├── frontend
    ├── src
    │   ├── index.css
    │   ├── utils
    │   │   └── date.js
    │   ├── main.jsx
    │   ├── components
    │   │   ├── Input.jsx
    │   │   ├── FloatingShape.jsx
    │   │   ├── LoadingSpinner.jsx
    │   │   └── PasswordStrengthMeter.jsx
    │   ├── pages
    │   │   ├── LoginPage.jsx
    │   │   ├── DashboardPage.jsx
    │   │   ├── ResetPasswordPage.jsx
    │   │   ├── ForgotPasswordPage.jsx
    │   │   ├── SignUpPage.jsx
    │   │   └── EmailVerificationPage.jsx
    │   ├── store
    │   │   └── authStore.js
    │   └── App.jsx
    ├── postcss.config.js
    ├── vite.config.js
    ├── tailwind.config.js
    ├── .gitignore
    ├── index.html
    ├── .eslintrc.cjs
    ├── README.md
    ├── package.json
    └── public
    │   └── vite.svg
├── .env.example
├── backend
    ├── db
    │   └── connectDB.js
    ├── mailtrap
    │   ├── mailtrap.config.js
    │   ├── emails.js
    │   └── emailTemplates.js
    ├── utils
    │   └── generateTokenAndSetCookie.js
    ├── routes
    │   └── auth.route.js
    ├── middleware
    │   └── verifyToken.js
    ├── models
    │   └── user.model.js
    ├── index.js
    └── controllers
    │   └── auth.controller.js
├── .gitignore
├── package.json
└── README.md


/frontend/src/index.css:
--------------------------------------------------------------------------------
1 | @tailwind base;
2 | @tailwind components;
3 | @tailwind utilities;


--------------------------------------------------------------------------------
/frontend/postcss.config.js:
--------------------------------------------------------------------------------
1 | export default {
2 |   plugins: {
3 |     tailwindcss: {},
4 |     autoprefixer: {},
5 |   },
6 | }


--------------------------------------------------------------------------------
/frontend/vite.config.js:
--------------------------------------------------------------------------------
1 | import { defineConfig } from 'vite'
2 | import react from '@vitejs/plugin-react'
3 | 
4 | // https://vite.dev/config/
5 | export default defineConfig({
6 |   plugins: [react()],
7 | })
8 | 


--------------------------------------------------------------------------------
/frontend/tailwind.config.js:
--------------------------------------------------------------------------------
1 | /** @type {import('tailwindcss').Config} */
2 | export default {
3 | 	content: ["./index.html", "./src/**/*.{js,ts,jsx,tsx}"],
4 | 	theme: {
5 | 		extend: {},
6 | 	},
7 | 	plugins: [],
8 | };


--------------------------------------------------------------------------------
/.env.example:
--------------------------------------------------------------------------------
1 | MONGO_URI=your_mongo_uri
2 | PORT=5000
3 | JWT_SECRET=your_jwt_secret
4 | NODE_ENV=development
5 | MAILTRAP_TOKEN=your_mailtrap_token
6 | MAILTRAP_ENDPOINT=your_mailtrap_endpoint
7 | 
8 | CLIENT_URL=http://localhost:5173


--------------------------------------------------------------------------------
/frontend/.gitignore:
--------------------------------------------------------------------------------
 1 | # Logs
 2 | logs
 3 | *.log
 4 | npm-debug.log*
 5 | yarn-debug.log*
 6 | yarn-error.log*
 7 | pnpm-debug.log*
 8 | lerna-debug.log*
 9 | 
10 | node_modules
11 | dist
12 | dist-ssr
13 | *.local
14 | 
15 | # Editor directories and files
16 | .vscode/*
17 | !.vscode/extensions.json
18 | .idea
19 | .DS_Store
20 | *.suo
21 | *.ntvs*
22 | *.njsproj
23 | *.sln
24 | *.sw?
25 | 


--------------------------------------------------------------------------------
/frontend/src/utils/date.js:
--------------------------------------------------------------------------------
 1 | export const formatDate = (dateString) => {
 2 | 	const date = new Date(dateString);
 3 | 	if (isNaN(date.getTime())) {
 4 | 		return "Invalid Date";
 5 | 	}
 6 | 
 7 | 	return date.toLocaleString("en-US", {
 8 | 		year: "numeric",
 9 | 		month: "short",
10 | 		day: "numeric",
11 | 		hour: "2-digit",
12 | 		minute: "2-digit",
13 | 		hour12: true,
14 | 	});
15 | };
16 | 


--------------------------------------------------------------------------------
/frontend/src/main.jsx:
--------------------------------------------------------------------------------
 1 | import React from "react";
 2 | import ReactDOM from "react-dom/client";
 3 | import App from "./App.jsx";
 4 | import "./index.css";
 5 | import { BrowserRouter } from "react-router-dom";
 6 | 
 7 | ReactDOM.createRoot(document.getElementById("root")).render(
 8 | 	<React.StrictMode>
 9 | 		<BrowserRouter>
10 | 			<App />
11 | 		</BrowserRouter>
12 | 	</React.StrictMode>
13 | );
14 | 


--------------------------------------------------------------------------------
/backend/db/connectDB.js:
--------------------------------------------------------------------------------
 1 | import mongoose from "mongoose";
 2 | 
 3 | export const connectDB = async () => {
 4 | 	try {
 5 | 		const conn = await mongoose.connect(process.env.MONGO_URI);
 6 | 		console.log(`MongoDB Connected: ${conn.connection.host}`);
 7 | 	} catch (error) {
 8 | 		console.log("Error connection to MongoDB: ", error.message);
 9 | 		process.exit(1); // 1 is failure, 0 status code is success
10 | 	}
11 | };


--------------------------------------------------------------------------------
/frontend/index.html:
--------------------------------------------------------------------------------
 1 | <!doctype html>
 2 | <html lang="en">
 3 |   <head>
 4 |     <meta charset="UTF-8" />
 5 |     <link rel="icon" type="image/svg+xml" href="/vite.svg" />
 6 |     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
 7 |     <title>Vite + React</title>
 8 |   </head>
 9 |   <body>
10 |     <div id="root"></div>
11 |     <script type="module" src="/src/main.jsx"></script>
12 |   </body>
13 | </html>
14 | 


