2025-11-12 21:42:52 +01:00
|
|
|
const express = require('express');
|
|
|
|
|
const cors = require('cors');
|
|
|
|
|
|
|
|
|
|
const app = express();
|
|
|
|
|
|
|
|
|
|
// Middleware
|
|
|
|
|
app.use(cors({
|
|
|
|
|
origin: process.env.CORS_ORIGIN || 'http://localhost:8080',
|
|
|
|
|
credentials: true
|
|
|
|
|
}));
|
|
|
|
|
app.use(express.json());
|
|
|
|
|
app.use(express.urlencoded({ extended: true }));
|
|
|
|
|
|
|
|
|
|
// Request logging middleware
|
|
|
|
|
app.use((req, res, next) => {
|
|
|
|
|
console.log(`${new Date().toISOString()} - ${req.method} ${req.path}`);
|
|
|
|
|
next();
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
// Health check endpoint
|
|
|
|
|
app.get('/api/health', (req, res) => {
|
|
|
|
|
res.status(200).json({
|
|
|
|
|
status: 'ok',
|
|
|
|
|
message: 'Backend is running',
|
|
|
|
|
timestamp: new Date().toISOString(),
|
|
|
|
|
environment: process.env.NODE_ENV || 'development'
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
2025-11-12 21:56:11 +01:00
|
|
|
// API routes
|
feat: add JWT authentication with complete test coverage
Phase 1 - Step 3: Authentication API
**Backend Authentication:**
- bcryptjs for password hashing (salt rounds: 10)
- JWT tokens with 24h expiration
- Secure password storage (never expose passwordHash)
**API Endpoints:**
- POST /api/auth/register - User registration
- Username validation (3-50 chars, alphanumeric + underscore)
- Email validation and normalization
- Password validation (min 6 chars)
- Duplicate email/username detection
- Auto-generated avatar (ui-avatars.com)
- POST /api/auth/login - User authentication
- Email + password credentials
- Returns JWT token + user data
- Invalid credentials protection
- GET /api/users/me - Get current user (protected)
- Requires valid JWT token
- Returns user data + stats (matches, ratings)
- Token validation via middleware
**Security Features:**
- express-validator for input sanitization
- Auth middleware for protected routes
- Token verification (Bearer token)
- Password never returned in responses
- Proper error messages (no information leakage)
**Frontend Integration:**
- API service layer (frontend/src/services/api.js)
- Updated AuthContext to use real API
- Token storage in localStorage
- Automatic token inclusion in requests
- Error handling for expired/invalid tokens
**Unit Tests (30 tests, 78.26% coverage):**
Auth Endpoints (14 tests):
- ✅ Register: success, duplicate email, duplicate username
- ✅ Register validation: invalid email, short password, short username
- ✅ Login: success, wrong password, non-existent user, invalid format
- ✅ Protected route: valid token, no token, invalid token, malformed header
Auth Utils (9 tests):
- ✅ Password hashing and comparison
- ✅ Different hashes for same password
- ✅ JWT generation and verification
- ✅ Token expiration validation
- ✅ Invalid token handling
All tests passing ✅
Coverage: 78.26% ✅
2025-11-12 22:16:14 +01:00
|
|
|
app.use('/api/auth', require('./routes/auth'));
|
|
|
|
|
app.use('/api/users', require('./routes/users'));
|
2025-11-12 21:56:11 +01:00
|
|
|
app.use('/api/events', require('./routes/events'));
|
feat: add email verification, password reset, and WSDC integration (Phase 1.5)
Backend features:
- AWS SES email service with HTML templates
- Email verification with dual method (link + 6-digit PIN code)
- Password reset workflow with secure tokens
- WSDC API proxy for dancer lookup and auto-fill registration
- Extended User model with verification and WSDC fields
- Email verification middleware for protected routes
Frontend features:
- Two-step registration with WSDC ID lookup
- Password strength indicator component
- Email verification page with code input
- Password reset flow (request + reset pages)
- Verification banner for unverified users
- Updated authentication context and API service
Testing:
- 65 unit tests with 100% coverage of new features
- Tests for auth utils, email service, WSDC controller, and middleware
- Integration tests for full authentication flows
- Comprehensive mocking of AWS SES and external APIs
Database:
- Migration: add WSDC fields (firstName, lastName, wsdcId)
- Migration: add email verification fields (token, code, expiry)
- Migration: add password reset fields (token, expiry)
Documentation:
- Complete Phase 1.5 documentation
- Test suite documentation and best practices
- Updated session context with new features
2025-11-13 15:47:54 +01:00
|
|
|
app.use('/api/wsdc', require('./routes/wsdc'));
|
2025-11-12 21:42:52 +01:00
|
|
|
// app.use('/api/matches', require('./routes/matches'));
|
|
|
|
|
// app.use('/api/ratings', require('./routes/ratings'));
|
|
|
|
|
|
|
|
|
|
// 404 handler
|
|
|
|
|
app.use((req, res) => {
|
|
|
|
|
res.status(404).json({
|
|
|
|
|
error: 'Not Found',
|
|
|
|
|
message: `Cannot ${req.method} ${req.path}`
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
// Error handler
|
|
|
|
|
app.use((err, req, res, next) => {
|
|
|
|
|
console.error('Error:', err);
|
|
|
|
|
res.status(err.status || 500).json({
|
|
|
|
|
error: err.message || 'Internal Server Error',
|
|
|
|
|
...(process.env.NODE_ENV === 'development' && { stack: err.stack })
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
module.exports = app;
|