kunalverma2512 · agentVivek · Apr 3, 2026 · Apr 3, 2026 · Apr 5, 2026 · Apr 7, 2026
diff --git a/docker-compose.yaml b/docker-compose.yaml
@@ -0,0 +1,26 @@
+services:
+  mongo:
+    image: mongo
+    restart: always
+    volumes:
+      - mongo_data:/data/db
+    env_file: ./server/.env
+  redis:
+    image: redis
+    restart: always
+  backend:
+    build:
+      context: ./server
+      dockerfile: Dockerfile.dev
+    depends_on:
+      - mongo
+      - redis
+    ports:
+      - "8000:8000"
+    volumes:
+      - /app/node_modules
+      - ./server:/app
+    env_file:
+      - ./server/.env
-      - ./server/.env
+      - ./server/.env
+    environment:
+      REDIS_URL: redis://redis:6379
-      - ./server/.env
+      - ./server/.env
+    environment:
+      REDIS_URL: redis://redis:6379
+volumes:
+  mongo_data:
diff --git a/frontend/package-lock.json b/frontend/package-lock.json
diff --git a/server/Dockerfile.dev b/server/Dockerfile.dev
@@ -0,0 +1,8 @@
+FROM node:lts-alpine
+
+WORKDIR /app
+COPY ./package.json  ./
+RUN npm install
+COPY ./ ./
+
+CMD ["npm", "run", "server"]
diff --git a/server/REDIS.md b/server/REDIS.md
@@ -0,0 +1,28 @@
+# Feature: Redis-Based OTP Verification & Auth Flow Refactoring 🚀
+
+## 📝 Description
+This PR refactors the authentication and registration flow to utilize **Redis** for temporary data storage (OTPs and pending user sessions) instead of MongoDB. This architectural change significantly improves database hygiene by preventing the database from being cluttered with unverified or abandoned accounts.
+
+## ✨ Key Changes & Architectural Improvements
+
+1. **Optimized User Creation (Database Hygiene)**
+   - Removed the `isVerified` field from the `User` model.
+   - **Old Flow:** Users were created in MongoDB immediately upon registration with `isVerified: false`.
+   - **New Flow:** User data is now temporarily cached in Redis under the key `pending_user:<email>` with a 10-minute expiration. The user is ONLY saved to MongoDB permanently *after* they successfully verify their OTP.
+
+2. **Redis-Powered OTP Management**
+   - Replaced the MongoDB `Otp.js` model with Redis key-value storage (`otp:<purpose>:<email>`).
+   - Leverages Redis's native TTL (Time-To-Live) capabilities to automatically expire OTPs and pending users after 10 minutes, reducing database load and removing the need for MongoDB TTL indexes.
+   - Safely deleted the obsolete `server/models/Otp.js` file.
+
+3. **Refactored Auth Modules**
+   - Updated `AuthRepository` to include Redis cache interactions (`storePendingUser`, `getPendingUser`, `storeOtp`, etc.).
+   - Refactored `AuthService` and `AuthController` to seamlessly handle registration, forgot password, reset password, and resend OTP flows using the new Redis architecture.
+
+## 🛠 Prerequisites for Reviewers/Maintainers
+Because of the new Redis dependency, the environment setup has been updated. To run this locally:
+
+1. Ensure you have a Redis server running locally or via Docker.
+2. Add the following to your `server/.env` file:
+   ```env
+   REDIS_URL=redis://localhost:6379  # Or your respective Redis connection string
diff --git a/server/config/redis.js b/server/config/redis.js
@@ -0,0 +1,15 @@
+import { createClient } from 'redis';
+
+export const redisClient = createClient({ url: process.env.REDIS_URL });
+
+redisClient.on('error', (err) => console.error('Redis Client Error:', err));
+
+export const connectToRedis = async () => {
+  try {
+    await redisClient.connect();
+    console.log("Connected to Redis cache.");
+  } catch (error) {
+    console.error("Failed to connect to Redis:", error);
+    throw error;
+  }
+};
diff --git a/server/models/Otp.js b/server/models/Otp.js
diff --git a/server/models/User.js b/server/models/User.js
@@ -6,7 +6,6 @@ const userSchema = new mongoose.Schema({
   email: { type: String, required: true, unique: true, lowercase: true, index: true },
   password: { type: String, required: true, minlength: 6, select: false },
   role: { type: String, enum: ["user", "admin"], default: "user" },
-  isVerified: { type: Boolean, default: false },
   authProvider: { type: String, enum: ["local", "google", "github"], default: "local" },
 
   // Profile Info

diff --git a/server/modules/auth/controller.js b/server/modules/auth/controller.js
@@ -6,7 +6,7 @@ class AuthController {
   static async register(req, res, next) {
     try {
       const result = await AuthService.register(req.body);
-      res.status(201).json(ApiResponse.success(result.message, result.user));
+      res.status(201).json(ApiResponse.success(result.message));
     } catch (error) {
       next(error instanceof ApiError ? error : new ApiError(500, error.message));
     }

diff --git a/server/modules/auth/repository.js b/server/modules/auth/repository.js
@@ -1,12 +1,18 @@
 import User from "../../models/User.js";
-import Otp from "../../models/Otp.js";
+import {redisClient} from "../../config/redis.js";
 
 class AuthRepository {
   static async createUser(userData) {
     const user = new User(userData);
     return await user.save();
   }
-
+  static async updateUserPassword(email, hashedPassword) {
+    return await User.findOneAndUpdate(
+      { email },
+      { password: hashedPassword },
+      { new: true }
+    );
+  }
   static async findUserByEmail(email) {
     return await User.findOne({ email }).select("+password");
   }
@@ -15,41 +21,32 @@ class AuthRepository {
     return await User.findOne({ email });
   }
 
-  static async findUserById(id) {
-    return await User.findById(id);
+  // --- Redis OTP Methods ---
+  static async storePendingUser(email, data, ttl = 600) {
+    // Stores user data and OTP in Redis with a 10-minute expiry
+    await redisClient.set(`pending_user:${email}`, JSON.stringify(data), "EX", ttl);
   }
-
-  static async updateUserVerification(email) {
-    return await User.findOneAndUpdate(
-      { email },
-      { isVerified: true },
-      { new: true }
-    );
+  static async getPendingUser(email) {
+    const data = await redisClient.get(`pending_user:${email}`);
+    return data ? JSON.parse(data) : null;
   }
 
-  static async updateUserPassword(email, hashedPassword) {
-    return await User.findOneAndUpdate(
-      { email },
-      { password: hashedPassword },
-      { new: true }
-    );
+  static async deletePendingUser(email) {
+    await redisClient.del(`pending_user:${email}`);
   }
 
-  static async createOtp({ email, otp, purpose }) {
-    // Delete any existing OTPs for same email+purpose
-    await Otp.deleteMany({ email, purpose });
-
-    const otpRecord = new Otp({ email, otp, purpose });
-    return await otpRecord.save();
+  static async storeOtp(email, purpose, otp, ttl = 600) {
+    await redisClient.set(`otp:${purpose}:${email}`, otp, "EX", ttl);
   }
 
-  static async findOtp(email, purpose) {
-    return await Otp.findOne({ email, purpose }).sort({ createdAt: -1 });
+  static async getOtp(email, purpose) {
+    return await redisClient.get(`otp:${purpose}:${email}`);
   }
 
   static async deleteOtp(email, purpose) {
-    return await Otp.deleteMany({ email, purpose });
+    await redisClient.del(`otp:${purpose}:${email}`);
   }
 }
 
 export default AuthRepository;
+