--------------------------------------------------------------------------------
/backend/mailtrap/mailtrap.config.js:
--------------------------------------------------------------------------------
 1 | import { MailtrapClient } from "mailtrap";
 2 | import dotenv from "dotenv";
 3 | dotenv.config();
 4 | 
 5 | const TOKEN = process.env.MAILTRAP_TOKEN;
 6 | const ENDPOINT = process.env.MAILTRAP_ENDPOINT;
 7 | 
 8 | export const mailtrapClient = new MailtrapClient({
 9 |   endpoint: ENDPOINT,
10 |   token: TOKEN,
11 | });
12 | 
13 | export const sender = {
14 |   email: "hello@demomailtrap.co",
15 |   name: "MERN_ADVANCED_AUTH",
16 | };
17 | 


--------------------------------------------------------------------------------
/backend/utils/generateTokenAndSetCookie.js:
--------------------------------------------------------------------------------
 1 | import jwt from "jsonwebtoken";
 2 | 
 3 | 
 4 | export const generateTokenAndSetCookie = (res, userId) => {
 5 |   const token = jwt.sign({ userId}, process.env.JWT_SECRET, {
 6 |     expiresIn: "7d",
 7 |   });
 8 | 
 9 |   res.cookie("token", token, {
10 |     httpOnly: true,
11 |     secure: process.env.NODE_ENV === "production",
12 |     sameSite: "strict",
13 |     maxAge: 7 * 24 * 60 * 60 * 1000, // 7 days
14 |   });
15 | 
16 |   return token;
17 | 
18 | }


--------------------------------------------------------------------------------
/frontend/src/components/Input.jsx:
--------------------------------------------------------------------------------
 1 | const Input = ({ icon: Icon, ...props }) => {
 2 | 	return (
 3 | 		<div className='relative mb-6'>
 4 | 			<div className='absolute inset-y-0 left-0 flex items-center pl-3 pointer-events-none'>
 5 | 				<Icon className='size-5 text-green-500' />
 6 | 			</div>
 7 | 			<input
 8 | 				{...props}
 9 | 				className='w-full pl-10 pr-3 py-2 bg-gray-800 bg-opacity-50 rounded-lg border border-gray-700 focus:border-green-500 focus:ring-2 focus:ring-green-500 text-white placeholder-gray-400 transition duration-200'
10 | 			/>
11 | 		</div>
12 | 	);
13 | };
14 | export default Input;
15 | 


--------------------------------------------------------------------------------
/frontend/src/components/FloatingShape.jsx:
--------------------------------------------------------------------------------
 1 | import { motion } from "framer-motion";
 2 | 
 3 | const FloatingShape = ({ color, size, top, left, delay }) => {
 4 | 	return (
 5 | 		<motion.div
 6 | 			className={`absolute rounded-full ${color} ${size} opacity-20 blur-xl`}
 7 | 			style={{ top, left }}
 8 | 			animate={{
 9 | 				y: ["0%", "100%", "0%"],
10 | 				x: ["0%", "100%", "0%"],
11 | 				rotate: [0, 360],
12 | 			}}
13 | 			transition={{
14 | 				duration: 20,
15 | 				ease: "linear",
16 | 				repeat: Infinity,
17 | 				delay,
18 | 			}}
19 | 			aria-hidden='true'
20 | 		/>
21 | 	);
22 | };
23 | export default FloatingShape;
24 | 


--------------------------------------------------------------------------------
/frontend/src/components/LoadingSpinner.jsx:
--------------------------------------------------------------------------------
 1 | import { motion } from "framer-motion";
 2 | 
 3 | const LoadingSpinner = () => {
 4 | 	return (
 5 | 		<div className='min-h-screen bg-gradient-to-br from-gray-900 via-green-900 to-emerald-900 flex items-center justify-center relative overflow-hidden'>
 6 | 			{/* Simple Loading Spinner */}
 7 | 			<motion.div
 8 | 				className='w-16 h-16 border-4 border-t-4 border-t-green-500 border-green-200 rounded-full'
 9 | 				animate={{ rotate: 360 }}
10 | 				transition={{ duration: 1, repeat: Infinity, ease: "linear" }}
11 | 			/>
12 | 		</div>
13 | 	);
14 | };
15 | 
16 | export default LoadingSpinner;
17 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
 1 | # Node.js dependencies
 2 | /node_modules
 3 | 
 4 | # Logs
 5 | logs
 6 | *.log
 7 | npm-debug.log*
 8 | yarn-debug.log*
 9 | yarn-error.log*
10 | 
11 | # Environment variables
12 | .env
13 | .env.local
14 | .env.*.local
15 | 
16 | # Build output
17 | /build
18 | /dist
19 | /public/build
20 | 
21 | # Cache
22 | .cache
23 | .next
24 | out
25 | temp
26 | 
27 | # Editor directories and files
28 | .idea/
29 | .vscode/
30 | *.swp
31 | *.swo
32 | 
33 | # OS generated files
34 | .DS_Store
35 | Thumbs.db
36 | 
37 | # Coverage directory
38 | coverage
39 | 
40 | # Debug files
41 | *.pid
42 | *.seed
43 | *.pid.lock
44 | 
45 | # Miscellaneous
46 | *.tgz
47 | *.lock-wscript


--------------------------------------------------------------------------------
/backend/routes/auth.route.js:
--------------------------------------------------------------------------------
 1 | import express from 'express';
 2 | import { login, logout, signup, verifyEmail, forgotPassword, resetPassword, checkAuth } from '../controllers/auth.controller.js';
 3 | import { verifyToken } from '../middleware/verifyToken.js';
 4 | 
 5 | const router = express.Router();
 6 | 
 7 | router.get("/check-auth", verifyToken, checkAuth);
 8 | 
 9 | router.post("/signup", signup);
10 | router.post("/login", login);
11 | router.post("/logout", logout);
12 | 
13 | router.post("/verify-email", verifyEmail);
14 | router.post("/forgot-password", forgotPassword);
15 | 
16 | router.post("/reset-password/:token", resetPassword);
17 | 
18 | export default router;


