Skip to content

add task implementation #277

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
ANDRIYTS1234 wants to merge 4 commits into
base: master
Choose a base branch
from
Open

add task implementation #277

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
44d33f8
add task implementation
ANDRIYTS1234 May 4, 2026
768104a
add linter changes
ANDRIYTS1234 May 4, 2026
6c35dea
add needed changes
ANDRIYTS1234 May 5, 2026
10aea1a
fix: issue with status code and object returning
ANDRIYTS1234 May 5, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 12 additions & 0 deletions .env.example
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
PORT=3005
CLIENT_URL=http://localhost:5173
DB_HOST=localhost
DB_USER=postgres
DB_PASSWORD=yuor_pass_here
DB_NAME=auth_db
JWT_ACCESS_SECRET=my-super-secret-access-key-123
JWT_REFRESH_SECRET=my-super-secret-refresh-key-456
SMTP_HOST=smtp.gmail.com
SMTP_PORT=587
SMTP_USER=example@gmail.com
SMTP_PASSWORD=yuor_pass_here
25 changes: 22 additions & 3 deletions .eslintrc.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,29 @@
module.exports = {
extends: '@mate-academy/eslint-config',
parser: '@typescript-eslint/parser',
parserOptions: {
ecmaVersion: 2020,
sourceType: 'module',
ecmaFeatures: {
experimentalObjectRestSpread: true,
},
},
env: {
jest: true
jest: true,
Copy link
Copy Markdown

@mateacademy-ai-mentor mateacademy-ai-mentor May 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Requirement not met: Activation route is accessible to all users. According to REQ-6, activation page must be accessible ONLY to non-authenticated users. Add a guard middleware.

node: true,
},
Copy link
Copy Markdown

@mateacademy-ai-mentor mateacademy-ai-mentor May 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Invalid syntax: res.send(200).send(...). Use res.status(200).send(...).

rules: {
Copy link
Copy Markdown

@mateacademy-ai-mentor mateacademy-ai-mentor May 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Requirement not met: Registration route is accessible to all users. According to REQ-2, registration must be accessible ONLY to non-authenticated users. Add a guard middleware like notAuthMiddleware.

'no-proto': 0
'no-proto': 0,
Copy link
Copy Markdown

@mateacademy-ai-mentor mateacademy-ai-mentor May 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Error handler uses implicit 200 status. Should use appropriate error status codes.

Copy link
Copy Markdown

@mateacademy-ai-mentor mateacademy-ai-mentor May 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Invalid syntax: res.send(400).send(...). Use res.status(400).send(...).

'no-console': 0,
Copy link
Copy Markdown

@mateacademy-ai-mentor mateacademy-ai-mentor May 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Security issue: res.send(newUser) returns the entire user object including the hashed password field. This exposes sensitive data to the client. Return only safe fields like { message: '...', user: { id, name, email } } or { message: '...' }.

Copy link
Copy Markdown

@mateacademy-ai-mentor mateacademy-ai-mentor May 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Requirement not met: Login route is accessible to all users. According to REQ-10, login must be accessible ONLY to non-authenticated users. Add a guard middleware.

Copy link
Copy Markdown

@mateacademy-ai-mentor mateacademy-ai-mentor May 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Invalid syntax: res.send(201).send(newUser). Express res.send() returns Response but chaining two send() calls causes TypeError. Use res.status(201).send(newUser) instead.

'indent': 'off',
'@typescript-eslint/no-shadow': ['error'],
Copy link
Copy Markdown

@mateacademy-ai-mentor mateacademy-ai-mentor May 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Error handler uses res.send() which returns HTTP 200 status. Should use res.status(400/401/500).send() for error responses to comply with REST conventions.

Copy link
Copy Markdown

@mateacademy-ai-mentor mateacademy-ai-mentor May 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Invalid syntax: res.send(400).send(...). Use res.status(400).send(...).

'indent': 'off',
'@typescript-eslint/indent': 'off',
'no-unused-vars': 'off',
'@typescript-eslint/no-unused-vars': ['warn'],
'no-shadow': 'off',
'@typescript-eslint/no-shadow': ['error'],
'no-return-await': 'off',
Copy link
Copy Markdown

@mateacademy-ai-mentor mateacademy-ai-mentor May 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Error handlers use res.send() with status 200 instead of res.status(). For errors, appropriate status codes like 400 (Bad Request), 401 (Unauthorized), 403 (Forbidden) should be used.

Copy link
Copy Markdown

@mateacademy-ai-mentor mateacademy-ai-mentor May 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Password validation only checks length > 6, but requirements state users must be informed of rules AND validation must check them (uppercase, lowercase, numbers, special characters). Add regex validation for these rules.

Copy link
Copy Markdown

@mateacademy-ai-mentor mateacademy-ai-mentor May 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Requirement not met: Forgot password route is accessible to all users. According to REQ-15, it must be accessible ONLY to non-authenticated users. Add a guard middleware.

},
Copy link
Copy Markdown

@mateacademy-ai-mentor mateacademy-ai-mentor May 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Requirement not met: Reset password route is accessible to all users. According to REQ-15, it must be accessible ONLY to non-authenticated users. Add a guard middleware.

Copy link
Copy Markdown

@mateacademy-ai-mentor mateacademy-ai-mentor May 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Invalid syntax: res.send(200).send(...). Use res.status(200).send(...).

plugins: ['jest']
plugins: ['jest', '@typescript-eslint']
Copy link
Copy Markdown

@mateacademy-ai-mentor mateacademy-ai-mentor May 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The registration route doesn't check if user is already authenticated. The task requires this route be accessible ONLY to non-authenticated users.

};
Copy link
Copy Markdown

@mateacademy-ai-mentor mateacademy-ai-mentor May 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Error handler uses implicit 200 status. Should use appropriate error status codes.

Copy link
Copy Markdown

@mateacademy-ai-mentor mateacademy-ai-mentor May 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Invalid syntax: res.send(200).send(...). Use res.status(200).send(...).

Copy link
Copy Markdown

@mateacademy-ai-mentor mateacademy-ai-mentor May 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Invalid syntax: res.send(400).send(...). Use res.status(400).send(...).

23 changes: 23 additions & 0 deletions .github/workflows/test.yml-template
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
name: Test

on:
pull_request:
branches: [ master ]

jobs:
build:

runs-on: ubuntu-latest

strategy:
matrix:
node-version: [20.x]

steps:
- uses: actions/checkout@v2
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v1
with:
node-version: ${{ matrix.node-version }}
- run: npm install
- run: npm test
4 changes: 0 additions & 4 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,3 @@ node_modules

# MacOS
.DS_Store

# env files
*.env
.env*
Loading
Loading