Refactor/login register

backend/db.js → backend/config/db.js

@@ -5,10 +5,8 @@ dotenv.config();
 const connectDB = async () => {
   try {
     const ConnectDB = process.env.MONGODB_URI;
-    await mongoose.connect(ConnectDB, {
-      useNewUrlParser: true,
-      useUnifiedTopology: true,
-    });
+    //Removing the options as they are no longer needed from mongoose6+
+    await mongoose.connect(ConnectDB);
     console.log("MongoDB Connected");
   } catch (error) {
     console.error("MongoDB Connection Error:", error);

backend/config/passportConfig.js

@@ -0,0 +1,113 @@
+const passport = require("passport");
+const GoogleStrategy = require("passport-google-oauth20").Strategy;
+const LocalStrategy = require("passport-local").Strategy;
+const isIITBhilaiEmail = require("../utils/isIITBhilaiEmail");
+const User = require("../models/userSchema");
+const { loginValidate } = require("../utils/authValidate");
+const bcrypt = require("bcrypt");
+// Google OAuth Strategy
+passport.use(
+  new GoogleStrategy(
+    {
+      clientID: process.env.GOOGLE_CLIENT_ID,
+      clientSecret: process.env.GOOGLE_CLIENT_SECRET,
+      callbackURL: `${process.env.BACKEND_URL}/auth/google/verify`, // Update with your callback URL
+    },
+    async (accessToken, refreshToken, profile, done) => {
+      // Check if the user already exists in your database
+      const email = profile.emails?.[0]?.value;  
+      if (!email) {  
+        return done(null, false, { message: "Email not available from Google." });  
+      }  
+      if (!isIITBhilaiEmail(profile.emails[0].value)) {
+        console.log("Google OAuth blocked for: ", profile.emails[0].value);
+        return done(null, false, {
+          message: "Only @iitbhilai.ac.in emails are allowed.",
+        });
+      }
+      try {
+        const user = await User.findOne({ username: email });
+
+        if (user) {
+          // If user exists, return the user
+          return done(null, user);
+        }
+        // If user doesn't exist, create a new user in your database
+        const newUser = await User.create({
+          username: email,
+          role: "STUDENT",
+          strategy: "google",
+          personal_info: {
+            name: profile.displayName || "No Name",
+            email: email,
+            profilePic:
+              profile.photos && profile.photos.length > 0
+                ? profile.photos[0].value
+                : "https://www.gravatar.com/avatar/?d=mp",
+          },
+          onboardingComplete: false,
+        });
+
+        return done(null, newUser);
+      } catch (error) {
+        return done(error);
+      }
+    },
+  ),
+);
+
+//Local Strategy
+passport.use(new LocalStrategy(async (username, password, done) => {
+
+  const result = loginValidate.safeParse({ username, password });
+
+  if (!result.success) {
+    let errors = result.error.issues.map((issue) => issue.message);
+    return done(null, false, {message: errors});
+  }
+
+  try{
+
+      const user = await User.findOne({ username });
+      if (!user) {
+        return done(null, false, {message: "Invalid user credentials"});
+      }
+
+
+      if (user.strategy !== "local" || !user.password) {
+          return done(null, false, { message: "Invalid login method" });
+      }
+
+      const isValid = await bcrypt.compare(password, user.password);
+      if (!isValid) {
+        return done(null, false, { message: "Invalid user credentials" });
+      }
+
+
+      return done(null, user);
+  }catch(err){
+    return done(err);
+  }
+
+}));
+
+
+//When login succeeds this will run 
+// serialize basically converts user obj into a format that can be transmitted(like a string, etc...)
+// here take user obj and done callback and store only userId in session 
+passport.serializeUser((user, done) => {
+  done(null, user._id.toString());
+});
+
+//When a request comes in, take the stored id, fetch full user from DB, and attach it to req.user.
+passport.deserializeUser(async (id, done) => {
+  try {
+    let user = await User.findById(id);
+    if(!user) return done(null, false);
+    done(null, user);
+  } catch (err) {
+    done(err, null);
+  }
+});
+
+module.exports = passport;

