Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add "Remember Me" checkbox to the login form #440

Merged
merged 9 commits into from
Nov 1, 2024
Merged

Add "Remember Me" checkbox to the login form #440

Show file tree
Hide file tree
Changes from 7 commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
1df68f2
docs(contributor): contrib-readme-action has updated readme
github-actions[bot] Oct 29, 2024
7df9c25
verified users
haseebzaki-07 Oct 29, 2024
c044a97
fix
haseebzaki-07 Oct 29, 2024
88e51c4
add verified users
haseebzaki-07 Oct 29, 2024
cfa4409
docs(contributor): contrib-readme-action has updated readme
github-actions[bot] Oct 29, 2024
e6b2d03
add dashboard
haseebzaki-07 Oct 30, 2024
c0ceedb
add remember me
haseebzaki-07 Oct 30, 2024
0483190
Merge branch 'main' into remember_me
haseebzaki-07 Oct 30, 2024
41ca0eb
docs(contributor): contrib-readme-action has updated readme
github-actions[bot] Oct 30, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
143 changes: 26 additions & 117 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -259,29 +259,13 @@ We extend our heartfelt gratitude to all the amazing contributors who have made
<sub><b>Arindam</b></sub>
</a>
</td>
<td align="center">
<a href="https://github.com/haseebzaki-07">
<img src="https://avatars.githubusercontent.com/u/147314463?v=4" width="100;" alt="haseebzaki-07"/>
<br />
<sub><b>Haseeb Zaki</b></sub>
</a>
</td>
<td align="center">
<a href="https://github.com/jainaryan04">
<img src="https://avatars.githubusercontent.com/u/138214350?v=4" width="100;" alt="jainaryan04"/>
<br />
<sub><b>Aryan Ramesh Jain</b></sub>
</a>
</td>
<td align="center">
<a href="https://github.com/alo7lika">
<img src="https://avatars.githubusercontent.com/u/152315710?v=4" width="100;" alt="alo7lika"/>
<br />
<sub><b>alolika bhowmik</b></sub>
</a>
</td>
</tr>
<tr>
<td align="center">
<a href="https://github.com/Ashwinib26">
<img src="https://avatars.githubusercontent.com/u/149402720?v=4" width="100;" alt="Ashwinib26"/>
Expand All @@ -296,6 +280,8 @@ We extend our heartfelt gratitude to all the amazing contributors who have made
<sub><b>Mahera Nayan</b></sub>
</a>
</td>
</tr>
<tr>
<td align="center">
<a href="https://github.com/tejasbenibagde">
<img src="https://avatars.githubusercontent.com/u/124677750?v=4" width="100;" alt="tejasbenibagde"/>
Expand All @@ -310,34 +296,25 @@ We extend our heartfelt gratitude to all the amazing contributors who have made
<sub><b>Tyarla Shirisha</b></sub>
</a>
</td>
<td align="center">
<a href="https://github.com/NilanchalaPanda">
<img src="https://avatars.githubusercontent.com/u/110488337?v=4" width="100;" alt="NilanchalaPanda"/>
<br />
<sub><b>Nilanchal</b></sub>
</a>
</td>
<td align="center">
<a href="https://github.com/Amnyadav">
<img src="https://avatars.githubusercontent.com/u/127370497?v=4" width="100;" alt="Amnyadav"/>
<br />
<sub><b>Aman Yadav</b></sub>
</a>
</td>
</tr>
<tr>
<td align="center">
<a href="https://github.com/VinayLodhi1712">
<img src="https://avatars.githubusercontent.com/u/135756009?v=4" width="100;" alt="VinayLodhi1712"/>
<a href="https://github.com/NilanchalaPanda">
<img src="https://avatars.githubusercontent.com/u/110488337?v=4" width="100;" alt="NilanchalaPanda"/>
<br />
<sub><b>Vinay Anand Lodhi</b></sub>
<sub><b>Nilanchal</b></sub>
</a>
</td>
<td align="center">
<a href="https://github.com/meghanakn22">
<img src="https://avatars.githubusercontent.com/u/172406754?v=4" width="100;" alt="meghanakn22"/>
<a href="https://github.com/haseebzaki-07">
<img src="https://avatars.githubusercontent.com/u/147314463?v=4" width="100;" alt="haseebzaki-07"/>
