feat: implement real database authentication with password hashing (Phase 3)

Authentication System:
- Install bcrypt for secure password hashing (12 salt rounds)
- Update User model with password hashing methods
- Add setPassword() and verifyPassword() methods to User model
- Implement database-backed authentication in auth.ts
- Maintain environment-based admin fallback for initial setup
- Check for banned users during authentication

User Registration:
- Create /api/auth/register endpoint with validation
- Password requirements: min 8 chars, letters + numbers
- Email format validation
- Check for duplicate accounts
- Create /register page with full registration UI
- Redirect to login after successful registration

Security Improvements:
- Password hash never returned in JSON responses
- passwordHash field excluded from queries by default (select: false)
- Add emailVerified field for future email verification
- Support both password-based and OAuth users (passwordHash optional)

Data Privacy:
- Remove hardcoded personal info from lib/variables.ts
- Remove hardcoded personal info from lib/db/services/variableService.ts
- All default variables now have empty values
- Users must set their own personal information

Database Schema:
- Add passwordHash field to User model
- Add emailVerified field to User model
- Password hash stored with bcrypt (12 rounds)

This completes Phase 3 of the authentication refactor.

Author: rishabh3562

app/api/auth/register/route.ts

@@ -0,0 +1,109 @@
+/**
+ * User Registration API - App Router
+ * Allows new users to create accounts
+ */
+
+import { NextRequest, NextResponse } from 'next/server';
+import { connectDB } from '@/lib/db/connection';
+import User from '@/lib/db/models/User';
+
+/**
+ * POST /api/auth/register
+ * Register a new user account
+ */
+export async function POST(req: NextRequest) {
+  try {
+    const body = await req.json();
+    const { email, password, name } = body;
+
+    // Validation
+    if (!email || !password) {
+      return NextResponse.json(
+        { error: 'Email and password are required' },
+        { status: 400 }
+      );
+    }
+
+    // Validate email format
+    const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
+    if (!emailRegex.test(email)) {
+      return NextResponse.json(
+        { error: 'Invalid email format' },
+        { status: 400 }
+      );
+    }
+
+    // Validate password strength
+    if (password.length < 8) {
+      return NextResponse.json(
+        { error: 'Password must be at least 8 characters long' },
+        { status: 400 }
+      );
+    }
+
+    // Check password complexity (at least one number and one letter)
+    const hasNumber = /\d/.test(password);
+    const hasLetter = /[a-zA-Z]/.test(password);
+
+    if (!hasNumber || !hasLetter) {
+      return NextResponse.json(
+        { error: 'Password must contain both letters and numbers' },
+        { status: 400 }
+      );
+    }
+
+    await connectDB();
+
+    // Check if user already exists
+    const existingUser = await User.findOne({ email: email.toLowerCase() });
+
+    if (existingUser) {
+      return NextResponse.json(
+        { error: 'An account with this email already exists' },
+        { status: 400 }
+      );
+    }
+
+    // Create new user
+    const user = new User({
+      email: email.toLowerCase(),
+      name: name || undefined,
+      isAdmin: false,
+      role: 'user',
+      banned: false,
+    });
+
+    // Hash and set password
+    await user.setPassword(password);
+
+    // Save user to database
+    await user.save();
+
+    return NextResponse.json(
+      {
+        message: 'Account created successfully',
+        user: {
+          id: user._id,
+          email: user.email,
+          name: user.name,
+        },
+      },
+      { status: 201 }
+    );
+  } catch (error: any) {
+    console.error('Registration error:', error);
+
+    // Handle duplicate key error (email already exists)
+    if (error.code === 11000) {
+      return NextResponse.json(
+        { error: 'An account with this email already exists' },
+        { status: 400 }
+      );
+    }
+
+    return NextResponse.json(
+      { error: 'Failed to create account. Please try again.' },
+      { status: 500 }
+    );
+  }
+}