backend/controllers/certificateController.js

@@ -0,0 +1,152 @@
+const {
+  User,
+  PositionHolder,
+  Position,
+  OrganizationalUnit,
+} = require("../models/schema");
+const { CertificateBatch } = require("../models/certificateSchema");
+const { validateBatchSchema, zodObjectId } = require("../utils/batchValidate");
+
+async function createBatch(req, res) {
+  //console.log(req.user);
+  const id = req.user.id;
+  const user = await User.findById(id);
+  if (!user) {
+    return res.status(404).json({ messge: "Invalid data (User not found)" });
+  }
+
+  if (user.role && user.role !== "CLUB_COORDINATOR") {
+    return res.status(403).json({ message: "Not authorized to perform the task" });
+  }
+
+  //to get user club
+  // positionHolders({user_id: id}) -> positions({_id: position_id}) -> organizationalUnit({_id: unit_id}) -> unit_id = "Club name"
+  const { title, unit_id, commonData, template_id, users } = req.body;
+  const validation = validateBatchSchema.safeParse({
+    title,
+    unit_id,
+    commonData,
+    template_id,
+    users,
+  });
+
+  if (!validation.success) {
+    let errors = validation.error.issues.map(issue => issue.message);
+    return res.status(400).json({ message: errors });
+  }
+
+  // Get coordinator's position and unit
+  const positionHolder = await PositionHolder.findOne({ user_id: id });
+  if (!positionHolder) {
+    return res.status(403).json({ message: "You are not part of any position in a unit" });
+  }
+
+  const position = await Position.findById(positionHolder.position_id);
+  console.log(position._id);
+  if (!position) {
+    return res.status(403).json({ message: "Your position is invalid" });
+  }
+
+  const userUnitId = position.unit_id.toString();
+  if (userUnitId !== unit_id) {
+    return res
+      .status(403)
+      .json({
+        message:
+          "You are not authorized to initiate batches outside of your club",
+      });
+  }
+
+  //const clubId = unit_id;
+  // Ensure unit_id is a Club
+  const unitObj = await OrganizationalUnit.findById(unit_id);
+  if (!unitObj || unitObj.type !== "Club") {
+    return res
+      .status(403)
+      .json({ message: "Invalid Data: unit is not a Club" });
+  }
+  console.log(unitObj._id);
+
+  // Get council (parent unit) and ensure it's a Council
+  if (!unitObj.parent_unit_id) {
+    return res
+      .status(403)
+      .json({ message: "Invalid Data: club does not belong to a council" });
+  }
+  console.log(unitObj.parent_unit_id);
+
+  const councilObj = await OrganizationalUnit.findById(unitObj.parent_unit_id);
+  if (!councilObj || councilObj.type !== "Council") {
+    return res.status(403).json({ message: "Invalid Data: council not found" });
+  }
+
+  //const councilId = councilObj._id.toString();
+  const presidentOrgUnitId = councilObj.parent_unit_id;
+  const category = councilObj.category.toUpperCase();
+
+  // Resolve General Secretary and President for the council (server-side, tamper-proof)
+  const gensecObj = await User.findOne({ role: `GENSEC_${category}` });
+  console.log(gensecObj._id);
+
+  const presidentPosition = await Position.findOne({
+    unit_id: presidentOrgUnitId,
+    title: /president/i,
+  });
+  if (!presidentPosition) {
+    return res
+      .status(500)
+      .json({ message: "President position not found for council" });
+  }
+  console.log(presidentPosition._id);
+
+  const presidentHolder = await PositionHolder.findOne({
+    position_id: presidentPosition._id,
+  });
+  const presidentId = presidentHolder.user_id.toString();
+  console.log(presidentId);
+  const presidentObj = await User.findById(presidentId);
+
+  console.log(presidentObj._id);
+  if (!gensecObj || !presidentObj) {
+    return res.status(500).json({ message: "Approvers not found" });
+  }
+
+  const approverIds = [gensecObj._id.toString(), presidentId];
+
+  const userChecks = await Promise.all(
+    users.map(async (uid) => {
+      const validation = zodObjectId.safeParse(uid);
+      if (!validation) {
+        return { uid, ok: false, reason: "Invalid ID" };
+      }
+
+      const userObj = await User.findById(uid);
+      if (!userObj) return { uid, ok: false, reason: "User not found" };
+
+      return { uid, ok: true };
+    }),
+  );
+
+  const invalidData = userChecks.filter((c) => !c.ok);
+  if (invalidData.length > 0) {
+    return res
+      .status(400)
+      .json({ message: "Invalid user data sent", details: invalidData });
+  }
+
+  const newBatch = await CertificateBatch.create({
+    title,
+    unit_id,
+    commonData,
+    templateId: template_id,
+    initiatedBy: id,
+    approverIds,
+    users,
+  });
+
+  res.json({ message: "New Batch created successfully", details: newBatch });
+}
+
+module.exports = {
+  createBatch,
+};

