email verfication after account creation, password component, added password special characters

backend/middleware/auth.js

@@ -94,4 +94,23 @@ const optionalAuth = async (req, res, next) => {
   }
 };
 
-module.exports = { authenticateToken, optionalAuth };
+// Require verified email middleware - must be used after authenticateToken
+const requireVerifiedEmail = (req, res, next) => {
+  if (!req.user) {
+    return res.status(401).json({
+      error: "Authentication required",
+      code: "NO_AUTH",
+    });
+  }
+
+  if (!req.user.isVerified) {
+    return res.status(403).json({
+      error: "Email verification required. Please verify your email address to perform this action.",
+      code: "EMAIL_NOT_VERIFIED",
+    });
+  }
+
+  next();
+};
+
+module.exports = { authenticateToken, optionalAuth, requireVerifiedEmail };

backend/middleware/validation.js

@@ -8,7 +8,7 @@ const purify = DOMPurify(window);
 
 // Password strength validation
 const passwordStrengthRegex =
-  /^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[a-zA-Z]).{8,}$/;
+  /^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[a-zA-Z])(?=.*[-@$!%*?&#^]).{8,}$/; //-@$!%*?&#^
 const commonPasswords = [
   "password",
   "123456",