Merge branch 'Kritika75:main' into design/masthead

sneha-tech03 · web-flow · commit a2607fdb4e06 · 2025-08-27T14:09:04.000+05:30
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,5 +1,7 @@
 {
   "dependencies": {
+    "nodemailer": "^7.0.5",
+    "zod": "^4.1.3",
     "nodemailer": "^7.0.5"
   }
 }
diff --git a/server/routes/auth.js b/server/routes/auth.js
@@ -2,9 +2,16 @@ const express = require('express')
 const bcrypt = require('bcryptjs')
 const jwt = require('jsonwebtoken')
 const User = require('../models/User')
+const { 
+  signupSchema, 
+  loginSchema, 
+  forgotPasswordSchema, 
+  resetPasswordSchema, 
+  validate 
+} = require('../validators/authValidator')
 const router = express.Router()
 
-router.post('/signup', async (req, res) => {
+router.post('/signup', validate(signupSchema), async (req, res) => {
   try {
     const { username, email, password } = req.body
     const existing = await User.findOne({ email })
diff --git a/server/test/auth.test.js b/server/test/auth.test.js
@@ -0,0 +1,48 @@
+const request = require('supertest');
+const app = require('../server'); // Assuming you have an Express app exported from server.js
+
+describe('Auth Routes', () => {
+  it('should validate signup input', async () => {
+    const response = await request(app)
+      .post('/signup')
+      .send({
+        username: 'us', // Invalid username
+        email: 'invalid-email', // Invalid email
+        password: 'short' // Invalid password
+      });
+    expect(response.status).toBe(400);
+    expect(response.body).toHaveProperty('errors');
+  });
+
+  it('should validate login input', async () => {
+    const response = await request(app)
+      .post('/login')
+      .send({
+        email: 'invalid-email', // Invalid email
+        password: '' // Invalid password
+      });
+    expect(response.status).toBe(400);
+    expect(response.body).toHaveProperty('errors');
+  });
+
+  it('should validate forgot password input', async () => {
+    const response = await request(app)
+      .post('/forgot-password')
+      .send({
+        email: 'invalid-email' // Invalid email
+      });
+    expect(response.status).toBe(400);
+    expect(response.body).toHaveProperty('errors');
+  });
+
+  it('should validate reset password input', async () => {
+    const response = await request(app)
+      .post('/reset-password')
+      .send({
+        token: '', // Invalid token
+        password: 'short' // Invalid password
+      });
+    expect(response.status).toBe(400);
+    expect(response.body).toHaveProperty('errors');
+  });
+});
diff --git a/server/validators/authValidator.js b/server/validators/authValidator.js
@@ -0,0 +1,74 @@
+const { z } = require('zod');
+
+// Signup validation schema
+const signupSchema = z.object({
+  username: z.string()
+    .min(3, 'Username must be at least 3 characters long')
+    .max(30, 'Username cannot exceed 30 characters')
+    .regex(/^[a-zA-Z0-9_]+$/, 'Username can only contain letters, numbers, and underscores'),
+  email: z.string()
+    .email('Invalid email address')
+    .max(255, 'Email cannot exceed 255 characters'),
+  password: z.string()
+    .min(8, 'Password must be at least 8 characters long')
+    .max(100, 'Password cannot exceed 100 characters')
+    .regex(/[a-z]/, 'Password must contain at least one lowercase letter')
+    .regex(/[A-Z]/, 'Password must contain at least one uppercase letter')
+    .regex(/[0-9]/, 'Password must contain at least one number')
+    .regex(/[^a-zA-Z0-9]/, 'Password must contain at least one special character')
+});
+
+// Login validation schema
+const loginSchema = z.object({
+  email: z.string()
+    .email('Invalid email address'),
+  password: z.string()
+    .min(1, 'Password is required')
+});
+
+// Forgot password validation schema
+const forgotPasswordSchema = z.object({
+  email: z.string()
+    .email('Invalid email address')
+});
+
+// Reset password validation schema
+const resetPasswordSchema = z.object({
+  token: z.string()
+    .min(1, 'Token is required'),
+  password: z.string()
+    .min(8, 'Password must be at least 8 characters long')
+    .max(100, 'Password cannot exceed 100 characters')
+    .regex(/[a-z]/, 'Password must contain at least one lowercase letter')
+    .regex(/[A-Z]/, 'Password must contain at least one uppercase letter')
+    .regex(/[0-9]/, 'Password must contain at least one number')
+    .regex(/[^a-zA-Z0-9]/, 'Password must contain at least one special character')
+});
+
+// Validation middleware function
+const validate = (schema) => (req, res, next) => {
+  try {
+    schema.parse(req.body);
+    next();
+  } catch (error) {
+    if (error instanceof z.ZodError) {
+      const errors = error.errors.map(err => ({
+        field: err.path.join('.'),
+        message: err.message
+      }));
+      return res.status(400).json({
+        message: 'Validation failed',
+        errors
+      });
+    }
+    next(error);
+  }
+};
+
+module.exports = {
+  signupSchema,
+  loginSchema,
+  forgotPasswordSchema,
+  resetPasswordSchema,
+  validate
+};

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"dependencies": {`
	`3`	`+ "nodemailer": "^7.0.5",`
	`4`	`+ "zod": "^4.1.3",`
`3`	`5`	`"nodemailer": "^7.0.5"`
`4`	`6`	`}`
`5`	`7`	`}`