From 269ee9889601fbf3dc94ee44b07b05c4de795daf Mon Sep 17 00:00:00 2001 From: Shruti Date: Mon, 11 Aug 2025 10:34:27 +0530 Subject: [PATCH 1/2] fix: validate user existence and password before login --- server/app.js | 10 +++++- server/controllers/user.controllers.js | 4 +-- server/middlewares/errorHandler.js | 13 ++++++++ server/utils/asyncHandler.js | 4 +-- src/components/LoginPage.jsx | 42 ++++++++++++++++++++++---- src/components/SignupPage.jsx | 35 +++++++++++++++++---- 6 files changed, 91 insertions(+), 17 deletions(-) create mode 100644 server/middlewares/errorHandler.js diff --git a/server/app.js b/server/app.js index 8033926..8610a35 100644 --- a/server/app.js +++ b/server/app.js @@ -1,9 +1,15 @@ import express from "express"; import cookieParser from "cookie-parser"; import cors from "cors"; +import userRoutes from "./routers/user.routers.js"; +import {errorHandler} from "./middlewares/errorHandler.js"; const app = express(); + +// app.use(cors({ credentials: true, origin: true})); + app.use(cors({ credentials: true, origin: process.env.CORS_ORIGIN })); + app.use(express.json({ limit: "16kb" })); app.use(express.urlencoded({ extended: true })); app.use(cookieParser()); @@ -14,7 +20,9 @@ app.get("/is-up", (req, res) => { }); // All the routes here -import userRoutes from "./routers/user.routers.js"; app.use("/api/v1/users", userRoutes); +// Error Handler +app.use(errorHandler); + export default app; diff --git a/server/controllers/user.controllers.js b/server/controllers/user.controllers.js index e9447f3..08ac05d 100644 --- a/server/controllers/user.controllers.js +++ b/server/controllers/user.controllers.js @@ -97,13 +97,13 @@ const loginUser = asyncHandler(async (req, res) => { }); if (!user) { - throw new ApiError(404, "No user with the current username or email"); + throw new ApiError(404, "Error : No user with the current username or email"); } const isPasswordCorrect = await user.isPasswordCorrect(password); if (!isPasswordCorrect) { - throw new ApiError(401, "Invalid password"); + throw new ApiError(401, "Error : Invalid password"); } //Generating user access and refresh tokens const { accessToken, refreshToken } = await generateAccessAndRefreshToken( diff --git a/server/middlewares/errorHandler.js b/server/middlewares/errorHandler.js new file mode 100644 index 0000000..c3b6621 --- /dev/null +++ b/server/middlewares/errorHandler.js @@ -0,0 +1,13 @@ +import ApiError from '../utils/ApiError.js'; + +export const errorHandler = (err, req, res, next) => { + console.error(err); + if (err instanceof ApiError) { + return res.status(err.statusCode).json({ + success: false, + message: err.message, + errors: err.errors || [], + }); + } + res.status(500).json({ success: false, message: "Internal Server Error" }); +}; diff --git a/server/utils/asyncHandler.js b/server/utils/asyncHandler.js index 514b9ee..9707647 100644 --- a/server/utils/asyncHandler.js +++ b/server/utils/asyncHandler.js @@ -1,8 +1,8 @@ // Wrapper function to handle asynchronous route handlers and forward errors to Express -const asycnHandler = (fn) => { +const asyncHandler = (fn) => { return (req, res, next) => { Promise.resolve(fn(req, res, next)).catch((err) => next(err)); }; }; -export default asycnHandler; +export default asyncHandler; diff --git a/src/components/LoginPage.jsx b/src/components/LoginPage.jsx index 129e10d..4eb2d12 100644 --- a/src/components/LoginPage.jsx +++ b/src/components/LoginPage.jsx @@ -9,18 +9,46 @@ export default function SignIn() { }); const navigate = useNavigate(); const [showPassword, setShowPassword] = useState(false); + const [error, setError] = useState(""); const handleInputChange = (e) => { const { name, value } = e.target; setUserInfo((prev) => ({ ...prev, [name]: value })); }; - const handleSubmit = (e) => { + const handleSubmit = async (e) => { e.preventDefault(); - - // For now, skip API call and just navigate - navigate("/dashboard"); + setError(""); + + try { + const response = await fetch("http://localhost:8000/api/v1/users/sign-in", { + method: "POST", + headers: { + "Content-Type": "application/json", + }, + credentials: "include", + body: JSON.stringify(userInfo), + }); + + if (response.ok) { + // Login success + navigate("/dashboard"); + } else { + // Attempt to parse error message + let errorMessage = "Login failed"; + try { + const errorData = await response.json(); + errorMessage = errorData.message || errorMessage; + } catch { + // If parsing fails, keep generic message + } + setError(errorMessage); + } + } catch (err) { + setError("Network error. Please try again."); + } }; + const togglePasswordVisibility = () => { setShowPassword(!showPassword); @@ -39,9 +67,11 @@ export default function SignIn() {

