Feature/auth enhancement

[arpit2006]

Related Issue

• Closes: ✨ UI Enhancement: Improve Sign In Page Design & User Experience #412
• Reference: ✨ UI Enhancement: Improve Sign In Page Design & User Experience #412

---

Description

Enhanced the Login Page UI/UX to create a more modern, responsive, and visually appealing authentication experience.

Improvements Made:

• Improved overall layout and spacing
• Enhanced responsiveness across devices
• Refined input fields and button styling
• Added smoother hover/focus interactions
• Improved visual hierarchy and alignment
• Enhanced accessibility and readability
• Updated colors, shadows, and card appearance for a cleaner modern look

---

How Has This Been Tested?

• Tested on desktop and mobile screen sizes
• Verified responsive behavior across different resolutions
• Checked form interactions and UI consistency
• Confirmed proper alignment and styling in different browsers

---

Screenshots

---

Type of Change

• Bug fix
• New feature
• Code style update
• Breaking change
• Documentation update

Summary by CodeRabbit

• New Features

  • Introduced Community Discussions feature with ability to create, edit, delete, and manage discussions
  • Added liking and commenting functionality for discussions
  • Implemented search, filtering by category/tags, and sorting (recent/trending) for discussions
  • Added Community link to main navigation

• Style

  • Redesigned authentication pages with improved layout and visual hierarchy

[netlify]

✅ Deploy Preview for github-spy ready!

Name	Link
🔨 Latest commit	df54e5f
🔍 Latest deploy log	https://app.netlify.com/projects/github-spy/deploys/6a16fd86a48b780007fc8796
😎 Deploy Preview	https://deploy-preview-574--github-spy.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[coderabbitai]

Warning

Review limit reached

@arpit2006, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 5 minutes and 32 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 38eccdd1-375a-493b-b2db-b9355ece1d70

📥 Commits

Reviewing files that changed from the base of the PR and between 5d0ce94 and df54e5f.

📒 Files selected for processing (11)

• backend/config/passportConfig.js
• backend/data/discussions.json
• backend/data/users.json
• backend/routes/auth.js
• backend/routes/discussions.js
• backend/server.js
• src/components/AuthShell.tsx
• src/pages/Community/Community.tsx
• src/pages/Home/Home.tsx
• src/pages/Login/Login.tsx
• src/pages/Signup/Signup.tsx

📝 Walkthrough

Walkthrough

This PR adds a complete Community Discussions feature with backend REST API and frontend page, introducing file-backed JSON authentication as a fallback when MongoDB is unavailable. It includes discussion CRUD, likes, comments, filtering, sorting, and refactored authentication pages using a new shared layout component.

Changes

Community Discussions Feature

Layer / File(s)	Summary
Data Models & Validation Schemas backend/models/Discussion.js, backend/validators/discussionValidator.js	Mongoose Discussion model with embedded CommentSchema and Zod schemas for discussions (title/body/category/tags) and comments (text) provide the data contracts.
Seeded Data Files backend/data/users.json, backend/data/discussions.json	Seed data includes one user with bcrypt-hashed password and one discussion with tags, likes, and a comment for testing.
File-Backed Authentication backend/routes/auth.js (lines 3–217)	Dual-mode auth routes: when MONGO_URI is absent, signup/login/logout use file-backed JSON persistence with lock-file concurrency control and bcrypt hashing; otherwise use existing Mongo + Passport flow.
Discussions REST API backend/routes/discussions.js	Complete CRUD endpoints with file persistence and in-process mutex: GET / (list/filter/sort), POST / (create), PUT /:id (update author-only), DELETE /:id (delete author-only), POST /:id/likes (toggle), and POST /:id/comments (add comment with validation).
Server Configuration & Integration backend/server.js	CORS origin now uses CLIENT_URL environment variable, MongoDB connection is non-blocking (server starts with or without it), session-based auth middleware applied when MongoDB unavailable, and discussions routes mounted at /api/discussions.
AuthShell Reusable Component src/components/AuthShell.tsx	New layout component with theme support (dark/light), badge/branding, highlight cards, static checklist, and flexible children/footer for consistent authentication page styling.
Login Page Refactor src/pages/Login/Login.tsx	Refactored to use AuthShell component, includes withCredentials: true for session cookies, backend URL fallback, and new highlight/branding copy.
Signup Page Refactor src/pages/Signup/Signup.tsx	Refactored to use AuthShell component, includes withCredentials: true, functional state updates, improved error handling, and new highlight/branding copy.
Community Discussions Page src/pages/Community/Community.tsx	Full-featured discussion component: create/edit/delete discussions, search/filter/sort, like/unlike, threaded comments, trending sidebar, stats panel, and authentication-gated actions with 401 error handling.
Frontend Navigation & Routes src/Routes/Router.tsx, src/components/Navbar.tsx, src/App.tsx	Routes /community and /discussions added, Navbar includes "Community" link in desktop and mobile menus, App.tsx layout changed to full-width column.

