3788274f73
Phase 1 - Step 3: Authentication API **Backend Authentication:** - bcryptjs for password hashing (salt rounds: 10) - JWT tokens with 24h expiration - Secure password storage (never expose passwordHash) **API Endpoints:** - POST /api/auth/register - User registration - Username validation (3-50 chars, alphanumeric + underscore) - Email validation and normalization - Password validation (min 6 chars) - Duplicate email/username detection - Auto-generated avatar (ui-avatars.com) - POST /api/auth/login - User authentication - Email + password credentials - Returns JWT token + user data - Invalid credentials protection - GET /api/users/me - Get current user (protected) - Requires valid JWT token - Returns user data + stats (matches, ratings) - Token validation via middleware **Security Features:** - express-validator for input sanitization - Auth middleware for protected routes - Token verification (Bearer token) - Password never returned in responses - Proper error messages (no information leakage) **Frontend Integration:** - API service layer (frontend/src/services/api.js) - Updated AuthContext to use real API - Token storage in localStorage - Automatic token inclusion in requests - Error handling for expired/invalid tokens **Unit Tests (30 tests, 78.26% coverage):** Auth Endpoints (14 tests): - ✅ Register: success, duplicate email, duplicate username - ✅ Register validation: invalid email, short password, short username - ✅ Login: success, wrong password, non-existent user, invalid format - ✅ Protected route: valid token, no token, invalid token, malformed header Auth Utils (9 tests): - ✅ Password hashing and comparison - ✅ Different hashes for same password - ✅ JWT generation and verification - ✅ Token expiration validation - ✅ Invalid token handling All tests passing ✅ Coverage: 78.26% ✅
spotlight.cam Backend
Node.js + Express backend for spotlight.cam - P2P video exchange app for dance events.
Features
- ✅ Express REST API
- ✅ CORS enabled
- ✅ Health check endpoint
- ✅ Error handling
- ✅ Unit tests (Jest + Supertest)
- ⏳ PostgreSQL integration (planned)
- ⏳ JWT authentication (planned)
- ⏳ Socket.IO for real-time chat (planned)
- ⏳ WebRTC signaling (planned)
API Endpoints
Health Check
GET /api/health- Backend health status
Future Endpoints
POST /api/auth/register- Register new userPOST /api/auth/login- Login userGET /api/users/me- Get current userGET /api/events- List eventsPOST /api/matches- Create matchPOST /api/ratings- Rate partner
Development
Install dependencies
npm install
Run in development mode
npm run dev
Run tests
npm test
Run tests in watch mode
npm run test:watch
Run in production mode
npm start
Environment Variables
Create a .env file (see .env.example):
NODE_ENV=development
PORT=3000
CORS_ORIGIN=http://localhost:8080
Project Structure
backend/
├── src/
│ ├── __tests__/ # Unit tests
│ │ └── app.test.js
│ ├── routes/ # API routes (future)
│ ├── controllers/ # Business logic (future)
│ ├── middleware/ # Custom middleware (future)
│ ├── utils/ # Helper functions (future)
│ ├── app.js # Express app setup
│ └── server.js # Server entry point
├── .env # Environment variables (gitignored)
├── .env.example # Environment variables template
├── package.json
└── Dockerfile
Testing
Tests are written using:
- Jest - Test framework
- Supertest - HTTP assertions
Run tests:
npm test
Current test coverage:
- Health check endpoint
- 404 error handling
- CORS configuration
- JSON body parsing
Docker
Build and run with Docker Compose (from project root):
docker compose up --build
Backend will be available at:
- Internal: http://backend:3000
- Through nginx: http://localhost:8080/api
Next Steps
- ✅ Basic Express setup
- ✅ Health check endpoint
- ✅ Unit tests
- ⏳ PostgreSQL connection
- ⏳ Database schema and migrations
- ⏳ Authentication (JWT + bcrypt)
- ⏳ Socket.IO for real-time chat
- ⏳ WebRTC signaling
License
TBD