Fix authentication

backend/server.js

@@ -14,8 +14,11 @@ const logger = require('./logger');
 
 const app = express();
 
+// Enable trust proxy
+app.set('trust proxy', 1); 
+
 // CORS configuration
-const allowedOrigins = ['http://localhost:5173', 'https://github-spy.etlify.app'];
+const allowedOrigins = ['http://localhost:5173', 'https://github-spy.netlify.app']; // there was a typo error in the url, it is fixed now.
 app.use(cors({
     origin: function (origin, callback) {
         if (!origin || allowedOrigins.indexOf(origin) !== -1) {
@@ -29,10 +32,16 @@ app.use(cors({
 
 // Middleware
 app.use(bodyParser.json());
-if (process.env.NODE_ENV === 'production') {
-    app.set('trust proxy', 1);
-}
-app.use(session(createSessionConfig()));
+app.use(session({
+    secret: process.env.SESSION_SECRET,
+    resave: false,
+    saveUninitialized: false,
+    cookie: {
+        secure: process.env.NODE_ENV === 'production', // Only send cookies over HTTPS in production
+        sameSite: process.env.NODE_ENV === 'production' ? 'none' : 'lax', //Cross-domain cookies = 'none'
+        maxAge: 24 * 60 * 60 * 1000
+    }
+}));
 app.use(passport.initialize());
 app.use(passport.session());
 

backend/validators/authValidator.js

@@ -18,7 +18,7 @@ const signupSchema = z.object({
         .min(8, "Password must be at least 8 characters long")
         .max(100, "Password must be at most 100 characters long")
         .regex(
-            /^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[^A-Za-z0-9\s])[^\s]{8,}$/,
+            /^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]+$/,
             'Password must contain uppercase, lowercase, number, and special character'
         ),
 });

src/pages/Login/Login.tsx

@@ -5,7 +5,7 @@ import { ThemeContext } from "../../context/ThemeContext";
 import type { ThemeContextType } from "../../context/ThemeContext";
 import { AuthContext } from "../../context/AuthContext";
 
-const backendUrl = import.meta.env.VITE_BACKEND_URL;
+const backendUrl = import.meta.env.VITE_BACKEND_URL || ""; // Fallback to an empty string if VITE_BACKEND_URL is undefined to ensure relative routing
 
 interface LoginFormData {
   email: string;
@@ -33,7 +33,7 @@ const Login: React.FC = () => {
 
     try {
       const response = await axios.post(`${backendUrl}/api/auth/login`, formData, {
-        withCredentials: true,
+        withCredentials: true
       });
       setMessage(response.data.message);
 

src/pages/Signup/Signup.tsx

@@ -6,7 +6,7 @@ import { User, Mail, Lock, Eye, EyeOff } from "lucide-react";
 import { ThemeContext } from "../../context/ThemeContext";
 import type { ThemeContextType } from "../../context/ThemeContext";
 
-const backendUrl = import.meta.env.VITE_BACKEND_URL;
+const backendUrl = import.meta.env.VITE_BACKEND_URL || ""; // Fallback to an empty string if VITE_BACKEND_URL is undefined to ensure relative routing
 
 interface SignUpFormData {
   username: string;
@@ -83,18 +83,21 @@ const SignUp: React.FC = () => {
     }
     setIsLoading(true);
     try {
-      const response = await axios.post(`${backendUrl}/api/auth/signup`,
-        formData,
-        { withCredentials: true }
-      );
+      const response = await axios.post(`${backendUrl}/api/auth/signup`, formData, { 
+        withCredentials: true 
+      });
       setMessage(response.data.message); // Show success message from backend
 
       // Navigate to login page after successful signup
       if (response.data.message === 'User created successfully') {
         navigate("/login");
       }
-    } catch (error: any) {
-      setMessage(error.response?.data?.message || "Something went wrong. Please try again.");
+    } catch (error) {
+      if (axios.isAxiosError(error)) {
+        setMessage(error.response?.data?.message || "Something went wrong. Please try again.");
+      } else {
+        setMessage("An unexpected error occurred. Please try again.");
+      }
     } finally {
       setIsLoading(false);
     }