--------------------------------------------------------------------------------
/backend/middleware/verifyToken.js:
--------------------------------------------------------------------------------
 1 | import jwt from "jsonwebtoken";
 2 | 
 3 | export const verifyToken = (req, res, next) => {
 4 | 	const token = req.cookies.token;
 5 | 	if (!token) return res.status(401).json({ success: false, message: "Unauthorized - no token provided" });
 6 | 	try {
 7 | 		const decoded = jwt.verify(token, process.env.JWT_SECRET);
 8 | 
 9 | 		if (!decoded) return res.status(401).json({ success: false, message: "Unauthorized - invalid token" });
10 | 
11 | 		req.userId = decoded.userId;
12 | 		next();
13 | 	} catch (error) {
14 | 		console.log("Error in verifyToken ", error);
15 | 		return res.status(500).json({ success: false, message: "Server error" });
16 | 	}
17 | };


--------------------------------------------------------------------------------
/frontend/.eslintrc.cjs:
--------------------------------------------------------------------------------
 1 | module.exports = {
 2 | 	root: true,
 3 | 	env: { browser: true, es2020: true },
 4 | 	extends: [
 5 | 		"eslint:recommended",
 6 | 		"plugin:react/recommended",
 7 | 		"plugin:react/jsx-runtime",
 8 | 		"plugin:react-hooks/recommended",
 9 | 	],
10 | 	ignorePatterns: ["dist", ".eslintrc.cjs"],
11 | 	parserOptions: { ecmaVersion: "latest", sourceType: "module" },
12 | 	settings: { react: { version: "18.2" } },
13 | 	plugins: ["react-refresh"],
14 | 	rules: {
15 | 		"react/prop-types": "off",
16 | 		"react/no-unescaped-entities": "off",
17 | 		"react/jsx-no-target-blank": "off",
18 | 		"react-refresh/only-export-components": ["warn", { allowConstantExport: true }],
19 | 	},
20 | };
21 | 


--------------------------------------------------------------------------------
/package.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "name": "mern-advanced-auth",
 3 |   "version": "1.0.0",
 4 |   "main": "backend/index.js",
 5 |   "scripts": {
 6 |     "dev": "nodemon backend/index.js",
 7 |     "start": "node backend/index.js"
 8 |   },
 9 |   "keywords": [],
10 |   "author": "",
11 |   "type": "module",
12 |   "license": "ISC",
13 |   "description": "",
14 |   "dependencies": {
15 |     "bcryptjs": "^3.0.2",
16 |     "cookie-parser": "^1.4.7",
17 |     "cors": "^2.8.5",
18 |     "crypto": "^1.0.1",
19 |     "dotenv": "^16.5.0",
20 |     "express": "^5.1.0",
21 |     "jsonwebtoken": "^9.0.2",
22 |     "mailtrap": "^4.1.0",
23 |     "mongoose": "^8.14.1"
24 |   },
25 |   "devDependencies": {
26 |     "nodemon": "^3.1.10"
27 |   }
28 | }
29 | 


--------------------------------------------------------------------------------
/backend/models/user.model.js:
--------------------------------------------------------------------------------
 1 | import mongoose from "mongoose";
 2 | 
 3 | const userSchema = new mongoose.Schema({
 4 |   email: {
 5 |     type: String,
 6 |     required: true,
 7 |     unique: true,
 8 |   },
 9 |   password: {
10 |     type: String,
11 |     required: true,
12 |   },
13 |   name: {
14 |     type: String,
15 |     required: true,
16 |   },
17 |   lastLogin: {
18 |     type: Date,
19 |     default: Date.now,
20 |   },
21 |   isVerified: {
22 |     type: Boolean,
23 |     default: false,
24 |   },
25 |   resetPasswordToken: String,
26 |   resetPasswordExpiresAt: Date,
27 |   verificationToken: String,
28 |   verificationTokenExpiresAt: Date,
29 | 
30 | }, {timestamps: true,});  
31 | 
32 | 
33 | export const User = mongoose.model("User", userSchema);


--------------------------------------------------------------------------------
/backend/index.js:
--------------------------------------------------------------------------------
 1 | import express from 'express';
 2 | import dotenv from 'dotenv';
 3 | import cors from 'cors';
 4 | import cookieParser from 'cookie-parser';
 5 | import { connectDB } from './db/connectDB.js';
 6 | import authRoutes from './routes/auth.route.js'; 
 7 | 
 8 | dotenv.config();
 9 | 
10 | const app = express();
11 | const PORT = process.env.PORT || 3000;
12 | 
13 | 
14 | app.use(cors({ origin: "http://localhost:5173", credentials: true }));
15 | 
16 | app.use(express.json()); // allows us to parse incoming requests:req.body
17 | app.use(cookieParser()); // enables cookie parsing for incoming requests
18 | 
19 | app.use("/api/auth", authRoutes);
20 | 
21 | app.listen(PORT, () => {
22 |   connectDB();
23 |   console.log(`Server is running on port ${PORT}`);
24 | });
25 | 
26 | 


--------------------------------------------------------------------------------
/frontend/README.md:
--------------------------------------------------------------------------------
 1 | # React + Vite
 2 | 
 3 | This template provides a minimal setup to get React working in Vite with HMR and some ESLint rules.
 4 | 
 5 | Currently, two official plugins are available:
 6 | 
 7 | - [@vitejs/plugin-react](https://github.com/vitejs/vite-plugin-react/blob/main/packages/plugin-react) uses [Babel](https://babeljs.io/) for Fast Refresh
 8 | - [@vitejs/plugin-react-swc](https://github.com/vitejs/vite-plugin-react/blob/main/packages/plugin-react-swc) uses [SWC](https://swc.rs/) for Fast Refresh
 9 | 
10 | ## Expanding the ESLint configuration
11 | 
12 | If you are developing a production application, we recommend using TypeScript with type-aware lint rules enabled. Check out the [TS template](https://github.com/vitejs/vite/tree/main/packages/create-vite/template-react-ts) for information on how to integrate TypeScript and [`typescript-eslint`](https://typescript-eslint.io) in your project.
13 | 