+ {error &&

{error}

} +
- +
@@ -60,7 +90,7 @@ export default function SignIn() {
- +
diff --git a/src/components/SignupPage.jsx b/src/components/SignupPage.jsx index cde9397..86ef691 100644 --- a/src/components/SignupPage.jsx +++ b/src/components/SignupPage.jsx @@ -23,19 +23,42 @@ export default function SignUp() { })); }; - const handleSubmit = (e) => { + const handleSubmit = async (e) => { e.preventDefault(); setError(""); - - // Password match check + if (formData.password !== formData.confirmPassword) { setError("Passwords do not match"); return; } - - // Directly navigate without authentication - navigate("/dashboard"); + + try { + const response = await fetch("http://localhost:8000/api/v1/users/sign-up", { + method: "POST", + headers: { + "Content-Type": "application/json", + }, + body: JSON.stringify({ + username: formData.name, + email: formData.email, + password: formData.password, + fullName: formData.name, + }), + }); + + if (!response.ok) { + const errorData = await response.json(); + setError(errorData.message || "Registration failed"); + return; + } + + // If registration is successful, navigate to dashboard or login page + navigate("/dashboard"); + } catch (err) { + setError("Network error. Please try again."); + } }; + return (
From 85fbfe528b19ba96f8bea3bdae87f46d79e1a6ff Mon Sep 17 00:00:00 2001 From: Shruti Date: Mon, 11 Aug 2025 21:13:53 +0530 Subject: [PATCH 2/2] fix: missing dotenv import causing network error on login failure --- server/app.js | 4 ++-- src/components/LoginPage.jsx | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/server/app.js b/server/app.js index 8610a35..95fea96 100644 --- a/server/app.js +++ b/server/app.js @@ -3,11 +3,11 @@ import cookieParser from "cookie-parser"; import cors from "cors"; import userRoutes from "./routers/user.routers.js"; import {errorHandler} from "./middlewares/errorHandler.js"; +import dotenv from 'dotenv'; +dotenv.config(); const app = express(); -// app.use(cors({ credentials: true, origin: true})); - app.use(cors({ credentials: true, origin: process.env.CORS_ORIGIN })); app.use(express.json({ limit: "16kb" })); diff --git a/src/components/LoginPage.jsx b/src/components/LoginPage.jsx index 4eb2d12..b028743 100644 --- a/src/components/LoginPage.jsx +++ b/src/components/LoginPage.jsx @@ -34,13 +34,13 @@ export default function SignIn() { // Login success navigate("/dashboard"); } else { - // Attempt to parse error message + // parse error message let errorMessage = "Login failed"; try { const errorData = await response.json(); errorMessage = errorData.message || errorMessage; - } catch { - // If parsing fails, keep generic message + } catch (err) { + setError("Network error. Please try again."); } setError(errorMessage); }