<br />
<sub><b>meghanakn22</b></sub>
<sub><b>Haseeb Zaki</b></sub>
</a>
</td>
<td align="center">
Expand All @@ -347,13 +324,8 @@ We extend our heartfelt gratitude to all the amazing contributors who have made
<sub><b>Sawan kushwah </b></sub>
</a>
</td>
<td align="center">
<a href="https://github.com/Sumanbhadra">
<img src="https://avatars.githubusercontent.com/u/93245252?v=4" width="100;" alt="Sumanbhadra"/>
<br />
<sub><b>Suman Bhadra</b></sub>
</a>
</td>
</tr>
<tr>
<td align="center">
<a href="https://github.com/Suhas-Koheda">
<img src="https://avatars.githubusercontent.com/u/72063139?v=4" width="100;" alt="Suhas-Koheda"/>
Expand All @@ -368,22 +340,13 @@ We extend our heartfelt gratitude to all the amazing contributors who have made
<sub><b>Jay shah</b></sub>
</a>
</td>
</tr>
<tr>
<td align="center">
<a href="https://github.com/vishnuprasad2004">
<img src="https://avatars.githubusercontent.com/u/116942066?v=4" width="100;" alt="vishnuprasad2004"/>
<br />
<sub><b>Vishnu Prasad Korada</b></sub>
</a>
</td>
<td align="center">
<a href="https://github.com/Sourabh782">
<img src="https://avatars.githubusercontent.com/u/103349890?v=4" width="100;" alt="Sourabh782"/>
<br />
<sub><b>Sourabh Singh Rawat</b></sub>
</a>
</td>
<td align="center">
<a href="https://github.com/sajalbatra">
<img src="https://avatars.githubusercontent.com/u/125984550?v=4" width="100;" alt="sajalbatra"/>
Expand All @@ -405,27 +368,20 @@ We extend our heartfelt gratitude to all the amazing contributors who have made
<sub><b>Abhijit Motekar</b></sub>
</a>
</td>
</tr>
<tr>
<td align="center">
<a href="https://github.com/Navneetdadhich">
<img src="https://avatars.githubusercontent.com/u/156535853?v=4" width="100;" alt="Navneetdadhich"/>
<br />
<sub><b>Navneet Dadhich</b></sub>
</a>
</td>
</tr>
<tr>
<td align="center">
<a href="https://github.com/CoderFleet">
<img src="https://avatars.githubusercontent.com/u/87255169?v=4" width="100;" alt="CoderFleet"/>
<br />
<sub><b>Rudransh Pratap Singh</b></sub>
</a>
</td>
<td align="center">
<a href="https://github.com/AE-Hertz">
<img src="https://avatars.githubusercontent.com/u/93651229?v=4" width="100;" alt="AE-Hertz"/>
<a href="https://github.com/VinayLodhi1712">
<img src="https://avatars.githubusercontent.com/u/135756009?v=4" width="100;" alt="VinayLodhi1712"/>
<br />
<sub><b>Abhinandan</b></sub>
<sub><b>Vinay Anand Lodhi</b></sub>
</a>
</td>
<td align="center">
Expand Down Expand Up @@ -458,13 +414,6 @@ We extend our heartfelt gratitude to all the amazing contributors who have made
</td>
</tr>
<tr>
<td align="center">
<a href="https://github.com/vaishnavipal1869">
<img src="https://avatars.githubusercontent.com/u/180996531?v=4" width="100;" alt="vaishnavipal1869"/>
<br />
<sub><b>vaishnavipal1869</b></sub>
</a>
</td>
<td align="center">
<a href="https://github.com/tanishirai">
<img src="https://avatars.githubusercontent.com/u/178164785?v=4" width="100;" alt="tanishirai"/>
Expand All @@ -480,49 +429,35 @@ We extend our heartfelt gratitude to all the amazing contributors who have made
</a>
</td>
<td align="center">
<a href="https://github.com/Shiva-Bajpai">
<img src="https://avatars.githubusercontent.com/u/141490705?v=4" width="100;" alt="Shiva-Bajpai"/>
<br />
<sub><b>Shiva Bajpai</b></sub>
</a>
</td>
<td align="center">
<a href="https://github.com/Pushpa472">
<img src="https://avatars.githubusercontent.com/u/116655535?v=4" width="100;" alt="Pushpa472"/>
<a href="https://github.com/Sourabh782">
<img src="https://avatars.githubusercontent.com/u/103349890?v=4" width="100;" alt="Sourabh782"/>
<br />