--------------------------------------------------------------------------------
/frontend/package.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "name": "frontend",
 3 |   "private": true,
 4 |   "version": "0.0.0",
 5 |   "type": "module",
 6 |   "scripts": {
 7 |     "dev": "vite",
 8 |     "build": "vite build",
 9 |     "lint": "eslint . --ext js,jsx --report-unused-disable-directives --max-warnings 0",
10 |     "preview": "vite preview"
11 |   },
12 |   "dependencies": {
13 |     "axios": "^1.7.3",
14 |     "framer-motion": "^11.3.21",
15 |     "lucide-react": "^0.424.0",
16 |     "react": "^18.3.1",
17 |     "react-dom": "^18.3.1",
18 |     "react-hot-toast": "^2.4.1",
19 |     "react-router-dom": "^6.26.0",
20 |     "zustand": "^4.5.4"
21 |   },
22 |   "devDependencies": {
23 |     "@types/react": "^18.3.3",
24 |     "@types/react-dom": "^18.3.0",
25 |     "@vitejs/plugin-react": "^4.3.1",
26 |     "autoprefixer": "^10.4.20",
27 |     "eslint": "^8.57.0",
28 |     "eslint-plugin-react": "^7.34.3",
29 |     "eslint-plugin-react-hooks": "^4.6.2",
30 |     "eslint-plugin-react-refresh": "^0.4.7",
31 |     "postcss": "^8.4.40",
32 |     "tailwindcss": "^3.4.17",
33 |     "vite": "^5.3.4"
34 |   }
35 | }
36 | 


--------------------------------------------------------------------------------
/frontend/public/vite.svg:
--------------------------------------------------------------------------------
1 | <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" aria-hidden="true" role="img" class="iconify iconify--logos" width="31.88" height="32" preserveAspectRatio="xMidYMid meet" viewBox="0 0 256 257"><defs><linearGradient id="IconifyId1813088fe1fbc01fb466" x1="-.828%" x2="57.636%" y1="7.652%" y2="78.411%"><stop offset="0%" stop-color="#41D1FF"></stop><stop offset="100%" stop-color="#BD34FE"></stop></linearGradient><linearGradient id="IconifyId1813088fe1fbc01fb467" x1="43.376%" x2="50.316%" y1="2.242%" y2="89.03%"><stop offset="0%" stop-color="#FFEA83"></stop><stop offset="8.333%" stop-color="#FFDD35"></stop><stop offset="100%" stop-color="#FFA800"></stop></linearGradient></defs><path fill="url(#IconifyId1813088fe1fbc01fb466)" d="M255.153 37.938L134.897 252.976c-2.483 4.44-8.862 4.466-11.382.048L.875 37.958c-2.746-4.814 1.371-10.646 6.827-9.67l120.385 21.517a6.537 6.537 0 0 0 2.322-.004l117.867-21.483c5.438-.991 9.574 4.796 6.877 9.62Z"></path><path fill="url(#IconifyId1813088fe1fbc01fb467)" d="M185.432.063L96.44 17.501a3.268 3.268 0 0 0-2.634 3.014l-5.474 92.456a3.268 3.268 0 0 0 3.997 3.378l24.777-5.718c2.318-.535 4.413 1.507 3.936 3.838l-7.361 36.047c-.495 2.426 1.782 4.5 4.151 3.78l15.304-4.649c2.372-.72 4.652 1.36 4.15 3.788l-11.698 56.621c-.732 3.542 3.979 5.473 5.943 2.437l1.313-2.028l72.516-144.72c1.215-2.423-.88-5.186-3.54-4.672l-25.505 4.922c-2.396.462-4.435-1.77-3.759-4.114l16.646-57.705c.677-2.35-1.37-4.583-3.769-4.113Z"></path></svg>


--------------------------------------------------------------------------------
/frontend/src/components/PasswordStrengthMeter.jsx:
--------------------------------------------------------------------------------
 1 | import { Check, X } from "lucide-react";
 2 | 
 3 | const PasswordCriteria = ({ password }) => {
 4 | 	const criteria = [
 5 | 		{ label: "At least 6 characters", met: password.length >= 6 },
 6 | 		{ label: "Contains uppercase letter", met: /[A-Z]/.test(password) },
 7 | 		{ label: "Contains lowercase letter", met: /[a-z]/.test(password) },
 8 | 		{ label: "Contains a number", met: /\d/.test(password) },
 9 | 		{ label: "Contains special character", met: /[^A-Za-z0-9]/.test(password) },
10 | 	];
11 | 
12 | 	return (
13 | 		<div className='mt-2 space-y-1'>
14 | 			{criteria.map((item) => (
15 | 				<div key={item.label} className='flex items-center text-xs'>
16 | 					{item.met ? (
17 | 						<Check className='size-4 text-green-500 mr-2' />
18 | 					) : (
19 | 						<X className='size-4 text-gray-500 mr-2' />
20 | 					)}
21 | 					<span className={item.met ? "text-green-500" : "text-gray-400"}>{item.label}</span>
22 | 				</div>
23 | 			))}
24 | 		</div>
25 | 	);
26 | };
27 | 
28 | const PasswordStrengthMeter = ({ password }) => {
29 | 	const getStrength = (pass) => {
30 | 		let strength = 0;
31 | 		if (pass.length >= 6) strength++;
32 | 		if (pass.match(/[a-z]/) && pass.match(/[A-Z]/)) strength++;
33 | 		if (pass.match(/\d/)) strength++;
34 | 		if (pass.match(/[^a-zA-Z\d]/)) strength++;
35 | 		return strength;
36 | 	};
37 | 	const strength = getStrength(password);
38 | 
39 | 	const getColor = (strength) => {
40 | 		if (strength === 0) return "bg-red-500";
41 | 		if (strength === 1) return "bg-red-400";
42 | 		if (strength === 2) return "bg-yellow-500";
43 | 		if (strength === 3) return "bg-yellow-400";
44 | 		return "bg-green-500";
45 | 	};
46 | 
47 | 	const getStrengthText = (strength) => {
48 | 		if (strength === 0) return "Very Weak";
49 | 		if (strength === 1) return "Weak";
50 | 		if (strength === 2) return "Fair";
51 | 		if (strength === 3) return "Good";
52 | 		return "Strong";
53 | 	};
54 | 
55 | 	return (
56 | 		<div className='mt-2'>
57 | 			<div className='flex justify-between items-center mb-1'>
58 | 				<span className='text-xs text-gray-400'>Password strength</span>
59 | 				<span className='text-xs text-gray-400'>{getStrengthText(strength)}</span>
60 | 			</div>
61 | 
62 | 			<div className='flex space-x-1'>
63 | 				{[...Array(4)].map((_, index) => (
64 | 					<div
65 | 						key={index}
66 | 						className={`h-1 w-1/4 rounded-full transition-colors duration-300 
67 |                 ${index < strength ? getColor(strength) : "bg-gray-600"}
68 |               `}
69 | 					/>
70 | 				))}
71 | 			</div>
72 | 			<PasswordCriteria password={password} />
73 | 		</div>
74 | 	);
75 | };
76 | export default PasswordStrengthMeter;
77 | 