backend/index.js

@@ -1,13 +1,14 @@
 const express = require("express");
 require("dotenv").config();
 // eslint-disable-next-line node/no-unpublished-require
+const { connectDB } = require("./config/db.js");
+const MongoStore = require("connect-mongo");
+const cookieParser = require("cookie-parser");
 const cors = require("cors");
 const routes_auth = require("./routes/auth");
 const routes_general = require("./routes/route");
 const session = require("express-session");
-const bodyParser = require("body-parser");
-const { connectDB } = require("./db");
-const myPassport = require("./models/passportConfig"); // Adjust the path accordingly
+const myPassport = require("./config/passportConfig.js"); // Adjust the path accordingly
 const onboardingRoutes = require("./routes/onboarding.js");
 const profileRoutes = require("./routes/profile.js");
 const feedbackRoutes = require("./routes/feedbackRoutes.js");
@@ -18,8 +19,8 @@ const positionsRoutes = require("./routes/positionRoutes.js");
 const organizationalUnitRoutes = require("./routes/orgUnit.js");
 const announcementRoutes = require("./routes/announcements.js");
 const dashboardRoutes = require("./routes/dashboard.js");
-
 const analyticsRoutes = require("./routes/analytics.js");
+const certificateRoutes = require("./routes/certificateRoutes.js");
 const app = express();
 
 if (process.env.NODE_ENV === "production") {
@@ -28,23 +29,32 @@ if (process.env.NODE_ENV === "production") {
 
 app.use(cors({ origin: process.env.FRONTEND_URL, credentials: true }));
 
-// Connect to MongoDB
-connectDB();
 
-app.use(bodyParser.json());
+app.use(cookieParser());
+
+//Replaced bodyParser with express.json() - the new standard
+app.use(express.json());
 
 app.use(
   session({
-    secret: "keyboard cat",
+    secret: process.env.SESSION_SECRET,
     resave: false,
     saveUninitialized: false,
     cookie: {
       secure: process.env.NODE_ENV === "production", // HTTPS only in prod
       sameSite: process.env.NODE_ENV === "production" ? "none" : "lax", // cross-origin in prod
+      maxAge: 60*60*1000
     },
+    store: MongoStore.create({
+      mongoUrl: process.env.MONGODB_URI,
+      ttl: 60*60*1000,
+      collectionName: "sessions"
+    }),
+    name: "token"
   }),
 );
 
+//Needed to initialize passport and all helper methods to req object
 app.use(myPassport.initialize());
 app.use(myPassport.session());
 
@@ -67,8 +77,14 @@ app.use("/api/announcements", announcementRoutes);
 app.use("/api/dashboard", dashboardRoutes);
 app.use("/api/announcements", announcementRoutes);
 app.use("/api/analytics", analyticsRoutes);
+app.use("/api/certificate-batches", certificateRoutes);
 
 // Start the server
-app.listen(process.env.PORT || 8000, () => {
-  console.log(`connected to port ${process.env.PORT || 8000}`);
-});
+
+(async function(){
+  // Connect to MongoDB
+  await connectDB();
+  app.listen(process.env.PORT || 5000, () => {
+    console.log(`connected to port ${process.env.PORT || 5000}`);
+  });
+})();