From d5fcb048fd92ea30931c2d4edda30ca3d81e4f47 Mon Sep 17 00:00:00 2001 From: Mercy Akinyemi Date: Mon, 13 Apr 2026 13:40:57 -0500 Subject: [PATCH 1/5] Update dev script in package.json to simplify development environment --- server/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/package.json b/server/package.json index aa0417e54..deae63cad 100644 --- a/server/package.json +++ b/server/package.json @@ -5,7 +5,7 @@ "type": "module", "scripts": { "test": "echo \"Error: no test specified\" && exit 1", - "dev": "concurrently \"cd client && vite\" \"cd server && nodemon --require dotenv/config server.js\"", + "dev": "nodemon server.js", "reset": "node config/reset.js", "start": "npm run reset && node server/server.js", "build": "cd client && vite build" From 46a471e40c35bc314696c9ccbc5032e7e2dd04cb Mon Sep 17 00:00:00 2001 From: Mercy Akinyemi Date: Mon, 13 Apr 2026 13:41:03 -0500 Subject: [PATCH 2/5] Refactor server.js: remove duplicate dotenv import, adjust session secret handling, and standardize console log message --- server/server.js | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/server/server.js b/server/server.js index e447e76e2..bde434f09 100644 --- a/server/server.js +++ b/server/server.js @@ -1,8 +1,8 @@ +import './config/dotenv.js' import express from 'express' import cors from 'cors' import passport from 'passport' import session from 'express-session' -import './config/dotenv.js' import { GitHub } from './config/auth.js' import authRoutes from './routes/auth.js' @@ -15,8 +15,6 @@ if (isProduction) { app.set('trust proxy', 1) } -app.use(express.json()) - app.use( cors({ origin: process.env.CLIENT_URL || 'http://localhost:5173', @@ -24,9 +22,10 @@ app.use( credentials: true, }) ) +app.use(express.json()) app.use(session({ - secret: process.env.SESSION_SECRET || 'codepath-dev-secret', + secret: process.env.SESSION_SECRET, resave: false, saveUninitialized: false, cookie: { @@ -50,5 +49,5 @@ passport.deserializeUser((user, done) => { app.use('/auth', authRoutes) app.listen(PORT, () => { - console.log(`server running on http://localhost:${PORT}`) + console.log(`Server running on http://localhost:${PORT}`) }) From ac1ddd8f30b718a004289041de2221c83b7bbe2e Mon Sep 17 00:00:00 2001 From: Mercy Akinyemi Date: Mon, 13 Apr 2026 15:05:42 -0500 Subject: [PATCH 3/5] Add authentication middleware to enforce user login requirement --- server/middleware/authMiddleware.js | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/server/middleware/authMiddleware.js b/server/middleware/authMiddleware.js index e69de29bb..e226c5ffe 100644 --- a/server/middleware/authMiddleware.js +++ b/server/middleware/authMiddleware.js @@ -0,0 +1,9 @@ +const isAuthenticated = (req, res, next) => { + if (!req.isAuthenticated || !req.isAuthenticated() || !req.user) { + return res.status(401).json({ error: 'You must be logged in to perform this action.' }) + } + + next() +} + +export default isAuthenticated \ No newline at end of file From ca79af7ca33f2d614f02a493d4cfb1d6445e8066 Mon Sep 17 00:00:00 2001 From: Mercy Akinyemi Date: Mon, 13 Apr 2026 15:05:50 -0500 Subject: [PATCH 4/5] Update reset.js: drop users table and add username and avatar_url fields to users and profiles tables --- server/config/reset.js | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/server/config/reset.js b/server/config/reset.js index 1fe021496..38b3b2623 100644 --- a/server/config/reset.js +++ b/server/config/reset.js @@ -16,6 +16,7 @@ const dropTables = async () => { DROP TABLE IF EXISTS posts; DROP TABLE IF EXISTS profiles; DROP TABLE IF EXISTS hashtags; + DROP TABLE IF EXISTS users; DROP TABLE IF EXISTS auth.users; `; @@ -39,6 +40,8 @@ const createUsersTable = async () => { email TEXT UNIQUE, encrypted_password TEXT, github_id TEXT UNIQUE, + username TEXT UNIQUE, + avatar_url TEXT, provider TEXT DEFAULT 'github', created_at TIMESTAMP DEFAULT now() ); @@ -93,10 +96,8 @@ const createProfilesTable = async () => { CREATE TABLE IF NOT EXISTS profiles ( id UUID PRIMARY KEY DEFAULT gen_random_uuid(), user_id UUID REFERENCES users(id), - username TEXT UNIQUE, bio TEXT, location TEXT, - avatar_url TEXT, links TEXT, created_at TIMESTAMP DEFAULT now() ); From 502fa0cdcb836707ef0ce3567c2c1f20c204fc49 Mon Sep 17 00:00:00 2001 From: Mercy Akinyemi Date: Mon, 13 Apr 2026 15:05:59 -0500 Subject: [PATCH 5/5] Refactor GitHub authentication logic: update user query and insert statement to use direct fields instead of JSON metadata --- server/config/auth.js | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/server/config/auth.js b/server/config/auth.js index 0457f4a22..1c740de5c 100644 --- a/server/config/auth.js +++ b/server/config/auth.js @@ -20,20 +20,15 @@ const verify = async (accessToken, refreshToken, profile, callback) => { } try { - const results = await pool.query('SELECT * FROM users WHERE user_metadata->>\'username\' = $1', [userData.username]) + const results = await pool.query('SELECT * FROM users WHERE username = $1', [userData.username]) const user = results.rows[0] if (!user) { const newResults = await pool.query( - `INSERT INTO users (user_metadata) - VALUES ($1) + `INSERT INTO users (github_id, username, avatar_url) + VALUES ($1, $2, $3) RETURNING *`, - [JSON.stringify({ - githubId: userData.githubId, - username: userData.username, - avatarUrl: userData.avatarUrl, - accessToken: accessToken - })] + [userData.githubId, userData.username, userData.avatarUrl] ) const newUser = newResults.rows[0]