--------------------------------------------------------------------------------
/backend/mailtrap/emails.js:
--------------------------------------------------------------------------------
 1 | import {
 2 | 	VERIFICATION_EMAIL_TEMPLATE,
 3 | 	PASSWORD_RESET_REQUEST_TEMPLATE,
 4 | 	PASSWORD_RESET_SUCCESS_TEMPLATE,
 5 | } from "./emailTemplates.js";
 6 | import { mailtrapClient, sender } from "./mailtrap.config.js";
 7 | 
 8 | export const sendVerificationEmail = async (email, verificationToken) => {
 9 | 	const recipient = [{ email }];
10 | 
11 | 	try {
12 | 		const response = await mailtrapClient.send({
13 | 			from: sender,
14 | 			to: recipient,
15 | 			subject: "Verify your email",
16 | 			html: VERIFICATION_EMAIL_TEMPLATE.replace("{verificationCode}", verificationToken),
17 | 			category: "Email Verification",
18 | 		});
19 | 
20 | 		console.log("Email sent successfully", response);
21 | 	} catch (error) {
22 | 		console.error(`Error sending verification`, error);
23 | 
24 | 		throw new Error(`Error sending verification email: ${error}`);
25 | 	}
26 | };
27 | 
28 | 
29 | 
30 | export const sendWelcomeEmail = async (email, name) => {
31 | 	const recipient = [{ email }];
32 | 
33 | 	try {
34 | 		const response = await mailtrapClient.send({
35 | 			from: sender,
36 | 			to: recipient,
37 | 			template_uuid: "229389ee-a527-4855-994d-2255c0a3b482",
38 | 			template_variables: {
39 | 				company_info_name: "Auth Company",
40 | 				name: name,
41 | 			},
42 | 		});
43 | 
44 | 		console.log("Welcome email sent successfully", response);
45 | 	} catch (error) {
46 | 		console.error(`Error sending welcome email`, error);
47 | 
48 | 		throw new Error(`Error sending welcome email: ${error}`);
49 | 	}
50 | };
51 | 
52 | 
53 | 
54 | export const sendPasswordResetEmail = async (email, resetURL) => {
55 | 	const recipient = [{ email }];
56 | 
57 | 	try {
58 | 		const response = await mailtrapClient.send({
59 | 			from: sender,
60 | 			to: recipient,
61 | 			subject: "Reset your password",
62 | 			html: PASSWORD_RESET_REQUEST_TEMPLATE.replace("{resetURL}", resetURL),
63 | 			category: "Password Reset",
64 | 		});
65 | 	} catch (error) {
66 | 		console.error(`Error sending password reset email`, error);
67 | 
68 | 		throw new Error(`Error sending password reset email: ${error}`);
69 | 	}
70 | };
71 | 
72 | 
73 | export const sendResetSuccessEmail = async (email) => {
74 | 	const recipient = [{ email }];
75 | 
76 | 	try {
77 | 		const response = await mailtrapClient.send({
78 | 			from: sender,
79 | 			to: recipient,
80 | 			subject: "Password Reset Successful",
81 | 			html: PASSWORD_RESET_SUCCESS_TEMPLATE,
82 | 			category: "Password Reset",
83 | 		});
84 | 
85 | 		console.log("Password reset email sent successfully", response);
86 | 	} catch (error) {
87 | 		console.error(`Error sending password reset success email`, error);
88 | 
89 | 		throw new Error(`Error sending password reset success email: ${error}`);
90 | 	}
91 | };