Sequence Diagram(s)

sequenceDiagram
    participant Client as Client (Browser)
    participant AuthAPI as Auth Routes
    participant UserStore as User JSON Store
    participant SessionMW as Session Middleware
    participant DiscAPI as Discussions Routes
    participant DiscStore as Discussions JSON Store

    Client->>AuthAPI: POST /signup (email, password)
    AuthAPI->>UserStore: Read users.json (under lock)
    alt User exists
        AuthAPI->>Client: 409 Conflict
    else New user
        AuthAPI->>UserStore: Write new user + bcrypt hash (lock+rename)
        AuthAPI->>SessionMW: Set req.session.authUser
        AuthAPI->>Client: 201 Created + Set-Cookie
    end

    Client->>AuthAPI: POST /login (email, password)
    AuthAPI->>UserStore: Read users.json (under lock)
    alt User found + password matches
        AuthAPI->>SessionMW: Set req.session.authUser
        AuthAPI->>Client: 200 OK + Set-Cookie
    else Invalid credentials
        AuthAPI->>Client: 401 Unauthorized
    end

    Client->>SessionMW: All requests with session cookie
    SessionMW->>SessionMW: Map req.session.authUser → req.user

    Client->>DiscAPI: GET /api/discussions?search=query&category=bug&sort=trending
    DiscAPI->>DiscStore: Read discussions.json (under mutex)
    DiscAPI->>DiscStore: Apply filter + compute trending score
    DiscAPI->>Client: 200 + filtered+sorted items + categories

    Client->>DiscAPI: POST /api/discussions (title, body, category, tags)
    Note over DiscAPI: Requires req.user (401 if missing)
    DiscAPI->>DiscStore: Prepend new discussion (UUID id, timestamps, under mutex)
    DiscAPI->>Client: 201 + new public discussion

    Client->>DiscAPI: POST /api/discussions/:id/likes
    DiscAPI->>DiscStore: Toggle user's like in discussion.likes array + update updatedAt
    DiscAPI->>Client: 200 + updated public discussion

    Client->>DiscAPI: POST /api/discussions/:id/comments (text)
    DiscAPI->>DiscStore: Append comment (UUID id, author, timestamp, under mutex)
    DiscAPI->>Client: 201 + updated public discussion

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Possibly related PRs

• GitMetricsLab/github_tracker#311: Introduces smaller responsive/styling adjustments to Login and Signup pages, overlapping with this PR's broader auth page refactors.
• GitMetricsLab/github_tracker#467: Modifies CORS and session-based auth middleware in backend/server.js, directly related to this PR's auth fallback and credentials handling.
• GitMetricsLab/github_tracker#229: Updates src/pages/Signup/Signup.tsx signup flow and axios POST to /api/auth/signup, overlapping with this PR's Signup page refactor and credential handling.

