 @@ router.get("/tasks", async (req, res) => { try { const tasks = await getAllTasks(req.user.id); - // TODO: Add proper HTTP status code for successful response - res.json({ + res.status(200).json({ success: true, count: tasks.length, data: tasks, }); } catch (error) { - // TODO: Add proper HTTP status code for server error - res.json({ + res.status(500).json({ success: false, error: error.message, }); @@ -42,21 +40,18 @@ router.get("/tasks/:id", async (req, res) => { const task = await getTaskById(id, req.user.id); if (!task) { - // TODO: Add proper HTTP status code for not found - return res.json({ + return res.status(404).json({ success: false, error: "Task not found", }); } - // TODO: Add proper HTTP status code for successful response - res.json({ + res.status(200).json({ success: true, data: task, }); } catch (error) { - // TODO: Add proper HTTP status code for server error - res.json({ + res.status(500).json({ success: false, error: error.message, }); @@ -68,14 +63,12 @@ router.post("/tasks", async (req, res) => { const taskData = req.body; const newTask = await createTask(taskData, req.user.id); - // TODO: Add proper HTTP status code for successful creation - res.json({ + res.status(201).json({ success: true, data: newTask, }); } catch (error) { - // TODO: Add proper HTTP status code for bad request - res.json({ + res.status(400).json({ success: false, error: error.message, }); @@ -88,21 +81,18 @@ router.put("/tasks/:id", async (req, res) => { const updateData = req.body; const updatedTask = await updateTask(id, updateData, req.user.id); - // TODO: Add proper HTTP status code for successful update - res.json({ + res.status(200).json({ success: true, data: updatedTask, }); } catch (error) { if (error.message === "Task not found") { - // TODO: Add proper HTTP status code for not found - res.json({ + res.status(404).json({ success: false, error: error.message, }); } else { - // TODO: Add proper HTTP status code for bad request - res.json({ + res.status(400).json({ success: false, error: error.message, }); @@ -115,21 +105,18 @@ router.delete("/tasks/:id", async (req, res) => { const { id } = req.params; const deletedTask = await deleteTask(id, req.user.id); - // TODO: Add proper HTTP status code for successful deletion - res.json({ + res.status(200).json({ success: true, data: deletedTask, }); } catch (error) { if (error.message === "Task not found") { - // TODO: Add proper HTTP status code for not found - res.json({ + res.status(404).json({ success: false, error: error.message, }); } else { - // TODO: Add proper HTTP status code for server error - res.json({ + res.status(500).json({ success: false, error: error.message, }); @@ -142,8 +129,7 @@ router.get("/tasks/:taskId/subtasks", async (req, res) => { const { taskId } = req.params; const subtasks = await getSubtasksByTaskId(taskId, req.user.id); - // TODO: Add proper HTTP status code for successful response - res.json({ + res.status(200).json({ success: true, count: subtasks.length, data: subtasks, @@ -153,14 +139,12 @@ router.get("/tasks/:taskId/subtasks", async (req, res) => { error.message.includes("not found") || error.message.includes("access denied") ) { - // TODO: Add proper HTTP status code for not found - res.json({ + res.status(404).json({ success: false, error: error.message, }); } else { - // TODO: Add proper HTTP status code for server error - res.json({ + res.status(500).json({ success: false, error: error.message, }); @@ -173,8 +157,7 @@ router.get("/subtasks/:id", async (req, res) => { const { id } = req.params; const subtask = await getSubtaskById(id, req.user.id); - // TODO: Add proper HTTP status code for successful response - res.json({ + res.status(200).json({ success: true, data: subtask, }); @@ -183,14 +166,12 @@ router.get("/subtasks/:id", async (req, res) => { error.message.includes("not found") || error.message.includes("access denied") ) { - // TODO: Add proper HTTP status code for not found - res.json({ + res.status(404).json({ success: false, error: error.message, }); } else { - // TODO: Add proper HTTP status code for server error - res.json({ + res.status(500).json({ success: false, error: error.message, }); @@ -204,8 +185,7 @@ router.post("/tasks/:taskId/subtasks", async (req, res) => { const subtaskData = req.body; const newSubtask = await createSubtask(taskId, subtaskData, req.user.id); - // TODO: Add proper HTTP status code for successful creation - res.json({ + res.status(201).json({ success: true, data: newSubtask, }); @@ -214,14 +194,12 @@ router.post("/tasks/:taskId/subtasks", async (req, res) => { error.message.includes("not found") || error.message.includes("access denied") ) { - // TODO: Add proper HTTP status code for not found - res.json({ + res.status(404).json({ success: false, error: error.message, }); } else { - // TODO: Add proper HTTP status code for bad request - res.json({ + res.status(400).json({ success: false, error: error.message, }); @@ -235,8 +213,7 @@ router.put("/subtasks/:id", async (req, res) => { const updateData = req.body; const updatedSubtask = await updateSubtask(id, updateData, req.user.id); - // TODO: Add proper HTTP status code for successful update - res.json({ + res.status(200).json({ success: true, data: updatedSubtask, }); @@ -245,14 +222,12 @@ router.put("/subtasks/:id", async (req, res) => { error.message.includes("not found") || error.message.includes("access denied") ) { - // TODO: Add proper HTTP status code for not found - res.json({ + res.status(404).json({ success: false, error: error.message, }); } else { - // TODO: Add proper HTTP status code for bad request - res.json({ + res.status(400).json({ success: false, error: error.message, }); @@ -265,8 +240,7 @@ router.delete("/subtasks/:id", async (req, res) => { const { id } = req.params; const deletedSubtask = await deleteSubtask(id, req.user.id); - // TODO: Add proper HTTP status code for successful deletion - res.json({ + res.status(200).json({ success: true, data: deletedSubtask, }); @@ -275,14 +249,12 @@ router.delete("/subtasks/:id", async (req, res) => { error.message.includes("not found") || error.message.includes("access denied") ) { - // TODO: Add proper HTTP status code for not found - res.json({ + res.status(404).json({ success: false, error: error.message, }); } else { - // TODO: Add proper HTTP status code for server error - res.json({ + res.status(500).json({ success: false, error: error.message, }); From cad78fbc8a99e27925745a1fc1afcedc026caced Mon Sep 17 00:00:00 2001 From: kamaal Date: Wed, 17 Sep 2025 08:34:17 -0700 Subject: [PATCH 2/2] first2 commit --- routes/auth.js | 1 + 1 file changed, 1 insertion(+) diff --git a/routes/auth.js b/routes/auth.js index 0583f8a..fd5beb0 100644 --- a/routes/auth.js +++ b/routes/auth.js @@ -119,6 +119,7 @@ router.post("/login", async (req, res) => { }); // GET /api/auth/me - Get current user profile (protected route) +//commeneted out to test other routes without token router.get("/me", authenticateToken, async (req, res) => { try { // req.user will be set by the authenticateToken middleware