--------------------------------------------------------------------------------
/frontend/src/pages/LoginPage.jsx:
--------------------------------------------------------------------------------
 1 | import { useState } from "react";
 2 | import { motion } from "framer-motion";
 3 | import { Mail, Lock, Loader } from "lucide-react";
 4 | import { Link } from "react-router-dom";
 5 | import Input from "../components/Input";
 6 | import { useAuthStore } from "../store/authStore";
 7 | 
 8 | const LoginPage = () => {
 9 | 	const [email, setEmail] = useState("");
10 | 	const [password, setPassword] = useState("");
11 | 
12 | 	const { login, isLoading, error } = useAuthStore();
13 | 
14 | 	const handleLogin = async (e) => {
15 | 		e.preventDefault();
16 | 		await login(email, password);
17 | 	};
18 | 
19 | 	return (
20 | 		<motion.div
21 | 			initial={{ opacity: 0, y: 20 }}
22 | 			animate={{ opacity: 1, y: 0 }}
23 | 			transition={{ duration: 0.5 }}
24 | 			className='max-w-md w-full bg-gray-800 bg-opacity-50 backdrop-filter backdrop-blur-xl rounded-2xl shadow-xl overflow-hidden'
25 | 		>
26 | 			<div className='p-8'>
27 | 				<h2 className='text-3xl font-bold mb-6 text-center bg-gradient-to-r from-green-400 to-emerald-500 text-transparent bg-clip-text'>
28 | 					Welcome Back
29 | 				</h2>
30 | 
31 | 				<form onSubmit={handleLogin}>
32 | 					<Input
33 | 						icon={Mail}
34 | 						type='email'
35 | 						placeholder='Email Address'
36 | 						value={email}
37 | 						onChange={(e) => setEmail(e.target.value)}
38 | 					/>
39 | 
40 | 					<Input
41 | 						icon={Lock}
42 | 						type='password'
43 | 						placeholder='Password'
44 | 						value={password}
45 | 						onChange={(e) => setPassword(e.target.value)}
46 | 					/>
47 | 
48 | 					<div className='flex items-center mb-6'>
49 | 						<Link to='/forgot-password' className='text-sm text-green-400 hover:underline'>
50 | 							Forgot password?
51 | 						</Link>
52 | 					</div>
53 | 					{error && <p className='text-red-500 font-semibold mb-2'>{error}</p>}
54 | 
55 | 					<motion.button
56 | 						whileHover={{ scale: 1.02 }}
57 | 						whileTap={{ scale: 0.98 }}
58 | 						className='w-full py-3 px-4 bg-gradient-to-r from-green-500 to-emerald-600 text-white font-bold rounded-lg shadow-lg hover:from-green-600 hover:to-emerald-700 focus:outline-none focus:ring-2 focus:ring-green-500 focus:ring-offset-2 focus:ring-offset-gray-900 transition duration-200'
59 | 						type='submit'
60 | 						disabled={isLoading}
61 | 					>
62 | 						{isLoading ? <Loader className='w-6 h-6 animate-spin  mx-auto' /> : "Login"}
63 | 					</motion.button>
64 | 				</form>
65 | 			</div>
66 | 			<div className='px-8 py-4 bg-gray-900 bg-opacity-50 flex justify-center'>
67 | 				<p className='text-sm text-gray-400'>
68 | 					Don't have an account?{" "}
69 | 					<Link to='/signup' className='text-green-400 hover:underline'>
70 | 						Sign up
71 | 					</Link>
72 | 				</p>
73 | 			</div>
74 | 		</motion.div>
75 | 	);
76 | };
77 | export default LoginPage;
78 | 


--------------------------------------------------------------------------------
/frontend/src/pages/DashboardPage.jsx:
--------------------------------------------------------------------------------
 1 | import { motion } from "framer-motion";
 2 | import { useAuthStore } from "../store/authStore";
 3 | import { formatDate } from "../utils/date";
 4 | 
 5 | const DashboardPage = () => {
 6 | 	const { user, logout } = useAuthStore();
 7 | 
 8 | 	const handleLogout = () => {
 9 | 		logout();
10 | 	};
11 | 	return (
12 | 		<motion.div
13 | 			initial={{ opacity: 0, scale: 0.9 }}
14 | 			animate={{ opacity: 1, scale: 1 }}
15 | 			exit={{ opacity: 0, scale: 0.9 }}
16 | 			transition={{ duration: 0.5 }}
17 | 			className='max-w-md w-full mx-auto mt-10 p-8 bg-gray-900 bg-opacity-80 backdrop-filter backdrop-blur-lg rounded-xl shadow-2xl border border-gray-800'
18 | 		>
19 | 			<h2 className='text-3xl font-bold mb-6 text-center bg-gradient-to-r from-green-400 to-emerald-600 text-transparent bg-clip-text'>
20 | 				Dashboard
21 | 			</h2>
22 | 
23 | 			<div className='space-y-6'>
24 | 				<motion.div
25 | 					className='p-4 bg-gray-800 bg-opacity-50 rounded-lg border border-gray-700'
26 | 					initial={{ opacity: 0, y: 20 }}
27 | 					animate={{ opacity: 1, y: 0 }}
28 | 					transition={{ delay: 0.2 }}
29 | 				>
30 | 					<h3 className='text-xl font-semibold text-green-400 mb-3'>Profile Information</h3>
31 | 					<p className='text-gray-300'>Name: {user.name}</p>
32 | 					<p className='text-gray-300'>Email: {user.email}</p>
33 | 				</motion.div>
34 | 				<motion.div
35 | 					className='p-4 bg-gray-800 bg-opacity-50 rounded-lg border border-gray-700'
36 | 					initial={{ opacity: 0, y: 20 }}
37 | 					animate={{ opacity: 1, y: 0 }}
38 | 					transition={{ delay: 0.4 }}
39 | 				>
40 | 					<h3 className='text-xl font-semibold text-green-400 mb-3'>Account Activity</h3>
41 | 					<p className='text-gray-300'>
42 | 						<span className='font-bold'>Joined: </span>
43 | 						{new Date(user.createdAt).toLocaleDateString("en-US", {
44 | 							year: "numeric",
45 | 							month: "long",
46 | 							day: "numeric",
47 | 						})}
48 | 					</p>
49 | 					<p className='text-gray-300'>
50 | 						<span className='font-bold'>Last Login: </span>
51 | 
52 | 						{formatDate(user.lastLogin)}
53 | 					</p>
54 | 				</motion.div>
55 | 			</div>
56 | 
57 | 			<motion.div
58 | 				initial={{ opacity: 0, y: 20 }}
59 | 				animate={{ opacity: 1, y: 0 }}
60 | 				transition={{ delay: 0.6 }}
61 | 				className='mt-4'
62 | 			>
63 | 				<motion.button
64 | 					whileHover={{ scale: 1.05 }}
65 | 					whileTap={{ scale: 0.95 }}
66 | 					onClick={handleLogout}
67 | 					className='w-full py-3 px-4 bg-gradient-to-r from-green-500 to-emerald-600 text-white 
68 | 				font-bold rounded-lg shadow-lg hover:from-green-600 hover:to-emerald-700
69 | 				 focus:outline-none focus:ring-2 focus:ring-green-500 focus:ring-offset-2 focus:ring-offset-gray-900'
70 | 				>
71 | 					Logout
72 | 				</motion.button>
73 | 			</motion.div>
74 | 		</motion.div>
75 | 	);
76 | };
77 | export default DashboardPage;
78 | 