Suggested labels

level:advanced, type:feature

Suggested reviewers

• mehul-m-prajapati

Poem

🐰 A warren of discussions now blooms so bright,
With JSON as backup when Mongo takes flight,
Likes, comments, and filters all dance in the code,
While AuthShell guides users down the safe auth road,
From signup to signup, each layer does gleam,
This feature's complete—a full-featured dream! 🌙✨

🚥 Pre-merge checks | ✅ 2 | ❌ 3

❌ Failed checks (2 warnings, 1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The PR description focuses exclusively on auth UI/UX improvements but the actual changeset includes significant backend additions: discussion models, routes, JSON persistence, validators, and community page implementation—representing approximately 70% of the changes. This substantial mismatch indicates the description is incomplete.	Update the description to document all major changes: backend discussion feature implementation, JSON-based persistence layer, dual-mode auth (Mongo/file-backed), new API endpoints, and frontend Community page in addition to auth UI enhancements.
Out of Scope Changes check	⚠️ Warning	The PR contains extensive out-of-scope changes relative to issue #412: new Discussion model/routes/validators, JSON persistence for auth and discussions, dual-mode auth implementation, Community page, and discussion endpoints—none of which are mentioned in the linked issue.	Either split this PR into separate changes (auth UI enhancements vs. community discussions backend) or update the linked issues to reference separate tickets documenting the community discussion feature requirements.
Title check	❓ Inconclusive	The PR title 'Feature/auth enhancement' is vague and overly broad, failing to convey the primary focus of the substantial changeset that includes community discussions backend implementation, not just auth UI improvements.	Consider a more specific title that accurately reflects the main changes, such as 'Add community discussions backend and enhance auth UI' or focus on the most impactful change if that was the primary objective.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Linked Issues check	✅ Passed	The PR fully implements requirements from issue #412 including responsive two-column layout via AuthShell, visual hierarchy improvements, input focus states, password visibility toggle, accessibility enhancements, and gradient/card styling. However, it also adds substantial backend community discussion features not referenced in issue #412.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 15

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

backend/server.js (1)

17-31: ⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

Fix broken CORS block (syntax) and align auth fallback with Mongo connection failures.

• backend/server.js lines 17-31: the app.use(cors({ ... block is not closed before const allowedOrigins = ..., producing a SyntaxError and preventing the server from booting.
• backend/server.js: when mongoose.connect(...) fails but MONGO_URI is still set, startServer() still runs; however backend/routes/auth.js selects auth mode via Boolean(process.env.MONGO_URI) and the server’s file-backed auth middleware only registers when !process.env.MONGO_URI, so auth won’t fall back during Mongo outages.

🧹 Nitpick comments (5)

src/pages/Community/Community.tsx (4)

213-226: ⚡ Quick win

Consider adding a confirmation dialog before deletion.

The delete handler immediately removes the discussion without user confirmation. Adding a confirmation step would prevent accidental deletions and improve the user experience, especially for valuable content.

💡 Suggested improvement

 const handleDelete = async (discussionId: string) => {
+  if (!window.confirm("Are you sure you want to delete this discussion? This action cannot be undone.")) {
+    return;
+  }
+
   try {
     await axios.delete(`${apiBase}/api/discussions/${discussionId}`, { withCredentials: true });

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/pages/Community/Community.tsx` around lines 213 - 226, Add a user
confirmation step inside the handleDelete function before calling axios.delete:
when handleDelete(discussionId) is invoked, show a confirmation (e.g.,
window.confirm or trigger your existing Modal/Confirm component) and only
proceed with the axios.delete, loadDiscussions(), and setMessage("Discussion
deleted.") if the user confirms; otherwise abort without making the HTTP call.
Keep the existing auth/error handling intact (the try/catch and
axios.isAxiosError check) and place the confirmation check at the very start of
handleDelete so accidental deletions are prevented.

---

107-107: ⚡ Quick win

Remove unused filteredDiscussions or implement actual filtering.

The filteredDiscussions memo simply returns discussions unchanged, which provides no value and is misleading. Either implement the filtering logic or remove this memo and use discussions directly throughout the component.