<sub><b>Pushpa Vishwakarma </b></sub>
<sub><b>Sourabh Singh Rawat</b></sub>
</a>
</td>
<td align="center">
<a href="https://github.com/Mansi07sharma">
<img src="https://avatars.githubusercontent.com/u/142892607?v=4" width="100;" alt="Mansi07sharma"/>
<a href="https://github.com/Shiva-Bajpai">
<img src="https://avatars.githubusercontent.com/u/141490705?v=4" width="100;" alt="Shiva-Bajpai"/>
<br />
<sub><b>Mansi Sharma</b></sub>
<sub><b>Shiva Bajpai</b></sub>
</a>
</td>
</tr>
<tr>
<td align="center">
<a href="https://github.com/devxMani">
<img src="https://avatars.githubusercontent.com/u/122438942?v=4" width="100;" alt="devxMani"/>
<br />
<sub><b>MANI </b></sub>
</a>
</td>
<td align="center">
<a href="https://github.com/meghanakn473">
<img src="https://avatars.githubusercontent.com/u/165137755?v=4" width="100;" alt="meghanakn473"/>
<br />
<sub><b>K N Meghana</b></sub>
</a>
</td>
<td align="center">
<a href="https://github.com/Ayush215mb">
<img src="https://avatars.githubusercontent.com/u/154300084?v=4" width="100;" alt="Ayush215mb"/>
<br />
<sub><b>Ayush Yadav</b></sub>
</a>
</td>
</tr>
<tr>
<td align="center">
<a href="https://github.com/smog-root">
<img src="https://avatars.githubusercontent.com/u/181578777?v=4" width="100;" alt="smog-root"/>
Expand All @@ -544,8 +479,6 @@ We extend our heartfelt gratitude to all the amazing contributors who have made
<sub><b>Vaibhav-Kumar-K-R</b></sub>
</a>
</td>
</tr>
<tr>
<td align="center">
<a href="https://github.com/Syed-Farazuddin">
<img src="https://avatars.githubusercontent.com/u/119295880?v=4" width="100;" alt="Syed-Farazuddin"/>
Expand All @@ -567,13 +500,8 @@ We extend our heartfelt gratitude to all the amazing contributors who have made
<sub><b>Sapna Kul</b></sub>
</a>
</td>
<td align="center">
<a href="https://github.com/Nikhil0-3">
<img src="https://avatars.githubusercontent.com/u/149102391?v=4" width="100;" alt="Nikhil0-3"/>
<br />
<sub><b>Nikhil More</b></sub>
</a>
</td>
</tr>
<tr>
<td align="center">
<a href="https://github.com/MutiatBash">
<img src="https://avatars.githubusercontent.com/u/108807732?v=4" width="100;" alt="MutiatBash"/>
Expand All @@ -588,22 +516,13 @@ We extend our heartfelt gratitude to all the amazing contributors who have made
<sub><b>Mohit Rana </b></sub>
</a>
</td>
</tr>
<tr>
<td align="center">
<a href="https://github.com/jaidh01">
<img src="https://avatars.githubusercontent.com/u/117927011?v=4" width="100;" alt="jaidh01"/>
<br />
<sub><b>Jai Dhingra</b></sub>
</a>
</td>
<td align="center">
<a href="https://github.com/harjasae2001">
<img src="https://avatars.githubusercontent.com/u/83627055?v=4" width="100;" alt="harjasae2001"/>
<br />
<sub><b>Harjas Singh</b></sub>
</a>
</td>
<td align="center">
<a href="https://github.com/mishradev1">
<img src="https://avatars.githubusercontent.com/u/118660840?v=4" width="100;" alt="mishradev1"/>
Expand All @@ -618,13 +537,6 @@ We extend our heartfelt gratitude to all the amazing contributors who have made
<sub><b>CHIKATLA RAKESH</b></sub>
</a>
</td>
<td align="center">
<a href="https://github.com/AnushkaChouhan25">
<img src="https://avatars.githubusercontent.com/u/157525924?v=4" width="100;" alt="AnushkaChouhan25"/>
<br />
<sub><b>Anushka Chouhan</b></sub>
</a>
</td>
<td align="center">
<a href="https://github.com/AliGates915">
<img src="https://avatars.githubusercontent.com/u/128673394?v=4" width="100;" alt="AliGates915"/>
Expand Down Expand Up @@ -688,7 +600,4 @@ Stay updated and engage with our community on social media:
- [LinkedIn](https://www.linkedin.com/in/ramakrushna-biswal/)
- [Email](mailto:[email protected])

