Problem Statement
If users forget their password, they cannot access their account since there is no password recovery flow. Users are forced to create a new account, losing all previous chat logs.
Proposed Solution
Implement a secure password reset system:
- Email Service: Set up
nodemailer in the backend.
- Tokens: Add reset token fields (
resetPasswordToken, resetPasswordExpires) to the User schema.
- Endpoints: Create
/api/auth/forgot-password (sends email with token link) and /api/auth/reset-password/:token (updates password).
- Views: Build "Forgot Password" forms in the frontend login flow.
Alternatives Considered
Using third-party auth engines like Firebase Auth, but updating the custom local auth stack is preferred to keep self-hosting simple.
Additional Context
Level: Intermediate
Affected Files: backend/src/controllers/auth.controller.js, backend/src/models/user.model.js, frontend/pages/LoginPage.jsx
Can you please assign this issue to me? I would like to work on this.
Problem Statement
If users forget their password, they cannot access their account since there is no password recovery flow. Users are forced to create a new account, losing all previous chat logs.
Proposed Solution
Implement a secure password reset system:
nodemailerin the backend.resetPasswordToken,resetPasswordExpires) to theUserschema./api/auth/forgot-password(sends email with token link) and/api/auth/reset-password/:token(updates password).Alternatives Considered
Using third-party auth engines like Firebase Auth, but updating the custom local auth stack is preferred to keep self-hosting simple.
Additional Context
Level: Intermediate
Affected Files:
backend/src/controllers/auth.controller.js,backend/src/models/user.model.js,frontend/pages/LoginPage.jsxCan you please assign this issue to me? I would like to work on this.