♻️ Proposed fix

-  const filteredDiscussions = useMemo(() => discussions, [discussions]);
-
   const trendingDiscussions = useMemo(
-    () => [...filteredDiscussions]
+    () => [...discussions]
       .sort((left, right) => {
         const leftScore = left.likesCount * 2 + left.commentsCount;
         const rightScore = right.likesCount * 2 + right.commentsCount;
         return rightScore - leftScore;
       })
       .slice(0, 3),
-    [filteredDiscussions]
+    [discussions]
   );

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/pages/Community/Community.tsx` at line 107, The useMemo call creating
filteredDiscussions simply returns discussions unchanged (const
filteredDiscussions = useMemo(() => discussions, [discussions])) and should be
removed or replaced with real filtering; update the Community component to
either remove filteredDiscussions and use discussions directly wherever
filteredDiscussions is referenced, or implement the intended filter logic inside
the useMemo (e.g., derive a filtered array from discussions based on component
state/props) and ensure the dependency array includes the filter inputs so the
memo is correct.

---

254-261: ⚖️ Poor tradeoff

Consider optimistic UI updates for comment interactions.

Similar to the like handler, posting a comment triggers a full reload of all discussions. Consider appending the new comment optimistically to local state and only fetching the updated discussion from the server, or using a WebSocket/polling strategy for real-time updates without full page refreshes.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/pages/Community/Community.tsx` around lines 254 - 261, Currently the
comment POST handler uses axios.post then calls loadDiscussions() which reloads
all discussions; replace this with an optimistic update by appending a temporary
comment object to the local discussions state for the specific discussion, then
clear the draft with setCommentDrafts and call the API (axios.post) in
background; on success replace the temp comment with the server response (or
fetch only that discussion), and on failure remove the temp comment and show an
error. Locate the POST logic around axios.post, the state updater
setCommentDrafts and the loadDiscussions call and modify it to: create a temp
comment (using discussionId and commentText), update the discussions state to
include it, clear the draft, send the axios.post, then reconcile the response by
updating that discussion’s comments or reverting on error.

---

228-240: ⚖️ Poor tradeoff

Consider optimistic UI updates for like interactions.

Currently, liking a discussion triggers a full reload of all discussions via loadDiscussions(). This creates unnecessary network traffic and may cause UI flicker. Consider implementing optimistic updates by immediately toggling the like state in local state, then reconciling with the server response. This would provide instant feedback and reduce API load.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/pages/Community/Community.tsx` around lines 228 - 240, Refactor
handleLike to perform an optimistic UI update instead of calling
loadDiscussions(): immediately toggle the liked state and update like count in
the local discussions state (the state modified by loadDiscussions) for the
discussionId, then fire the axios POST to
`${apiBase}/api/discussions/${discussionId}/likes` with withCredentials; on
success keep the optimistic state, on error (including axios.isAxiosError 401)
revert the local change and call setIsAuthenticated(false)/setMessage("Sign in
to like discussions.") for 401 or setMessage("Unable to update like state.") for
other failures. Keep references to handleLike, loadDiscussions,
setIsAuthenticated, and setMessage so reviewers can find the updated logic and
ensure reconciliation paths revert state consistently.

backend/models/Discussion.js (1)

3-21: ⚡ Quick win

Keep the Mongoose schema aligned with the request validator.

backend/validators/discussionValidator.js currently enforces comment.text min length, category min length, and a max of 6 tags, but those bounds are missing here. Any Mongo write path that bypasses validateRequest(...) can persist documents the API later rejects. Mirror the same limits in the schema so both persistence modes share one contract.

