Jackie/rentall-app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

email verfication after account creation, password component, added password special characters

Browse Source
This commit is contained in:
jackiettran
2025-10-10 14:36:09 -04:00
parent 513347e8b7
commit 0a9b875a9d
19 changed files with 1305 additions and 86 deletions
Download Patch File Download Diff File Expand all files Collapse all files

179
backend/routes/auth.js
View File

@@ -3,6 +3,7 @@ const jwt = require("jsonwebtoken");
const { OAuth2Client } = require("google-auth-library");
const { User } = require("../models"); // Import from models/index.js to get models with associations
const logger = require("../utils/logger");
const emailService = require("../services/emailService");
const {
sanitizeInput,
validateRegistration,
@@ -62,6 +63,24 @@ router.post(
phone,
});
// Generate verification token and send email
await user.generateVerificationToken();
// Send verification email (don't block registration if email fails)
let verificationEmailSent = false;
try {
await emailService.sendVerificationEmail(user, user.verificationToken);
verificationEmailSent = true;
} catch (emailError) {
const reqLogger = logger.withRequestId(req.id);
reqLogger.error("Failed to send verification email", {
error: emailError.message,
userId: user.id,
email: user.email
});
// Continue with registration even if email fails
}
const token = jwt.sign({ id: user.id }, process.env.JWT_SECRET, {
expiresIn: "15m", // Short-lived access token
});
@@ -103,7 +122,9 @@ router.post(
email: user.email,
firstName: user.firstName,
lastName: user.lastName,
isVerified: user.isVerified,
},
verificationEmailSent,
// Don't send token in response body for security
});
} catch (error) {
@@ -195,6 +216,7 @@ router.post(
email: user.email,
firstName: user.firstName,
lastName: user.lastName,
isVerified: user.isVerified,
},
// Don't send token in response body for security
});
@@ -266,7 +288,7 @@ router.post(
});
}
// Create new user
// Create new user (Google OAuth users are auto-verified)
user = await User.create({
email,
firstName,
@@ -275,6 +297,8 @@ router.post(
providerId: googleId,
profileImage: picture,
username: email.split("@")[0] + "_" + googleId.slice(-6), // Generate unique username
isVerified: true,
verifiedAt: new Date(),
});
}
@@ -321,6 +345,7 @@ router.post(
firstName: user.firstName,
lastName: user.lastName,
profileImage: user.profileImage,
isVerified: user.isVerified,
},
// Don't send token in response body for security
});
@@ -348,6 +373,157 @@ router.post(
}
);
// Email verification endpoint
router.post("/verify-email", sanitizeInput, async (req, res) => {
try {
const { token } = req.body;
if (!token) {
return res.status(400).json({
error: "Verification token required",
code: "TOKEN_REQUIRED",
});
}
// Find user with this verification token
const user = await User.findOne({
where: { verificationToken: token },
});
if (!user) {
return res.status(400).json({
error: "Invalid verification token",
code: "VERIFICATION_TOKEN_INVALID",
});
}
// Check if already verified
if (user.isVerified) {
return res.status(400).json({
error: "Email already verified",
code: "ALREADY_VERIFIED",
});
}
// Check if token is valid (not expired)
if (!user.isVerificationTokenValid(token)) {
return res.status(400).json({
error: "Verification token has expired. Please request a new one.",
code: "VERIFICATION_TOKEN_EXPIRED",
});
}
// Verify the email
await user.verifyEmail();
const reqLogger = logger.withRequestId(req.id);
reqLogger.info("Email verified successfully", {
userId: user.id,
email: user.email,
});
res.json({
message: "Email verified successfully",
user: {
id: user.id,
email: user.email,
isVerified: true,
},
});
} catch (error) {
const reqLogger = logger.withRequestId(req.id);
reqLogger.error("Email verification error", {
error: error.message,
stack: error.stack,
});
res.status(500).json({
error: "Email verification failed. Please try again.",
});
}
});
// Resend verification email endpoint
router.post(
"/resend-verification",
loginLimiter, // Use login limiter for rate limiting (max 3 per hour)
sanitizeInput,
async (req, res) => {
try {
// Get user from cookies
const { accessToken } = req.cookies;
if (!accessToken) {
return res.status(401).json({
error: "Authentication required",
code: "NO_TOKEN",
});
}
const decoded = jwt.verify(accessToken, process.env.JWT_SECRET);
const user = await User.findByPk(decoded.id);
if (!user) {
return res.status(404).json({
error: "User not found",
code: "USER_NOT_FOUND",
});
}
// Check if already verified
if (user.isVerified) {
return res.status(400).json({
error: "Email already verified",
code: "ALREADY_VERIFIED",
});
}
// Generate new verification token
await user.generateVerificationToken();
// Send verification email
try {
await emailService.sendVerificationEmail(user, user.verificationToken);
} catch (emailError) {
const reqLogger = logger.withRequestId(req.id);
reqLogger.error("Failed to resend verification email", {
error: emailError.message,
userId: user.id,
email: user.email,
});
return res.status(500).json({
error: "Failed to send verification email. Please try again.",
});
}
const reqLogger = logger.withRequestId(req.id);
reqLogger.info("Verification email resent", {
userId: user.id,
email: user.email,
});
res.json({
message: "Verification email sent successfully",
});
} catch (error) {
if (error.name === "TokenExpiredError") {
return res.status(401).json({
error: "Session expired. Please log in again.",
code: "TOKEN_EXPIRED",
});
}
const reqLogger = logger.withRequestId(req.id);
reqLogger.error("Resend verification error", {
error: error.message,
stack: error.stack,
});
res.status(500).json({
error: "Failed to resend verification email. Please try again.",
});
}
}
);
// Refresh token endpoint
router.post("/refresh", async (req, res) => {
try {
@@ -395,6 +571,7 @@ router.post("/refresh", async (req, res) => {
email: user.email,
firstName: user.firstName,
lastName: user.lastName,
isVerified: user.isVerified,
},
});
} catch (error) {