We are always here to help you! Don’t hesitate to connect with us and be part of the PlayCafe journey.



We are always here to help you! Don’t hesitate to connect with us and be part of the PlayCafe journey.
11 changes: 0 additions & 11 deletions backend/.env.example
View file
Open in desktop

This file was deleted.

42 changes: 18 additions & 24 deletions backend/controller/customer.controller.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -87,54 +87,48 @@ async function loginCustomer(req, res) {
const customerLoginSchema = z.object({
email: z.string().email("Invalid email address"),
password: z.string().min(6, "Password must be at least 6 characters long"),
rememberMe: z.boolean().optional(),
});


const validation = customerLoginSchema.safeParse(req.body);
if (!validation.success) {
return res.status(400).json({ error: validation.error.errors });
}

try {
const customer = await Customer.findOne({ email: req.body.email });

const { email, password, rememberMe } = req.body;
const customer = await Customer.findOne({ email });

if (!customer) {
return res.status(401).json({ error: "Invalid email or password" });
}
if (!customer.isVerified) {
return res.status(403).json({ error: "Account not verified. Please verify your email." });
}

const validPassword = await bcrypt.compare(req.body.password, customer.password);

const validPassword = await bcrypt.compare(password, customer.password);
if (!validPassword) {
return res.status(401).json({ error: "Invalid email or password" });
}

const payload = {
sub: customer._id,
name: customer.name, // Optional
role: "customer", // Optional
email: customer.email, // Optional
};

const token = jwt.sign(
payload,
process.env.JWT_SECRET,
{ expiresIn: "1h" } // Expires in 1 hour
);

req.session.user = {
id: customer._id,
sub: customer._id,
name: customer.name,
role: "customer",
email: customer.email,
};

const token = jwt.sign(payload, process.env.JWT_SECRET, {
expiresIn: rememberMe ? "7d" : "1h", // Set token expiry based on rememberMe option
});
Comment on lines +121 to +123
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codebase verification

JWT implementation needs consistency improvements

The verification revealed several inconsistencies in JWT secret usage that need attention:

  • Multiple ways of accessing JWT_SECRET are used across the codebase:
    • Direct process.env.JWT_SECRET in customer.controller.js, admin.controller.js
    • Via config.JWT_SECRET in authCustomer.js
    • Through secret.JWT_SECRET in googleOAuth.controller.js
    • Fallback pattern in passport.config.js: process.env.JWT_SECRET || secret

The "Remember Me" implementation is correct with proper token expiration, but the inconsistent secret access patterns could lead to issues. Standardize the JWT secret access across all files to use a single approach, preferably through the config module.

🔗 Analysis chain

Verify JWT secret strength and token usage.

The JWT implementation looks correct, but let's verify the secret strength and token usage across the codebase.

Let me try another verification approach with modified commands to better analyze the JWT implementation.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check JWT secret configuration
echo "Checking JWT secret configuration..."
rg -l "JWT_SECRET.*=.*" .env* || echo "JWT_SECRET not found in .env files"

# Check for potentially unsafe JWT usage
echo -e "\nChecking for unsafe JWT verify calls..."
rg "jwt\.verify.*{.*}" --type js

# Look for other token validations
echo -e "\nChecking token validation implementations..."
ast-grep --pattern 'jwt.verify($token, $secret, $$$)'

Length of output: 646

Script:

#!/bin/bash
# Check for JWT related configuration
echo "Checking for JWT configuration..."
rg "JWT_SECRET" -A 2 -B 2

# Check JWT verify usage with fixed regex
echo -e "\nChecking JWT verify implementations..."
rg "jwt\.verify\(" -A 2 -B 2

# Check JWT sign implementations
echo -e "\nChecking JWT sign implementations..."
rg "jwt\.sign\(" -A 2 -B 2

# Look for environment variable loading
echo -e "\nChecking environment variable setup..."
fd -e js -e ts config env | xargs rg "JWT"

Length of output: 6093


res.cookie("authToken", token, {
maxAge: 1000 * 60 * 60,
httpOnly: true,
secure: true,
maxAge: rememberMe ? 7 * 24 * 60 * 60 * 1000 : 60 * 60 * 1000, // 7 days or 1 hour
httpOnly: true,
secure: process.env.NODE_ENV === "production",
sameSite: "strict",
});

Comment on lines 125 to +131
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Enhance cookie security configuration.

While the current security settings are good, consider adding these additional protections:

 res.cookie("authToken", token, {
   maxAge: rememberMe ? 7 * 24 * 60 * 60 * 1000 : 60 * 60 * 1000,
   httpOnly: true,
   secure: process.env.NODE_ENV === "production",
   sameSite: "strict",
+  path: "/",  // Explicitly set cookie path
+  domain: process.env.COOKIE_DOMAIN, // Restrict to specific domain
 });

Also, consider adding these environment variables to your configuration:

// config.js
module.exports = {
  COOKIE_DOMAIN: process.env.NODE_ENV === "production" 
    ? ".yourdomain.com"
    : "localhost"
}

return res.json({
message: "Login successful",
token,
Expand All @@ -147,12 +141,12 @@ async function loginCustomer(req, res) {
});
} catch (error) {
console.error("Error during login:", error);

res.status(500).json({ error: "Internal server error" });
}
}



async function resetPassword(req, res) {
const customerResetPasswordSchema = z.object({
email: z.string().email("Invalid email address"),
Expand Down
Loading
Loading