add api basics#278
Conversation
mateacademy-ai-mentor
left a comment
mateacademy-ai-mentor
left a comment
There was a problem hiding this comment.
Review Summary
Your implementation is missing approximately 90% of the required functionality. Only the most basic registration endpoint exists, but critical authentication features are completely absent: - Password validation: No logic to validate against required rules (min length, special characters, etc.) and users aren't informed about these rules. Additionally, passwords are stored as plain text instead of being hashed with bcrypt. - Activation flow: No isActive field in the User model, no activation token generation, no email sending, and no /activate route. - All authentication routes: Missing login (/login), logout (/logout), password reset (request + confirmation + success), and profile (/profile) endpoints. - Authentication middleware: No middleware to protect routes (profile/logout should require auth; login/registration should be for non-authenticated users only). - 404 handler: No catch-all handler for undefined routes as required by the task. Also fix this blocker: Your .eslintrc.js uses CommonJS syntax (module.exports) but package.json has `
✨ Please rate this review in the Platform's notification center1. I will be grateful for your feedback! ✨
Important
Fix the issues, commit the changes, and then re-request my review using the Re-request review button2 in the Reviewers tab.
Tip
If you have any comments about this review, please leave a message in the Add a comment section below and mention me with the @mateacademy-ai-mentor tag3.
I will read your message during my next review of your pull request. Please do not reply directly to my comments, as that feature is not supported yet.
Caution
Do not close the pull request until the review is complete. Closing it early can lead to unexpected behavior and disrupt the review process.
Footnotes
| import dotenv from 'dotenv'; | ||
| import { client } from './src/backend/src/utils/db.js'; | ||
|
|
||
| dotenv.config({ path: './src/backend/.env' }); |
There was a problem hiding this comment.
Missing: Registration route requires authController.register only. Need to implement and add routes for: activation, login, logout, password reset (request email, reset confirmation, success), and profile page.
| import { authRouter } from './routes/auth.route.js'; | ||
|
|
||
| const PORT = process.env.PORT || 3005; | ||
|
|
There was a problem hiding this comment.
Missing password validation. Requirements state you must inform users about password rules and check/validate against them. Add validation logic (e.g., min length, special characters) before creating the user.
| import { authRouter } from './routes/auth.route.js'; | ||
|
|
||
| const PORT = process.env.PORT || 3005; | ||
|
|
||
| const app = express(); | ||
|
|
There was a problem hiding this comment.
Missing activation email sending. Requirements state 'send an activation email' after registration. Implement email sending logic with an activation token.
| @@ -0,0 +1,16 @@ | |||
| import express from 'express'; | |||
There was a problem hiding this comment.
Missing routes for: login, logout, activation, password reset (request, confirm, success), and profile. Only registration route exists.
| import express from 'express'; | ||
| import 'dotenv/config'; | ||
| import { authRouter } from './routes/auth.route.js'; | ||
|
|
||
| const PORT = process.env.PORT || 3005; | ||
|
|
||
| const app = express(); | ||
|
|
||
| app.use(express.json()); | ||
|
|
||
| app.use(authRouter); |
There was a problem hiding this comment.
Missing authentication middleware. No implementation for session management, protected routes, or checking if users are authenticated/unauthenticated as required.
| const register = async (req, res) => { | ||
| const { name, email, password } = req.body; | ||
|
|
||
| const newUser = await User.create({ name, email, password }); | ||
|
|
||
| res.send(newUser); |
There was a problem hiding this comment.
Registration is missing activation email sending functionality
| import { Sequelize } from 'sequelize'; | ||
|
|
||
| export const client = new Sequelize({ | ||
| host: process.env.DB_HOST, | ||
| username: process.env.DB_USER, | ||
| password: process.env.DB_PASSWORD + '', |
There was a problem hiding this comment.
Missing routes per task requirements: activation (/activate), login (/login), logout (/logout), password reset (/reset-password, /reset-password/confirm), profile page, and 404 handler.
| import { Sequelize } from 'sequelize'; | ||
|
|
||
| export const client = new Sequelize({ | ||
| host: process.env.DB_HOST, | ||
| username: process.env.DB_USER, | ||
| password: process.env.DB_PASSWORD + '', |
There was a problem hiding this comment.
Missing: Authentication middleware is not used. Routes like /login, /registration, /reset-password should only be accessible to non-authenticated users, while /profile, /logout should require authentication.
| import express from 'express'; | ||
| import { authController } from '../controllers/auth.controller.js'; | ||
|
|
||
| export const authRouter = new express.Router(); | ||
|
|
||
| authRouter.post('/registration', authController.register); |
There was a problem hiding this comment.
Missing routes: Only /registration exists. Required routes not implemented: login (/login), logout (/logout), activation (/activate), password reset (request, reset page, success), and profile page.
|
|
||
| authRouter.post('/registration', authController.register); |
There was a problem hiding this comment.
The + '' on password is unnecessary - process.env.DB_PASSWORD is already a string. This could be simplified to just password: process.env.DB_PASSWORD.
2 participants
No description provided.