4
backend/routes/items.js
View File

@@ -1,7 +1,7 @@
const express = require("express");
const { Op } = require("sequelize");
const { Item, User, Rental } = require("../models"); // Import from models/index.js to get models with associations
const { authenticateToken } = require("../middleware/auth");
const { authenticateToken, requireVerifiedEmail } = require("../middleware/auth");
const logger = require("../utils/logger");
const router = express.Router();
@@ -213,7 +213,7 @@ router.get("/:id", async (req, res) => {
}
});
router.post("/", authenticateToken, async (req, res) => {
router.post("/", authenticateToken, requireVerifiedEmail, async (req, res) => {
try {
const item = await Item.create({
...req.body,

4
backend/routes/rentals.js
View File

@@ -1,7 +1,7 @@
const express = require("express");
const { Op } = require("sequelize");
const { Rental, Item, User } = require("../models"); // Import from models/index.js to get models with associations
const { authenticateToken } = require("../middleware/auth");
const { authenticateToken, requireVerifiedEmail } = require("../middleware/auth");
const FeeCalculator = require("../utils/feeCalculator");
const RefundService = require("../services/refundService");
const LateReturnService = require("../services/lateReturnService");
@@ -152,7 +152,7 @@ router.get("/:id", authenticateToken, async (req, res) => {
}
});
router.post("/", authenticateToken, async (req, res) => {
router.post("/", authenticateToken, requireVerifiedEmail, async (req, res) => {
try {
const {
itemId,

7
backend/routes/stripe.js
View File

@@ -1,5 +1,5 @@
const express = require("express");
const { authenticateToken } = require("../middleware/auth");
const { authenticateToken, requireVerifiedEmail } = require("../middleware/auth");
const { User, Item } = require("../models");
const StripeService = require("../services/stripeService");
const logger = require("../utils/logger");
@@ -39,7 +39,7 @@ router.get("/checkout-session/:sessionId", async (req, res) => {
});
// Create connected account
router.post("/accounts", authenticateToken, async (req, res) => {
router.post("/accounts", authenticateToken, requireVerifiedEmail, async (req, res) => {
try {
const user = await User.findByPk(req.user.id);
@@ -87,7 +87,7 @@ router.post("/accounts", authenticateToken, async (req, res) => {
});
// Generate onboarding link
router.post("/account-links", authenticateToken, async (req, res) => {
router.post("/account-links", authenticateToken, requireVerifiedEmail, async (req, res) => {
try {
const user = await User.findByPk(req.user.id);
@@ -176,6 +176,7 @@ router.get("/account-status", authenticateToken, async (req, res) => {
router.post(
"/create-setup-checkout-session",
authenticateToken,
requireVerifiedEmail,
async (req, res) => {
try {
const { rentalData } = req.body;