Create Profile Page for users to see Reservations #437
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -259,29 +259,13 @@ We extend our heartfelt gratitude to all the amazing contributors who have made | |
| <sub><b>Arindam</b></sub> | ||
| </a> | ||
| </td> | ||
| <td align="center"> | ||
| <a href="https://github.com/alo7lika"> | ||
| <img src="https://avatars.githubusercontent.com/u/152315710?v=4" width="100;" alt="alo7lika"/> | ||
| <br /> | ||
| <sub><b>alolika bhowmik</b></sub> | ||
| </a> | ||
| </td> | ||
| <td align="center"> | ||
| <a href="https://github.com/Ashwinib26"> | ||
| <img src="https://avatars.githubusercontent.com/u/149402720?v=4" width="100;" alt="Ashwinib26"/> | ||
|
|
@@ -296,6 +280,8 @@ We extend our heartfelt gratitude to all the amazing contributors who have made | |
| <sub><b>Mahera Nayan</b></sub> | ||
| </a> | ||
| </td> | ||
| </tr> | ||
| <tr> | ||
| <td align="center"> | ||
| <a href="https://github.com/tejasbenibagde"> | ||
| <img src="https://avatars.githubusercontent.com/u/124677750?v=4" width="100;" alt="tejasbenibagde"/> | ||
|
|
@@ -310,34 +296,25 @@ We extend our heartfelt gratitude to all the amazing contributors who have made | |
| <sub><b>Tyarla Shirisha</b></sub> | ||
| </a> | ||
| </td> | ||
| <td align="center"> | ||
| <a href="https://github.com/Amnyadav"> | ||
| <img src="https://avatars.githubusercontent.com/u/127370497?v=4" width="100;" alt="Amnyadav"/> | ||
| <br /> | ||
| <sub><b>Aman Yadav</b></sub> | ||
| </a> | ||
| </td> | ||
| <td align="center"> | ||
| <a href="https://github.com/NilanchalaPanda"> | ||
| <img src="https://avatars.githubusercontent.com/u/110488337?v=4" width="100;" alt="NilanchalaPanda"/> | ||
| <br /> | ||
| <sub><b>Nilanchal</b></sub> | ||
| </a> | ||
| </td> | ||
| <td align="center"> | ||
| <a href="https://github.com/haseebzaki-07"> | ||
| <img src="https://avatars.githubusercontent.com/u/147314463?v=4" width="100;" alt="haseebzaki-07"/> | ||
| <br /> | ||
| <sub><b>Haseeb Zaki</b></sub> | ||
| </a> | ||
| </td> | ||
| <td align="center"> | ||
|
|
@@ -347,13 +324,8 @@ We extend our heartfelt gratitude to all the amazing contributors who have made | |
| <sub><b>Sawan kushwah </b></sub> | ||
| </a> | ||
| </td> | ||
| </tr> | ||
| <tr> | ||
| <td align="center"> | ||
| <a href="https://github.com/Suhas-Koheda"> | ||
| <img src="https://avatars.githubusercontent.com/u/72063139?v=4" width="100;" alt="Suhas-Koheda"/> | ||
|
|
@@ -368,22 +340,13 @@ We extend our heartfelt gratitude to all the amazing contributors who have made | |
| <sub><b>Jay shah</b></sub> | ||
| </a> | ||
| </td> | ||
| <td align="center"> | ||
| <a href="https://github.com/vishnuprasad2004"> | ||
| <img src="https://avatars.githubusercontent.com/u/116942066?v=4" width="100;" alt="vishnuprasad2004"/> | ||
| <br /> | ||
| <sub><b>Vishnu Prasad Korada</b></sub> | ||
| </a> | ||
| </td> | ||
| <td align="center"> | ||
| <a href="https://github.com/sajalbatra"> | ||
| <img src="https://avatars.githubusercontent.com/u/125984550?v=4" width="100;" alt="sajalbatra"/> | ||
|
|
@@ -405,27 +368,20 @@ We extend our heartfelt gratitude to all the amazing contributors who have made | |
| <sub><b>Abhijit Motekar</b></sub> | ||
| </a> | ||
| </td> | ||
| </tr> | ||
| <tr> | ||
| <td align="center"> | ||
| <a href="https://github.com/Navneetdadhich"> | ||
| <img src="https://avatars.githubusercontent.com/u/156535853?v=4" width="100;" alt="Navneetdadhich"/> | ||
| <br /> | ||
| <sub><b>Navneet Dadhich</b></sub> | ||
| </a> | ||
| </td> | ||
| <td align="center"> | ||
| <a href="https://github.com/VinayLodhi1712"> | ||
| <img src="https://avatars.githubusercontent.com/u/135756009?v=4" width="100;" alt="VinayLodhi1712"/> | ||
| <br /> | ||
| <sub><b>Vinay Anand Lodhi</b></sub> | ||
| </a> | ||
| </td> | ||
| <td align="center"> | ||
|
|
@@ -458,13 +414,6 @@ We extend our heartfelt gratitude to all the amazing contributors who have made | |
| </td> | ||
| </tr> | ||
| <tr> | ||
| <td align="center"> | ||
| <a href="https://github.com/tanishirai"> | ||
| <img src="https://avatars.githubusercontent.com/u/178164785?v=4" width="100;" alt="tanishirai"/> | ||
|
|
@@ -480,49 +429,35 @@ We extend our heartfelt gratitude to all the amazing contributors who have made | |
| </a> | ||
| </td> | ||
| <td align="center"> | ||
| <a href="https://github.com/Sourabh782"> | ||