--------------------------------------------------------------------------------
/frontend/src/pages/ResetPasswordPage.jsx:
--------------------------------------------------------------------------------
 1 | import { useState } from "react";
 2 | import { motion } from "framer-motion";
 3 | import { useAuthStore } from "../store/authStore";
 4 | import { useNavigate, useParams } from "react-router-dom";
 5 | import Input from "../components/Input";
 6 | import { Lock } from "lucide-react";
 7 | import toast from "react-hot-toast";
 8 | 
 9 | const ResetPasswordPage = () => {
10 | 	const [password, setPassword] = useState("");
11 | 	const [confirmPassword, setConfirmPassword] = useState("");
12 | 	const { resetPassword, error, isLoading, message } = useAuthStore();
13 | 
14 | 	const { token } = useParams();
15 | 	const navigate = useNavigate();
16 | 
17 | 	const handleSubmit = async (e) => {
18 | 		e.preventDefault();
19 | 
20 | 		if (password !== confirmPassword) {
21 | 			alert("Passwords do not match");
22 | 			return;
23 | 		}
24 | 		try {
25 | 			await resetPassword(token, password);
26 | 
27 | 			toast.success("Password reset successfully, redirecting to login page...");
28 | 			setTimeout(() => {
29 | 				navigate("/login");
30 | 			}, 2000);
31 | 		} catch (error) {
32 | 			console.error(error);
33 | 			toast.error(error.message || "Error resetting password");
34 | 		}
35 | 	};
36 | 
37 | 	return (
38 | 		<motion.div
39 | 			initial={{ opacity: 0, y: 20 }}
40 | 			animate={{ opacity: 1, y: 0 }}
41 | 			transition={{ duration: 0.5 }}
42 | 			className='max-w-md w-full bg-gray-800 bg-opacity-50 backdrop-filter backdrop-blur-xl rounded-2xl shadow-xl overflow-hidden'
43 | 		>
44 | 			<div className='p-8'>
45 | 				<h2 className='text-3xl font-bold mb-6 text-center bg-gradient-to-r from-green-400 to-emerald-500 text-transparent bg-clip-text'>
46 | 					Reset Password
47 | 				</h2>
48 | 				{error && <p className='text-red-500 text-sm mb-4'>{error}</p>}
49 | 				{message && <p className='text-green-500 text-sm mb-4'>{message}</p>}
50 | 
51 | 				<form onSubmit={handleSubmit}>
52 | 					<Input
53 | 						icon={Lock}
54 | 						type='password'
55 | 						placeholder='New Password'
56 | 						value={password}
57 | 						onChange={(e) => setPassword(e.target.value)}
58 | 						required
59 | 					/>
60 | 
61 | 					<Input
62 | 						icon={Lock}
63 | 						type='password'
64 | 						placeholder='Confirm New Password'
65 | 						value={confirmPassword}
66 | 						onChange={(e) => setConfirmPassword(e.target.value)}
67 | 						required
68 | 					/>
69 | 
70 | 					<motion.button
71 | 						whileHover={{ scale: 1.02 }}
72 | 						whileTap={{ scale: 0.98 }}
73 | 						className='w-full py-3 px-4 bg-gradient-to-r from-green-500 to-emerald-600 text-white font-bold rounded-lg shadow-lg hover:from-green-600 hover:to-emerald-700 focus:outline-none focus:ring-2 focus:ring-green-500 focus:ring-offset-2 focus:ring-offset-gray-900 transition duration-200'
74 | 						type='submit'
75 | 						disabled={isLoading}
76 | 					>
77 | 						{isLoading ? "Resetting..." : "Set New Password"}
78 | 					</motion.button>
79 | 				</form>
80 | 			</div>
81 | 		</motion.div>
82 | 	);
83 | };
84 | export default ResetPasswordPage;
85 | 


--------------------------------------------------------------------------------
/frontend/src/pages/ForgotPasswordPage.jsx:
--------------------------------------------------------------------------------
 1 | import { motion } from "framer-motion";
 2 | import { useState } from "react";
 3 | import { useAuthStore } from "../store/authStore";
 4 | import Input from "../components/Input";
 5 | import { ArrowLeft, Loader, Mail } from "lucide-react";
 6 | import { Link } from "react-router-dom";
 7 | 
 8 | const ForgotPasswordPage = () => {
 9 | 	const [email, setEmail] = useState("");
10 | 	const [isSubmitted, setIsSubmitted] = useState(false);
11 | 
12 | 	const { isLoading, forgotPassword } = useAuthStore();
13 | 
14 | 	const handleSubmit = async (e) => {
15 | 		e.preventDefault();
16 | 		await forgotPassword(email);
17 | 		setIsSubmitted(true);
18 | 	};
19 | 
20 | 	return (
21 | 		<motion.div
22 | 			initial={{ opacity: 0, y: 20 }}
23 | 			animate={{ opacity: 1, y: 0 }}
24 | 			transition={{ duration: 0.5 }}
25 | 			className='max-w-md w-full bg-gray-800 bg-opacity-50 backdrop-filter backdrop-blur-xl rounded-2xl shadow-xl overflow-hidden'
26 | 		>
27 | 			<div className='p-8'>
28 | 				<h2 className='text-3xl font-bold mb-6 text-center bg-gradient-to-r from-green-400 to-emerald-500 text-transparent bg-clip-text'>
29 | 					Forgot Password
30 | 				</h2>
31 | 
32 | 				{!isSubmitted ? (
33 | 					<form onSubmit={handleSubmit}>
34 | 						<p className='text-gray-300 mb-6 text-center'>
35 | 							Enter your email address and we'll send you a link to reset your password.
36 | 						</p>
37 | 						<Input
38 | 							icon={Mail}
39 | 							type='email'
40 | 							placeholder='Email Address'
41 | 							value={email}
42 | 							onChange={(e) => setEmail(e.target.value)}
43 | 							required
44 | 						/>
45 | 						<motion.button
46 | 							whileHover={{ scale: 1.02 }}
47 | 							whileTap={{ scale: 0.98 }}
48 | 							className='w-full py-3 px-4 bg-gradient-to-r from-green-500 to-emerald-600 text-white font-bold rounded-lg shadow-lg hover:from-green-600 hover:to-emerald-700 focus:outline-none focus:ring-2 focus:ring-green-500 focus:ring-offset-2 focus:ring-offset-gray-900 transition duration-200'
49 | 							type='submit'
50 | 						>
51 | 							{isLoading ? <Loader className='size-6 animate-spin mx-auto' /> : "Send Reset Link"}
52 | 						</motion.button>
53 | 					</form>
54 | 				) : (
55 | 					<div className='text-center'>
56 | 						<motion.div
57 | 							initial={{ scale: 0 }}
58 | 							animate={{ scale: 1 }}
59 | 							transition={{ type: "spring", stiffness: 500, damping: 30 }}
60 | 							className='w-16 h-16 bg-green-500 rounded-full flex items-center justify-center mx-auto mb-4'
61 | 						>
62 | 							<Mail className='h-8 w-8 text-white' />
63 | 						</motion.div>
64 | 						<p className='text-gray-300 mb-6'>
65 | 							If an account exists for {email}, you will receive a password reset link shortly.
66 | 						</p>
67 | 					</div>
68 | 				)}
69 | 			</div>
70 | 
71 | 			<div className='px-8 py-4 bg-gray-900 bg-opacity-50 flex justify-center'>
72 | 				<Link to={"/login"} className='text-sm text-green-400 hover:underline flex items-center'>
73 | 					<ArrowLeft className='h-4 w-4 mr-2' /> Back to Login
74 | 				</Link>
75 | 			</div>
76 | 		</motion.div>
77 | 	);
78 | };
79 | export default ForgotPasswordPage;
80 | 