Also applies to: 40-55

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@backend/models/Discussion.js` around lines 3 - 21, The Mongoose schema
(CommentSchema) is missing the request-validator bounds: add minlength for text
to match discussionValidator (e.g., text.minlength), enforce category's
minlength on the Discussion schema, and limit tags length to max 6 (use tags: [{
type: String, trim: true }], validate: v => v.length <= 6). Update CommentSchema
and the related Discussion schema (the block referenced at lines ~40-55) to
mirror the same minlength/max constraints from
backend/validators/discussionValidator.js so DB writes cannot bypass the
request-level rules.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@backend/data/users.json`:
- Around line 4-7: The seeded auth store in backend/data/users.json contains
real PII and a reusable password hash (fields id, username, email, password);
remove these real values and replace them with clearly fake/demo data (e.g., a
dummy UUID, username "demo-user", a non-real email like "user@example.com", and
a non-functional placeholder password/hash) or remove the hardcoded user
entirely and instead generate the user at test/demo setup time; ensure no real
personal emails or production password hashes remain in users.json and update
any tests/fixtures that depend on this seeded record to use the new fake/demo
user or dynamic creation.

In `@backend/routes/auth.js`:
- Around line 163-169: Change the two different 401 responses into a single
generic failure message so email presence can't be inferred: in the login route
handler in backend/routes/auth.js, replace both res.status(401).json({ message:
'Email is invalid ' }) and res.status(401).json({ message: 'Invalid password' })
with the same payload (e.g., res.status(401).json({ message: 'Invalid email or
password' })); keep the existing user lookup (user) and password check (isMatch
via bcrypt.compare) logic but ensure both failure paths (user missing or
!isMatch) return the identical response.
- Around line 60-69: The catch in readUsersUnlocked currently swallows
JSON.parse errors and returns an empty array, which can cause corruption to be
overwritten on next signup; change the error handling in readUsersUnlocked so
that on JSON.parse failure it throws a descriptive error (including the
usersFile path and the original exception) instead of returning [], allowing
callers (and ensureUsersFileUnlocked or route handlers) to surface a 5xx error
rather than treating the store as empty.
- Around line 172-177: In the non-Mongo /login flow, avoid session fixation by
calling req.session.regenerate (or the app's session rotation helper) before
assigning req.session.authUser and req.user in createSessionUser; update the
login handler to invoke req.session.regenerate((err) => { if err -> handle/log
and return 500 }, then call createSessionUser(req, user), set req.user, and send
the 200 JSON response—ensure errors from regenerate are handled and the response
is only sent after successful regeneration and session assignment.

In `@backend/routes/discussions.js`:
- Around line 36-39: The writeStore function currently writes directly to
dataFile which can leave discussions.json partially written; change writeStore
(and keep using ensureDataFile) to write JSON to a temporary file (e.g.,
dataFile + '.tmp' or a unique tmp name in the same directory) then fs.rename
that temp file to dataFile so the rename is atomic and readers never see a
partial file; mirror the temp-file-plus-rename approach used in
backend/routes/auth.js and ensure the temp file is written with utf8 and closed
before renaming.
- Around line 133-138: The handler currently calls getCommunityIdentity(req)
unconditionally which may write req.session and create sessions for anonymous
GETs; change the router.get('/') logic to only call getCommunityIdentity when
req.user is present, otherwise read an existing guest id from req.session
without invoking getCommunityIdentity (or set currentUserId to null) so you
don't modify req.session; specifically adjust how currentUserId is computed in
the router.get callback to avoid calling getCommunityIdentity for anonymous
requests.

In `@backend/server.js`:
- Around line 68-79: The auth fallback is still gated by
Boolean(process.env.MONGO_URI) in backend/routes/auth.js even when
mongoose.connect fails; change the initialization to derive auth mode from
actual connection success instead: add a shared flag (e.g., mongooseConnected)
or pass an explicit fallback parameter into the routes initializer when calling
startServer so that startServer (or the code that mounts backend/routes/auth.js)
can choose the JSON fallback when mongoose.connect rejects; update the
mongoose.connect .then() to set the flag to true and .catch() to set it false
before invoking startServer, and modify backend/routes/auth.js to read that flag
(or accept the passed parameter) instead of Boolean(process.env.MONGO_URI).