| <img src="https://avatars.githubusercontent.com/u/103349890?v=4" width="100;" alt="Sourabh782"/> | ||
| <br /> | ||
| <sub><b>Sourabh Singh Rawat</b></sub> | ||
| </a> | ||
| </td> | ||
| <td align="center"> | ||
| <a href="https://github.com/Shiva-Bajpai"> | ||
| <img src="https://avatars.githubusercontent.com/u/141490705?v=4" width="100;" alt="Shiva-Bajpai"/> | ||
| <br /> | ||
| <sub><b>Shiva Bajpai</b></sub> | ||
| </a> | ||
| </td> | ||
| <td align="center"> | ||
| <a href="https://github.com/devxMani"> | ||
| <img src="https://avatars.githubusercontent.com/u/122438942?v=4" width="100;" alt="devxMani"/> | ||
| <br /> | ||
| <sub><b>MANI </b></sub> | ||
| </a> | ||
| </td> | ||
| <td align="center"> | ||
| <a href="https://github.com/Ayush215mb"> | ||
| <img src="https://avatars.githubusercontent.com/u/154300084?v=4" width="100;" alt="Ayush215mb"/> | ||
| <br /> | ||
| <sub><b>Ayush Yadav</b></sub> | ||
| </a> | ||
| </td> | ||
| </tr> | ||
| <tr> | ||
| <td align="center"> | ||
| <a href="https://github.com/smog-root"> | ||
| <img src="https://avatars.githubusercontent.com/u/181578777?v=4" width="100;" alt="smog-root"/> | ||
|
|
@@ -544,8 +479,6 @@ We extend our heartfelt gratitude to all the amazing contributors who have made | |
| <sub><b>Vaibhav-Kumar-K-R</b></sub> | ||
| </a> | ||
| </td> | ||
| <td align="center"> | ||
| <a href="https://github.com/Syed-Farazuddin"> | ||
| <img src="https://avatars.githubusercontent.com/u/119295880?v=4" width="100;" alt="Syed-Farazuddin"/> | ||
|
|
@@ -567,13 +500,8 @@ We extend our heartfelt gratitude to all the amazing contributors who have made | |
| <sub><b>Sapna Kul</b></sub> | ||
| </a> | ||
| </td> | ||
| </tr> | ||
| <tr> | ||
| <td align="center"> | ||
| <a href="https://github.com/MutiatBash"> | ||
| <img src="https://avatars.githubusercontent.com/u/108807732?v=4" width="100;" alt="MutiatBash"/> | ||
|
|
@@ -588,22 +516,13 @@ We extend our heartfelt gratitude to all the amazing contributors who have made | |
| <sub><b>Mohit Rana </b></sub> | ||
| </a> | ||
| </td> | ||
| <td align="center"> | ||
| <a href="https://github.com/jaidh01"> | ||
| <img src="https://avatars.githubusercontent.com/u/117927011?v=4" width="100;" alt="jaidh01"/> | ||
| <br /> | ||
| <sub><b>Jai Dhingra</b></sub> | ||
| </a> | ||
| </td> | ||
| <td align="center"> | ||
| <a href="https://github.com/mishradev1"> | ||
| <img src="https://avatars.githubusercontent.com/u/118660840?v=4" width="100;" alt="mishradev1"/> | ||
|
|
@@ -618,13 +537,6 @@ We extend our heartfelt gratitude to all the amazing contributors who have made | |
| <sub><b>CHIKATLA RAKESH</b></sub> | ||
| </a> | ||
| </td> | ||
| <td align="center"> | ||
| <a href="https://github.com/AliGates915"> | ||
| <img src="https://avatars.githubusercontent.com/u/128673394?v=4" width="100;" alt="AliGates915"/> | ||
|
|
@@ -688,7 +600,4 @@ Stay updated and engage with our community on social media: | |
| - [LinkedIn](https://www.linkedin.com/in/ramakrushna-biswal/) | ||
| - [Email](mailto:[email protected]) | ||
|
|
||
| We are always here to help you! Don’t hesitate to connect with us and be part of the PlayCafe journey. | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|
@@ -89,15 +89,14 @@ async function loginCustomer(req, res) { | |||||||||||||||||
| password: z.string().min(6, "Password must be at least 6 characters long"), | ||||||||||||||||||
| }); | ||||||||||||||||||
|
|
||||||||||||||||||
| const validation = customerLoginSchema.safeParse(req.body); | ||||||||||||||||||
| if (!validation.success) { | ||||||||||||||||||
| return res.status(400).json({ error: validation.error.errors }); | ||||||||||||||||||
| } | ||||||||||||||||||
|
|
||||||||||||||||||
| try { | ||||||||||||||||||
| const customer = await Customer.findOne({ email: req.body.email }); | ||||||||||||||||||
|
|
||||||||||||||||||
| if (!customer) { | ||||||||||||||||||
| return res.status(401).json({ error: "Invalid email or password" }); | ||||||||||||||||||
| } | ||||||||||||||||||
|
|
@@ -106,35 +105,26 @@ async function loginCustomer(req, res) { | |||||||||||||||||
| } | ||||||||||||||||||
|
|
||||||||||||||||||
| const validPassword = await bcrypt.compare(req.body.password, customer.password); | ||||||||||||||||||
| if (!validPassword) { | ||||||||||||||||||
| return res.status(401).json({ error: "Invalid email or password" }); | ||||||||||||||||||
