google sign in

backend/routes/auth.js

@@ -1,8 +1,11 @@
 const express = require("express");
 const jwt = require("jsonwebtoken");
+const { OAuth2Client } = require("google-auth-library");
 const { User } = require("../models"); // Import from models/index.js to get models with associations
 const router = express.Router();
 
+const googleClient = new OAuth2Client(process.env.GOOGLE_CLIENT_ID);
+
 router.post("/register", async (req, res) => {
   try {
     const { username, email, password, firstName, lastName, phone } = req.body;
@@ -74,4 +77,98 @@ router.post("/login", async (req, res) => {
   }
 });
 
+router.post("/google", async (req, res) => {
+  try {
+    const { idToken } = req.body;
+
+    if (!idToken) {
+      return res.status(400).json({ error: "ID token is required" });
+    }
+
+    // Verify the Google ID token
+    const ticket = await googleClient.verifyIdToken({
+      idToken,
+      audience: process.env.GOOGLE_CLIENT_ID,
+    });
+
+    const payload = ticket.getPayload();
+    const {
+      sub: googleId,
+      email,
+      given_name: firstName,
+      family_name: lastName,
+      picture,
+    } = payload;
+
+    if (!email || !firstName || !lastName) {
+      return res
+        .status(400)
+        .json({ error: "Required user information not provided by Google" });
+    }
+
+    // Check if user exists by Google ID first
+    let user = await User.findOne({
+      where: { providerId: googleId, authProvider: "google" },
+    });
+
+    if (!user) {
+      // Check if user exists with same email but different auth provider
+      const existingUser = await User.findOne({ where: { email } });
+      if (existingUser) {
+        return res.status(409).json({
+          error:
+            "An account with this email already exists. Please use email/password login.",
+        });
+      }
+
+      // Create new user
+      user = await User.create({
+        email,
+        firstName,
+        lastName,
+        authProvider: "google",
+        providerId: googleId,
+        profileImage: picture,
+        username: email.split("@")[0] + "_" + googleId.slice(-6), // Generate unique username
+      });
+    }
+
+    // Generate JWT token
+    const token = jwt.sign({ id: user.id }, process.env.JWT_SECRET, {
+      expiresIn: "7d",
+    });
+
+    res.json({
+      user: {
+        id: user.id,
+        username: user.username,
+        email: user.email,
+        firstName: user.firstName,
+        lastName: user.lastName,
+        profileImage: user.profileImage,
+      },
+      token,
+    });
+  } catch (error) {
+    if (error.message && error.message.includes("Token used too late")) {
+      return res
+        .status(401)
+        .json({ error: "Google token has expired. Please try again." });
+    }
+    if (error.message && error.message.includes("Invalid token")) {
+      return res
+        .status(401)
+        .json({ error: "Invalid Google token. Please try again." });
+    }
+    if (error.message && error.message.includes("Wrong number of segments")) {
+      return res
+        .status(400)
+        .json({ error: "Malformed Google token. Please try again." });
+    }
+    res
+      .status(500)
+      .json({ error: "Failed to authenticate with Google: " + error.message });
+  }
+});
+
 module.exports = router;

backend/routes/phone-auth.js

@@ -1,145 +0,0 @@
-const express = require("express");
-const router = express.Router();
-const jwt = require("jsonwebtoken");
-const { User } = require("../models");
-
-// Temporary in-memory storage for verification codes
-// In production, use Redis or a database
-const verificationCodes = new Map();
-
-// Generate random 6-digit code
-const generateVerificationCode = () => {
-  return Math.floor(100000 + Math.random() * 900000).toString();
-};
-
-// Send verification code
-router.post("/send-code", async (req, res) => {
-  try {
-    const { phoneNumber } = req.body;
-
-    if (!phoneNumber) {
-      return res.status(400).json({ message: "Phone number is required" });
-    }
-
-    // Generate and store verification code
-    const code = generateVerificationCode();
-    verificationCodes.set(phoneNumber, {
-      code,
-      createdAt: Date.now(),
-      attempts: 0,
-    });
-
-    // TODO: Integrate with SMS service (Twilio, AWS SNS, etc.)
-    // For development, log the code
-    console.log(`Verification code for ${phoneNumber}: ${code}`);
-
-    res.json({
-      message: "Verification code sent",
-      // Remove this in production - only for development
-      devCode: code,
-    });
-  } catch (error) {
-    console.error("Error sending verification code:", error);
-    res.status(500).json({ message: "Failed to send verification code" });
-  }
-});
-
-// Verify code and create/login user
-router.post("/verify-code", async (req, res) => {
-  try {
-    const { phoneNumber, code, firstName, lastName } = req.body;
-
-    if (!phoneNumber || !code) {
-      return res
-        .status(400)
-        .json({ message: "Phone number and code are required" });
-    }
-
-    // Check verification code
-    const storedData = verificationCodes.get(phoneNumber);
-
-    if (!storedData) {
-      return res.status(400).json({
-        message: "No verification code found. Please request a new one.",
-      });
-    }
-
-    // Check if code expired (10 minutes)
-    if (Date.now() - storedData.createdAt > 10 * 60 * 1000) {
-      verificationCodes.delete(phoneNumber);
-      return res.status(400).json({
-        message: "Verification code expired. Please request a new one.",
-      });
-    }
-
-    // Check attempts
-    if (storedData.attempts >= 3) {
-      verificationCodes.delete(phoneNumber);
-      return res.status(400).json({
-        message: "Too many failed attempts. Please request a new code.",
-      });
-    }
-
-    if (storedData.code !== code) {
-      storedData.attempts++;
-      return res.status(400).json({ message: "Invalid verification code" });
-    }
-
-    // Code is valid, remove it
-    verificationCodes.delete(phoneNumber);
-
-    // Find or create user
-    let user = await User.findOne({ where: { phone: phoneNumber } });
-
-    if (!user) {
-      // New user - require firstName and lastName
-      if (!firstName || !lastName) {
-        return res.status(400).json({
-          message: "First name and last name are required for new users",
-          isNewUser: true,
-        });
-      }
-
-      user = await User.create({
-        phone: phoneNumber,
-        phoneVerified: true,
-        firstName,
-        lastName,
-        authProvider: "phone",
-        // Generate a unique username from phone
-        username: `user_${phoneNumber
-          .replace(/\D/g, "")
-          .slice(-6)}_${Date.now().toString(36)}`,
-      });
-    } else {
-      // Existing user - update phone verification
-      await user.update({ phoneVerified: true });
-    }
-
-    // Generate JWT token
-    const token = jwt.sign(
-      { id: user.id, phone: user.phone },
-      process.env.JWT_SECRET,
-      { expiresIn: "7d" }
-    );
-
-    res.json({
-      message: "Phone verified successfully",
-      token,
-      user: {
-        id: user.id,
-        username: user.username,
-        firstName: user.firstName,
-        lastName: user.lastName,
-        phone: user.phone,
-        email: user.email,
-        phoneVerified: user.phoneVerified,
-      },
-    });
-  } catch (error) {
-    console.error("Error verifying code:", error);
-    res.status(500).json({ message: "Failed to verify code" });
-  }
-});
-
-module.exports = router;