Jackie/rentall-app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

working on new login sign up flow

Browse Source
This commit is contained in:
jackiettran
2025-07-29 23:48:09 -04:00
parent 6cba15d36a
commit 72d79596ce
10 changed files with 763 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
backend/middleware/auth.js
View File

@@ -11,7 +11,14 @@ const authenticateToken = async (req, res, next) => {
try {
const decoded = jwt.verify(token, process.env.JWT_SECRET);
const user = await User.findByPk(decoded.userId);
// Handle both 'userId' and 'id' for backward compatibility
const userId = decoded.userId || decoded.id;
if (!userId) {
return res.status(401).json({ error: 'Invalid token format' });
}
const user = await User.findByPk(userId);
if (!user) {
return res.status(401).json({ error: 'User not found' });
@@ -20,6 +27,7 @@ const authenticateToken = async (req, res, next) => {
req.user = user;
next();
} catch (error) {
console.error('Auth middleware error:', error);
return res.status(403).json({ error: 'Invalid or expired token' });
}
};

48
backend/models/User.js
View File

@@ -11,19 +11,19 @@ const User = sequelize.define('User', {
username: {
type: DataTypes.STRING,
unique: true,
allowNull: false
allowNull: true
},
email: {
type: DataTypes.STRING,
unique: true,
allowNull: false,
allowNull: true,
validate: {
isEmail: true
}
},
password: {
type: DataTypes.STRING,
allowNull: false
allowNull: true
},
firstName: {
type: DataTypes.STRING,
@@ -34,10 +34,39 @@ const User = sequelize.define('User', {
allowNull: false
},
phone: {
type: DataTypes.STRING,
unique: true,
allowNull: true
},
phoneVerified: {
type: DataTypes.BOOLEAN,
defaultValue: false
},
authProvider: {
type: DataTypes.ENUM('local', 'phone', 'google', 'apple', 'facebook'),
defaultValue: 'local'
},
providerId: {
type: DataTypes.STRING,
allowNull: true
},
address1: {
type: DataTypes.STRING
},
address: {
type: DataTypes.TEXT
address2: {
type: DataTypes.STRING
},
city: {
type: DataTypes.STRING
},
state: {
type: DataTypes.STRING
},
zipCode: {
type: DataTypes.STRING
},
country: {
type: DataTypes.STRING
},
profileImage: {
type: DataTypes.STRING
@@ -49,10 +78,12 @@ const User = sequelize.define('User', {
}, {
hooks: {
beforeCreate: async (user) => {
user.password = await bcrypt.hash(user.password, 10);
if (user.password) {
user.password = await bcrypt.hash(user.password, 10);
}
},
beforeUpdate: async (user) => {
if (user.changed('password')) {
if (user.changed('password') && user.password) {
user.password = await bcrypt.hash(user.password, 10);
}
}
@@ -60,6 +91,9 @@ const User = sequelize.define('User', {
});
User.prototype.comparePassword = async function(password) {
if (!this.password) {
return false;
}
return bcrypt.compare(password, this.password);
};

151
backend/routes/phone-auth.js Normal file
View File

@@ -0,0 +1,151 @@
const express = require("express");
const router = express.Router();
const jwt = require("jsonwebtoken");
const { User } = require("../models");
// Temporary in-memory storage for verification codes
// In production, use Redis or a database
const verificationCodes = new Map();
// Generate random 6-digit code
const generateVerificationCode = () => {
return Math.floor(100000 + Math.random() * 900000).toString();
};
// Send verification code
router.post("/send-code", async (req, res) => {
try {
const { phoneNumber } = req.body;
if (!phoneNumber) {
return res.status(400).json({ message: "Phone number is required" });
}
// Generate and store verification code
const code = generateVerificationCode();
verificationCodes.set(phoneNumber, {
code,
createdAt: Date.now(),
attempts: 0,
});
// TODO: Integrate with SMS service (Twilio, AWS SNS, etc.)
// For development, log the code
console.log(`Verification code for ${phoneNumber}: ${code}`);
res.json({
message: "Verification code sent",
// Remove this in production - only for development
devCode: code,
});
} catch (error) {
console.error("Error sending verification code:", error);
res.status(500).json({ message: "Failed to send verification code" });
}
});
// Verify code and create/login user
router.post("/verify-code", async (req, res) => {
try {
const { phoneNumber, code, firstName, lastName } = req.body;
if (!phoneNumber || !code) {
return res
.status(400)
.json({ message: "Phone number and code are required" });
}
// Check verification code
const storedData = verificationCodes.get(phoneNumber);
if (!storedData) {
return res
.status(400)
.json({
message: "No verification code found. Please request a new one.",
});
}
// Check if code expired (10 minutes)
if (Date.now() - storedData.createdAt > 10 * 60 * 1000) {
verificationCodes.delete(phoneNumber);
return res
.status(400)
.json({
message: "Verification code expired. Please request a new one.",
});
}
// Check attempts
if (storedData.attempts >= 3) {
verificationCodes.delete(phoneNumber);
return res
.status(400)
.json({
message: "Too many failed attempts. Please request a new code.",
});
}
if (storedData.code !== code) {
storedData.attempts++;
return res.status(400).json({ message: "Invalid verification code" });
}
// Code is valid, remove it
verificationCodes.delete(phoneNumber);
// Find or create user
let user = await User.findOne({ where: { phone: phoneNumber } });
if (!user) {
// New user - require firstName and lastName
if (!firstName || !lastName) {
return res.status(400).json({
message: "First name and last name are required for new users",
isNewUser: true,
});
}
user = await User.create({
phone: phoneNumber,
phoneVerified: true,
firstName,
lastName,
authProvider: "phone",
// Generate a unique username from phone
username: `user_${phoneNumber
.replace(/\D/g, "")
.slice(-6)}_${Date.now().toString(36)}`,
});
} else {
// Existing user - update phone verification
await user.update({ phoneVerified: true });
}
// Generate JWT token
const token = jwt.sign(
{ id: user.id, phone: user.phone },
process.env.JWT_SECRET,
{ expiresIn: "7d" }
);
res.json({
message: "Phone verified successfully",
token,
user: {
id: user.id,
username: user.username,
firstName: user.firstName,
lastName: user.lastName,
phone: user.phone,
email: user.email,
phoneVerified: user.phoneVerified,
},
});
} catch (error) {
console.error("Error verifying code:", error);
res.status(500).json({ message: "Failed to verify code" });
}
});
module.exports = router;

4
backend/server.js
View File

@@ -11,6 +11,7 @@ const bodyParser = require('body-parser');
const { sequelize } = require('./models'); // Import from models/index.js to ensure associations are loaded
const authRoutes = require('./routes/auth');
const phoneAuthRoutes = require('./routes/phone-auth');
const userRoutes = require('./routes/users');
const itemRoutes = require('./routes/items');
const rentalRoutes = require('./routes/rentals');
@@ -23,13 +24,14 @@ app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: true }));
app.use('/api/auth', authRoutes);
app.use('/api/auth/phone', phoneAuthRoutes);
app.use('/api/users', userRoutes);
app.use('/api/items', itemRoutes);
app.use('/api/rentals', rentalRoutes);
app.use('/api/messages', messageRoutes);
app.get('/', (req, res) => {
res.json({ message: 'Rentall API is running!' });
res.json({ message: 'CommunityRentals.App API is running!' });
});
const PORT = process.env.PORT || 5000;