| } | ||||||||||||||||||
|
|
||||||||||||||||||
| const payload = { | ||||||||||||||||||
| sub: customer._id, // Use `sub` as this is a standard JWT claim for subject (user ID) | ||||||||||||||||||
| name: customer.name, | ||||||||||||||||||
| role: "customer", | ||||||||||||||||||
| email: customer.email, | ||||||||||||||||||
| }; | ||||||||||||||||||
|
|
||||||||||||||||||
| const token = jwt.sign(payload, process.env.JWT_SECRET, { expiresIn: "1h" }); | ||||||||||||||||||
|
|
||||||||||||||||||
| res.cookie("authToken", token, { | ||||||||||||||||||
| maxAge: 60 * 60 * 1000, // 1 hour | ||||||||||||||||||
| httpOnly: false, // Set to false if you need access on the frontend | ||||||||||||||||||
| secure: process.env.NODE_ENV === "production", // Set `secure: true` only in production with HTTPS | ||||||||||||||||||
| sameSite: "strict", // Use `strict` to avoid CSRF in most cases | ||||||||||||||||||
|
Comment on lines
+122
to
+125
There was a problem hiding this comment. Security risk: Cookie configuration exposes JWT to XSS attacks The current cookie configuration has security implications:
Consider these improvements:
res.cookie("authToken", token, {
maxAge: 60 * 60 * 1000, // 1 hour
- httpOnly: false, // Set to false if you need access on the frontend
+ httpOnly: true,
secure: process.env.NODE_ENV === "production",
sameSite: "strict",
});
📝 Committable suggestion
Suggested change
|
||||||||||||||||||
| }); | ||||||||||||||||||
|
|
||||||||||||||||||
|
Comment on lines
+119
to
+127
There was a problem hiding this comment. 💡 Codebase verification Based on the comprehensive review of the authentication implementation, I can now provide the final response: Authentication setup is incomplete for profile page requirements The current authentication implementation has some gaps that need to be addressed:
🔗 Analysis chainVerify authentication flow with profile page requirements The authentication implementation needs to be verified against the profile page requirements from issue #192. Let's verify the authentication setup: Let me gather more information about the authentication implementation and profile-related endpoints. Let me check the customer routes and controller to understand the complete authentication flow. 🏁 Scripts executedThe following scripts were executed for the analysis: Script: #!/bin/bash
# Check if profile routes are properly protected
echo "Checking for protected profile routes..."
rg -l "profile.*router" backend/
# Verify consistent auth middleware usage
echo "Checking auth middleware usage..."
rg -A 3 "authenticateCustomer" backend/
Length of output: 2210 Script: #!/bin/bash
# Check for profile-related endpoints and their authentication
echo "Checking profile endpoints..."
rg -A 5 "profile" backend/
# Check auth middleware implementation
echo "Checking auth middleware implementation..."
cat backend/middlewares/authCustomer.js
# Check customer controller for profile-related functions
echo "Checking customer controller..."
rg -A 5 "profile" backend/controller/customer.controller.js
Length of output: 3188 Script: #!/bin/bash
# Check customer routes
echo "Checking customer routes..."
cat backend/routes/customerRouter.js
# Check customer controller
echo "Checking customer controller..."
cat backend/controller/customer.controller.js
Length of output: 6848 |
||||||||||||||||||
| return res.json({ | ||||||||||||||||||
| message: "Login successful", | ||||||||||||||||||
| token, | ||||||||||||||||||
|
|
@@ -147,7 +137,6 @@ async function loginCustomer(req, res) { | |||||||||||||||||
| }); | ||||||||||||||||||
| } catch (error) { | ||||||||||||||||||
| console.error("Error during login:", error); | ||||||||||||||||||
| res.status(500).json({ error: "Internal server error" }); | ||||||||||||||||||
| } | ||||||||||||||||||
| } | ||||||||||||||||||
|
|
||||||||||||||||||
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Consider reducing sensitive information in JWT payload
While the JWT payload structure is well-organized, consider minimizing sensitive data exposure:
Apply this diff to improve security:
const payload = { sub: customer._id, // Use `sub` as this is a standard JWT claim for subject (user ID) - name: customer.name, + name: customer.name || '', role: "customer", - email: customer.email, };📝 Committable suggestion