featue: Implement OTP-based signup/login with JWT, Gmail templates #37
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
@ashishgit10, thanks for your PR, i'm working on it. I'll get back to you soon. |
…butors/add-shiv7shukla docs: add shiv7shukla as a contributor for code
Set up Google Single Sign-On (SSO) in the CoreX backend
- Add Wishlist model with user reference and product IDs - Implement wishlist controller with CRUD operations - Add JWT authentication middleware - Create wishlist routes with proper validation - Add test token generation endpoint for development - Prevent duplicate products in wishlist - Handle edge cases (empty wishlist, invalid IDs) - Integrate wishlist routes into main app Endpoints: - GET /api/wishlist - Get user's wishlist - POST /api/wishlist - Add product to wishlist - DELETE /api/wishlist/:productId - Remove product - DELETE /api/wishlist - Clear entire wishlist - GET /api/test/token - Generate test JWT token
…ns-index Add index on collections field for performance improvement
…-2025-backend into feature/wishlist-api
- Add Wishlist model with user reference and product IDs - Implement wishlist controller with CRUD operations - Add JWT authentication middleware - Create wishlist routes with proper validation - Add test token generation endpoint for development - Prevent duplicate products in wishlist - Handle edge cases (empty wishlist, invalid IDs) - Integrate wishlist routes into main app - Add .DS_Store to .gitignore Endpoints: - GET /api/wishlist - Get user's wishlist - POST /api/wishlist - Add product to wishlist - DELETE /api/wishlist/:productId - Remove product - DELETE /api/wishlist - Clear entire wishlist - GET /api/test/token - Generate test JWT token
…list-api feat(wishlist): implement complete wishlist API with JWT authentication
…butors/add-dikamjit-borah docs: add dikamjit-borah as a contributor for code
- Add comprehensive rate limiting middleware with multiple tiers - Implement enhanced CORS with preflight support and origin validation - Add security headers via Helmet middleware - Create test endpoints for rate limiting and CORS verification - Configure environment-specific rate limits (50/min prod, 100/min dev) - Add progressive slowdown for repeated requests - Implement strict rate limiting for auth endpoints (5 attempts per 15min) - Add CORS error handling and security headers - Create configuration file for environment-specific settings - Add comprehensive documentation for testing and deployment Security Features: - Brute force protection with stricter auth limits - IP-based rate limiting with progressive delays - Origin validation for CORS requests - Comprehensive security headers - Preflight request handling Test Endpoints: - GET /api/test-security/rate-limit - Test rate limiting - GET /api/test-security/cors - Test CORS configuration - OPTIONS /api/test-security/cors - Test preflight requests - GET /api/test-security/security-headers - Test security headers
…list-api feat(security): implement rate limiting and enhanced CORS configuration
|
@ashishgit10, fixes to apply:
Extra notes
Thanks — please update the PR once fixed. |
|
Ohk thanks @Alexandrbig1 for the review, I will update you shortly after the fix.😊 |
|
@ashishgit10, your current PR includes changes in 37 files. Please check once more the description of this task, and improve my suggestion. And don't forget to fetch the latest updates, test locally with your implementation, and run |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Implemented Flow
1️⃣ Signup :
User fills Signup form: name, email, password.
Backend hashes password with bcryptjs.
Backend generates a 6-digit OTP and stores it with an expiry time (5 min).
OTP is sent to the user’s email using a modern HTML template via Nodemailer.
User enters OTP → backend verifies → JWT token issued → user automatically logged in.
2️⃣ Login :
User enters email and password.
Backend validates credentials using bcryptjs.
If credentials are correct and email is verified, a JWT token is issued → user logged in.
3️⃣ Testing :
Signup → OTP email received → OTP verification → JWT issued → logged in
Login → Valid credentials → JWT issued → Access granted
Login → Invalid credentials → Error returned
Signup → Invalid OTP → Error returned
4️⃣ setup NodeMailer :
Create Google app password for Nodemailer
Pull Request
Thank you for your contribution!
Description
Implements OTP-based email verification for signup and login with secure password hashing (bcryptjs) and JWT authentication. OTP emails are sent via Nodemailer using Gmail templates.
Type of Change
-✅New feature
Checklist