diff --git a/backend/server.js b/backend/server.js index f861a259..211416be 100644 --- a/backend/server.js +++ b/backend/server.js @@ -14,8 +14,11 @@ const logger = require('./logger'); const app = express(); +// Enable trust proxy +app.set('trust proxy', 1); + // CORS configuration -const allowedOrigins = ['http://localhost:5173', 'https://github-spy.etlify.app']; +const allowedOrigins = ['http://localhost:5173', 'https://github-spy.netlify.app']; // there was a typo error in the url, it is fixed now. app.use(cors({ origin: function (origin, callback) { if (!origin || allowedOrigins.indexOf(origin) !== -1) { @@ -29,10 +32,16 @@ app.use(cors({ // Middleware app.use(bodyParser.json()); -if (process.env.NODE_ENV === 'production') { - app.set('trust proxy', 1); -} -app.use(session(createSessionConfig())); +app.use(session({ + secret: process.env.SESSION_SECRET, + resave: false, + saveUninitialized: false, + cookie: { + secure: process.env.NODE_ENV === 'production', // Only send cookies over HTTPS in production + sameSite: process.env.NODE_ENV === 'production' ? 'none' : 'lax', //Cross-domain cookies = 'none' + maxAge: 24 * 60 * 60 * 1000 + } +})); app.use(passport.initialize()); app.use(passport.session()); diff --git a/backend/validators/authValidator.js b/backend/validators/authValidator.js index 62c33c04..ab4dac07 100644 --- a/backend/validators/authValidator.js +++ b/backend/validators/authValidator.js @@ -18,7 +18,7 @@ const signupSchema = z.object({ .min(8, "Password must be at least 8 characters long") .max(100, "Password must be at most 100 characters long") .regex( - /^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[^A-Za-z0-9\s])[^\s]{8,}$/, + /^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]+$/, 'Password must contain uppercase, lowercase, number, and special character' ), }); diff --git a/src/pages/Login/Login.tsx b/src/pages/Login/Login.tsx index d02885a9..858d0f45 100644 --- a/src/pages/Login/Login.tsx +++ b/src/pages/Login/Login.tsx @@ -5,7 +5,7 @@ import { ThemeContext } from "../../context/ThemeContext"; import type { ThemeContextType } from "../../context/ThemeContext"; import { AuthContext } from "../../context/AuthContext"; -const backendUrl = import.meta.env.VITE_BACKEND_URL; +const backendUrl = import.meta.env.VITE_BACKEND_URL || ""; // Fallback to an empty string if VITE_BACKEND_URL is undefined to ensure relative routing interface LoginFormData { email: string; @@ -33,7 +33,7 @@ const Login: React.FC = () => { try { const response = await axios.post(`${backendUrl}/api/auth/login`, formData, { - withCredentials: true, + withCredentials: true }); setMessage(response.data.message); diff --git a/src/pages/Signup/Signup.tsx b/src/pages/Signup/Signup.tsx index 5c161e78..037ea379 100644 --- a/src/pages/Signup/Signup.tsx +++ b/src/pages/Signup/Signup.tsx @@ -6,7 +6,7 @@ import { User, Mail, Lock, Eye, EyeOff } from "lucide-react"; import { ThemeContext } from "../../context/ThemeContext"; import type { ThemeContextType } from "../../context/ThemeContext"; -const backendUrl = import.meta.env.VITE_BACKEND_URL; +const backendUrl = import.meta.env.VITE_BACKEND_URL || ""; // Fallback to an empty string if VITE_BACKEND_URL is undefined to ensure relative routing interface SignUpFormData { username: string; @@ -83,18 +83,21 @@ const SignUp: React.FC = () => { } setIsLoading(true); try { - const response = await axios.post(`${backendUrl}/api/auth/signup`, - formData, - { withCredentials: true } - ); + const response = await axios.post(`${backendUrl}/api/auth/signup`, formData, { + withCredentials: true + }); setMessage(response.data.message); // Show success message from backend // Navigate to login page after successful signup if (response.data.message === 'User created successfully') { navigate("/login"); } - } catch (error: any) { - setMessage(error.response?.data?.message || "Something went wrong. Please try again."); + } catch (error) { + if (axios.isAxiosError(error)) { + setMessage(error.response?.data?.message || "Something went wrong. Please try again."); + } else { + setMessage("An unexpected error occurred. Please try again."); + } } finally { setIsLoading(false); }