From 4b6ae3375e431367c6b63d92372207ca733c9278 Mon Sep 17 00:00:00 2001
From: Aryan Raj <aryanrajnc8521@gmail.com>
Date: Tue, 2 Jun 2026 18:50:29 +0530
Subject: [PATCH 1/2] service.js

Add session middleware with cookie settings
---
 backend/server.js | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/backend/server.js b/backend/server.js
index 48d6ccfb..b73d5446 100644
--- a/backend/server.js
+++ b/backend/server.js
@@ -28,10 +28,16 @@ app.use(cors({
 
 // Middleware
 app.use(bodyParser.json());
+
 app.use(session({
     secret: process.env.SESSION_SECRET,
     resave: false,
     saveUninitialized: false,
+    cookie: {
+        maxAge: 24 * 60 * 60 * 1000,
+        secure: process.env.NODE_ENV === "production",
+        sameSite: process.env.NODE_ENV === "production" ? "none" : "lax"
+    }
 }));
 app.use(passport.initialize());
 app.use(passport.session());

From 3a8039f1a11307149af1f1f0cc782ab96e35093a Mon Sep 17 00:00:00 2001
From: Aryan Raj <aryanrajnc8521@gmail.com>
Date: Tue, 2 Jun 2026 18:59:54 +0530
Subject: [PATCH 2/2] Improve signup error handling for duplicate users

Updated error handling for user signup to provide specific validation messages for duplicate fields.
---
 backend/routes/auth.js | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/backend/routes/auth.js b/backend/routes/auth.js
index 7c2cda78..608b91aa 100644
--- a/backend/routes/auth.js
+++ b/backend/routes/auth.js
@@ -8,7 +8,7 @@ const router = express.Router();
 // Signup route
 router.post("/signup", validateRequest(signupSchema), async (req, res) => {
 
-    const { username,  email, password } = req.body;
+    const { username, email, password } = req.body;
 
     try {
         const existingUser = await User.findOne({
@@ -22,8 +22,14 @@ router.post("/signup", validateRequest(signupSchema), async (req, res) => {
         await newUser.save();
         res.status(201).json({ message: 'User created successfully' });
     } catch (err) {
+        // ⚡ FIXED: Intercept MongoDB unique index constraint violation (E11000)
+        // Dynamically parses the error keys to return a precise validation message
         if (err && err.code === 11000) {
-            return res.status(400).json({ message: 'User already exists' });
+            const duplicateField = Object.keys(err.keyValue)[0]; // Safely extracts 'email' or 'username'
+            return res.status(400).json({ 
+                success: false, 
+                message: `This ${duplicateField} is already registered.` 
+            });
         }
 
         res.status(500).json({ message: 'Error creating user', error: err.message });