more secure token handling

backend/models/User.js

@@ -40,7 +40,7 @@ const User = sequelize.define(
       allowNull: true,
     },
     authProvider: {
-      type: DataTypes.ENUM("local", "google", "apple"),
+      type: DataTypes.ENUM("local", "google"),
       defaultValue: "local",
     },
     providerId: {
@@ -141,35 +141,35 @@ const MAX_LOGIN_ATTEMPTS = 5;
 const LOCK_TIME = 2 * 60 * 60 * 1000; // 2 hours
 
 // Check if account is locked
-User.prototype.isLocked = function() {
+User.prototype.isLocked = function () {
   return !!(this.lockUntil && this.lockUntil > Date.now());
 };
 
 // Increment login attempts and lock account if necessary
-User.prototype.incLoginAttempts = async function() {
+User.prototype.incLoginAttempts = async function () {
   // If we have a previous lock that has expired, restart at 1
   if (this.lockUntil && this.lockUntil < Date.now()) {
     return this.update({
       loginAttempts: 1,
-      lockUntil: null
+      lockUntil: null,
     });
   }
-  
+
   const updates = { loginAttempts: this.loginAttempts + 1 };
-  
+
   // Lock account after max attempts
   if (this.loginAttempts + 1 >= MAX_LOGIN_ATTEMPTS && !this.isLocked()) {
     updates.lockUntil = Date.now() + LOCK_TIME;
   }
-  
+
   return this.update(updates);
 };
 
 // Reset login attempts after successful login
-User.prototype.resetLoginAttempts = async function() {
+User.prototype.resetLoginAttempts = async function () {
   return this.update({
     loginAttempts: 0,
-    lockUntil: null
+    lockUntil: null,
   });
 };