In `@src/App.tsx`:
- Line 20: The App.tsx change removed parent centering from the main container
which exposes that Home's top-level wrapper (the Home component's root <div> in
Home.tsx) is empty and no longer vertically centers content; update the Home
component's root wrapper to restore vertical spacing by adding appropriate
layout utility classes (for example min-h-screen and flex with items-center and
justify-center or equivalent padding/margins) so the home page matches the
intended centering/alignment when rendered inside the modified main in App.tsx.

In `@src/components/AuthShell.tsx`:
- Around line 63-67: Labels use fixed pale tokens (text-cyan-300/90 and
text-fuchsia-300/90) that are too light on the light card variant; update the
JSX in the highlights mapping to choose darker accent tokens when mode ===
"light" (e.g., use text-cyan-600/90 or text-fuchsia-600/90 for light mode)
instead of the current static classes, apply the same change to the second
occurrence around lines 72-73, and keep the selection tied to the existing mode
variable so highlight.title rendering uses a conditional class rather than a
hardcoded token.

In `@src/pages/Community/Community.tsx`:
- Around line 371-383: The category dropdown (<select> using
value={selectedCategory} and onChange={event =>
setSelectedCategory(event.target.value)}) is missing an accessible label; add a
descriptive label so screen readers understand its purpose—either add an
aria-label like "Filter by category" to that <select> or add a <label> element
(visually hidden via your "sr-only" or equivalent class) associated with the
select to describe it (e.g., "Category" or "Filter by category").
- Around line 361-369: The search input currently uses only placeholder text and
is not accessible; update the input element (the one with value={search} and
onChange={(event) => setSearch(event.target.value)}) to include an accessible
label—either add an aria-label like aria-label="Search discussions, tags, or
categories" or add a visually hidden <label> (use the site's sr-only class)
associated via htmlFor/id—so screen readers announce the field when focused.
- Around line 120-146: The loadDiscussions callback incorrectly sets
setIsAuthenticated(true) for any 200 response and redundantly calls setError("")
after already clearing error; change it to derive authentication from the
response payload (e.g., check response.data.currentUserId,
response.data.identity?.id, or an explicit response.data.isAuthenticated flag
returned by the backend/routes/discussions.js/toPublicDiscussion logic) and only
call setIsAuthenticated(true) when an identity/flag exists; also remove the
duplicate setError("") after setting discussions/categories so error is only
cleared at the function start.

In `@src/pages/Login/Login.tsx`:
- Around line 140-146: The login feedback banner in the Login component (the JSX
that renders when the message variable is truthy) uses pastel text classes
(text-rose-300 / text-emerald-300) that are hard to read in light mode; update
the className on that div to be theme-aware using Tailwind dark: variants so
light-mode uses stronger/darker text and borders (e.g. replace text-rose-300
with text-rose-700 and add dark:text-rose-300, and similarly replace
text-emerald-300 with text-emerald-700 and add dark:text-emerald-300), and
adjust the corresponding border-*/bg-* classes to include dark: variants so the
banner reads well in both light and dark themes.

In `@src/pages/Signup/Signup.tsx`:
- Line 168: Validation and result messages use light 300-tone colors that are
too faint on light card variant; update the classNames for the inline error <p>
elements (e.g., the element rendering errors.username) and the signup
result/banner to use a darker tone (e.g., text-rose-600 for errors and
text-emerald-600 for success) or switch to theme-aware classes (conditional
className or tailwind's dark: variants) so the text is readable in light mode
while preserving current dark-mode styles.
- Line 9: The backendUrl constant in Signup.tsx currently falls back to
"http://localhost:5000" which causes production builds without VITE_BACKEND_URL
to point browsers at localhost; change the fallback to the same-origin pattern
used in Login.tsx (i.e., use import.meta.env.VITE_BACKEND_URL ||
window.location.origin for non-development) so backendUrl and any signup POSTs
use the site origin when the env var is missing; update the backendUrl
declaration and any usages of backendUrl in the Signup component accordingly.