app/register/page.tsx

@@ -0,0 +1,171 @@
+'use client';
+
+import { useState } from 'react';
+import { useRouter } from 'next/navigation';
+import Link from 'next/link';
+import { Button } from '@/components/ui/button';
+import { Input } from '@/components/ui/input';
+import { Label } from '@/components/ui/label';
+import { Alert, AlertDescription } from '@/components/ui/alert';
+
+export default function RegisterPage() {
+  const router = useRouter();
+  const [formData, setFormData] = useState({
+    name: '',
+    email: '',
+    password: '',
+    confirmPassword: '',
+  });
+  const [error, setError] = useState('');
+  const [loading, setLoading] = useState(false);
+
+  const handleSubmit = async (e: React.FormEvent) => {
+    e.preventDefault();
+    setError('');
+
+    // Client-side validation
+    if (!formData.email || !formData.password) {
+      setError('Email and password are required');
+      return;
+    }
+
+    if (formData.password !== formData.confirmPassword) {
+      setError('Passwords do not match');
+      return;
+    }
+
+    if (formData.password.length < 8) {
+      setError('Password must be at least 8 characters long');
+      return;
+    }
+
+    setLoading(true);
+
+    try {
+      const response = await fetch('/api/auth/register', {
+        method: 'POST',
+        headers: {
+          'Content-Type': 'application/json',
+        },
+        body: JSON.stringify({
+          email: formData.email,
+          password: formData.password,
+          name: formData.name,
+        }),
+      });
+
+      const data = await response.json();
+
+      if (!response.ok) {
+        throw new Error(data.error || 'Registration failed');
+      }
+
+      // Registration successful, redirect to login
+      router.push('/login?registered=true');
+    } catch (err: any) {
+      setError(err.message || 'Failed to create account');
+    } finally {
+      setLoading(false);
+    }
+  };
+
+  return (
+    <div className="flex min-h-screen items-center justify-center bg-gray-50 px-4 py-12 dark:bg-gray-900 sm:px-6 lg:px-8">
+      <div className="w-full max-w-md space-y-8">
+        <div>
+          <h2 className="mt-6 text-center text-3xl font-bold tracking-tight text-gray-900 dark:text-white">
+            Create your account
+          </h2>
+          <p className="mt-2 text-center text-sm text-gray-600 dark:text-gray-400">
+            Or{' '}
+            <Link href="/login" className="font-medium text-primary hover:underline">
+              sign in to your existing account
+            </Link>
+          </p>
+        </div>
+
+        <form className="mt-8 space-y-6" onSubmit={handleSubmit}>
+          {error && (
+            <Alert variant="destructive">
+              <AlertDescription>{error}</AlertDescription>
+            </Alert>
+          )}
+
+          <div className="space-y-4 rounded-md shadow-sm">
+            <div>
+              <Label htmlFor="name">Name (optional)</Label>
+              <Input
+                id="name"
+                name="name"
+                type="text"
+                autoComplete="name"
+                value={formData.name}
+                onChange={(e) => setFormData({ ...formData, name: e.target.value })}
+                placeholder="Your name"
+                className="mt-1"
+              />
+            </div>
+
+            <div>
+              <Label htmlFor="email">Email address *</Label>
+              <Input
+                id="email"
+                name="email"
+                type="email"
+                autoComplete="email"
+                required
+                value={formData.email}
+                onChange={(e) => setFormData({ ...formData, email: e.target.value })}
+                placeholder="[email protected]"
+                className="mt-1"
+              />
+            </div>
+
+            <div>
+              <Label htmlFor="password">Password *</Label>
+              <Input
+                id="password"
+                name="password"
+                type="password"
+                autoComplete="new-password"
+                required
+                value={formData.password}
+                onChange={(e) => setFormData({ ...formData, password: e.target.value })}
+                placeholder="At least 8 characters"
+                className="mt-1"
+              />
+              <p className="mt-1 text-xs text-gray-500 dark:text-gray-400">
+                Must be at least 8 characters with letters and numbers
+              </p>
+            </div>
+
+            <div>
+              <Label htmlFor="confirmPassword">Confirm Password *</Label>
+              <Input
+                id="confirmPassword"
+                name="confirmPassword"
+                type="password"
+                autoComplete="new-password"
+                required
+                value={formData.confirmPassword}
+                onChange={(e) => setFormData({ ...formData, confirmPassword: e.target.value })}
+                placeholder="Confirm your password"
+                className="mt-1"
+              />
+            </div>
+          </div>
+
+          <div>
+            <Button type="submit" className="w-full" disabled={loading}>
+              {loading ? 'Creating account...' : 'Create account'}
+            </Button>
+          </div>
+
+          <div className="text-center text-sm text-gray-600 dark:text-gray-400">
+            By creating an account, you agree to our terms of service and privacy policy.
+          </div>
+        </form>
+      </div>
+    </div>
+  );
+}