---

Nitpick comments:
In `@backend/models/Discussion.js`:
- Around line 3-21: The Mongoose schema (CommentSchema) is missing the
request-validator bounds: add minlength for text to match discussionValidator
(e.g., text.minlength), enforce category's minlength on the Discussion schema,
and limit tags length to max 6 (use tags: [{ type: String, trim: true }],
validate: v => v.length <= 6). Update CommentSchema and the related Discussion
schema (the block referenced at lines ~40-55) to mirror the same minlength/max
constraints from backend/validators/discussionValidator.js so DB writes cannot
bypass the request-level rules.

In `@src/pages/Community/Community.tsx`:
- Around line 213-226: Add a user confirmation step inside the handleDelete
function before calling axios.delete: when handleDelete(discussionId) is
invoked, show a confirmation (e.g., window.confirm or trigger your existing
Modal/Confirm component) and only proceed with the axios.delete,
loadDiscussions(), and setMessage("Discussion deleted.") if the user confirms;
otherwise abort without making the HTTP call. Keep the existing auth/error
handling intact (the try/catch and axios.isAxiosError check) and place the
confirmation check at the very start of handleDelete so accidental deletions are
prevented.
- Line 107: The useMemo call creating filteredDiscussions simply returns
discussions unchanged (const filteredDiscussions = useMemo(() => discussions,
[discussions])) and should be removed or replaced with real filtering; update
the Community component to either remove filteredDiscussions and use discussions
directly wherever filteredDiscussions is referenced, or implement the intended
filter logic inside the useMemo (e.g., derive a filtered array from discussions
based on component state/props) and ensure the dependency array includes the
filter inputs so the memo is correct.
- Around line 254-261: Currently the comment POST handler uses axios.post then
calls loadDiscussions() which reloads all discussions; replace this with an
optimistic update by appending a temporary comment object to the local
discussions state for the specific discussion, then clear the draft with
setCommentDrafts and call the API (axios.post) in background; on success replace
the temp comment with the server response (or fetch only that discussion), and
on failure remove the temp comment and show an error. Locate the POST logic
around axios.post, the state updater setCommentDrafts and the loadDiscussions
call and modify it to: create a temp comment (using discussionId and
commentText), update the discussions state to include it, clear the draft, send
the axios.post, then reconcile the response by updating that discussion’s
comments or reverting on error.
- Around line 228-240: Refactor handleLike to perform an optimistic UI update
instead of calling loadDiscussions(): immediately toggle the liked state and
update like count in the local discussions state (the state modified by
loadDiscussions) for the discussionId, then fire the axios POST to
`${apiBase}/api/discussions/${discussionId}/likes` with withCredentials; on
success keep the optimistic state, on error (including axios.isAxiosError 401)
revert the local change and call setIsAuthenticated(false)/setMessage("Sign in
to like discussions.") for 401 or setMessage("Unable to update like state.") for
other failures. Keep references to handleLike, loadDiscussions,
setIsAuthenticated, and setMessage so reviewers can find the updated logic and
ensure reconciliation paths revert state consistently.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: a19d2cd6-95dd-4cab-b4d6-b0a8bfdb137b

📥 Commits

Reviewing files that changed from the base of the PR and between 4ae0ef6 and 5d0ce94.

📒 Files selected for processing (14)

• backend/data/discussions.json
• backend/data/users.json
• backend/models/Discussion.js
• backend/routes/auth.js
• backend/routes/discussions.js
• backend/server.js
• backend/validators/discussionValidator.js
• src/App.tsx
• src/Routes/Router.tsx
• src/components/AuthShell.tsx
• src/components/Navbar.tsx
• src/pages/Community/Community.tsx
• src/pages/Login/Login.tsx
• src/pages/Signup/Signup.tsx

[arpit2006]

@mehul-m-prajapati , Requesting Review!