lib/auth.ts

@@ -1,5 +1,7 @@
 import type { NextAuthOptions } from 'next-auth';
 import Credentials from 'next-auth/providers/credentials';
+import { connectDB } from '@/lib/db/connection';
+import User from '@/lib/db/models/User';
 
 export const authOptions: NextAuthOptions = {
   session: { strategy: 'jwt' },
@@ -14,28 +16,63 @@ export const authOptions: NextAuthOptions = {
         const email = credentials?.email?.toLowerCase();
         const password = credentials?.password || '';
 
-        // Environment-based admin authentication
-        const adminEmail = process.env.ADMIN_EMAIL?.toLowerCase();
-        const adminPassword = process.env.ADMIN_PASSWORD;
-
-        // Validate that admin credentials are properly configured
-        if (!adminEmail || !adminPassword) {
-          console.error('❌ ADMIN_EMAIL and ADMIN_PASSWORD must be set in environment variables');
+        if (!email || !password) {
           return null;
         }
 
-        // Enforce minimum password length for security
-        if (adminPassword.length < 16) {
-          console.error('❌ ADMIN_PASSWORD must be at least 16 characters long');
-          return null;
-        }
+        try {
+          // Connect to database
+          await connectDB();
 
-        // Verify credentials
-        if (email && password && email === adminEmail && password === adminPassword) {
-          return { id: 'admin', name: 'Admin', email: adminEmail, isAdmin: true } as any;
-        }
+          // Try to find user in database (include passwordHash for verification)
+          const user = await User.findOne({ email }).select('+passwordHash');
+
+          if (user) {
+            // Check if user is banned
+            if (user.banned) {
+              console.error('❌ User is banned:', email);
+              return null;
+            }
+
+            // If user has a password hash, verify it
+            if (user.passwordHash) {
+              const isValid = await user.verifyPassword(password);
 
-        return null;
+              if (isValid) {
+                return {
+                  id: user._id.toString(),
+                  email: user.email,
+                  name: user.name,
+                  isAdmin: user.isAdmin,
+                } as any;
+              }
+            }
+          }
+
+          // Fallback: Environment-based admin authentication
+          // This is a backup method for initial setup
+          const adminEmail = process.env.ADMIN_EMAIL?.toLowerCase();
+          const adminPassword = process.env.ADMIN_PASSWORD;
+
+          if (adminEmail && adminPassword && adminPassword.length >= 16) {
+            if (email === adminEmail && password === adminPassword) {
+              // Return a special admin session
+              // Note: This won't have a real user ID in the database
+              return {
+                id: 'env-admin',
+                name: 'Admin',
+                email: adminEmail,
+                isAdmin: true,
+              } as any;
+            }
+          }
+
+          // Authentication failed
+          return null;
+        } catch (error) {
+          console.error('Authentication error:', error);
+          return null;
+        }
       },
     }),
   ],