--------------------------------------------------------------------------------
/frontend/src/pages/SignUpPage.jsx:
--------------------------------------------------------------------------------
 1 | import { motion } from "framer-motion";
 2 | import Input from "../components/Input";
 3 | import { Loader, Lock, Mail, User } from "lucide-react";
 4 | import { useState } from "react";
 5 | import { Link, useNavigate } from "react-router-dom";
 6 | import PasswordStrengthMeter from "../components/PasswordStrengthMeter";
 7 | import { useAuthStore } from "../store/authStore";
 8 | 
 9 | const SignUpPage = () => {
10 | 	const [name, setName] = useState("");
11 | 	const [email, setEmail] = useState("");
12 | 	const [password, setPassword] = useState("");
13 | 	const navigate = useNavigate();
14 | 
15 | 	const { signup, error, isLoading } = useAuthStore();
16 | 
17 | 	const handleSignUp = async (e) => {
18 | 		e.preventDefault();
19 | 
20 | 		try {
21 | 			await signup(email, password, name);
22 | 			navigate("/verify-email");
23 | 		} catch (error) {
24 | 			console.log(error);
25 | 		}
26 | 	};
27 | 	return (
28 | 		<motion.div
29 | 			initial={{ opacity: 0, y: 20 }}
30 | 			animate={{ opacity: 1, y: 0 }}
31 | 			transition={{ duration: 0.5 }}
32 | 			className='max-w-md w-full bg-gray-800 bg-opacity-50 backdrop-filter backdrop-blur-xl rounded-2xl shadow-xl 
33 | 			overflow-hidden'
34 | 		>
35 | 			<div className='p-8'>
36 | 				<h2 className='text-3xl font-bold mb-6 text-center bg-gradient-to-r from-green-400 to-emerald-500 text-transparent bg-clip-text'>
37 | 					Create Account
38 | 				</h2>
39 | 
40 | 				<form onSubmit={handleSignUp}>
41 | 					<Input
42 | 						icon={User}
43 | 						type='text'
44 | 						placeholder='Full Name'
45 | 						value={name}
46 | 						onChange={(e) => setName(e.target.value)}
47 | 					/>
48 | 					<Input
49 | 						icon={Mail}
50 | 						type='email'
51 | 						placeholder='Email Address'
52 | 						value={email}
53 | 						onChange={(e) => setEmail(e.target.value)}
54 | 					/>
55 | 					<Input
56 | 						icon={Lock}
57 | 						type='password'
58 | 						placeholder='Password'
59 | 						value={password}
60 | 						onChange={(e) => setPassword(e.target.value)}
61 | 					/>
62 | 					{error && <p className='text-red-500 font-semibold mt-2'>{error}</p>}
63 | 					<PasswordStrengthMeter password={password} />
64 | 
65 | 					<motion.button
66 | 						className='mt-5 w-full py-3 px-4 bg-gradient-to-r from-green-500 to-emerald-600 text-white 
67 | 						font-bold rounded-lg shadow-lg hover:from-green-600
68 | 						hover:to-emerald-700 focus:outline-none focus:ring-2 focus:ring-green-500 focus:ring-offset-2
69 | 						 focus:ring-offset-gray-900 transition duration-200'
70 | 						whileHover={{ scale: 1.02 }}
71 | 						whileTap={{ scale: 0.98 }}
72 | 						type='submit'
73 | 						disabled={isLoading}
74 | 					>
75 | 						{isLoading ? <Loader className=' animate-spin mx-auto' size={24} /> : "Sign Up"}
76 | 					</motion.button>
77 | 				</form>
78 | 			</div>
79 | 			<div className='px-8 py-4 bg-gray-900 bg-opacity-50 flex justify-center'>
80 | 				<p className='text-sm text-gray-400'>
81 | 					Already have an account?{" "}
82 | 					<Link to={"/login"} className='text-green-400 hover:underline'>
83 | 						Login
84 | 					</Link>
85 | 				</p>
86 | 			</div>
87 | 		</motion.div>
88 | 	);
89 | };
90 | export default SignUpPage;
91 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | # Advanced Authentication with MERN Stack
  2 | 
  3 | This project is an advanced authentication system built using the MERN (MongoDB, Express, React, Node.js) stack. It includes features like email verification, secure password hashing, and token-based authentication.
  4 | 
  5 | ## Project Structure
  6 | 
  7 | The project is organized as follows:
  8 | 
  9 | - **Root**: Contains the main `package.json` file and links to both the backend and frontend folders.
 10 | - **backend**: Contains the server-side code, including API endpoints, database models, and authentication logic.
 11 | - **frontend**: Contains the client-side code, built with React, for user interaction and UI.
 12 | 
 13 | ## Features
 14 | 
 15 | - User registration and login
 16 | - Email verification using Mailtrap
 17 | - Secure password hashing with bcrypt
 18 | - Token-based authentication with JSON Web Tokens (JWT)
 19 | - Protected routes for authenticated users
 20 | - Responsive and user-friendly UI
 21 | 
 22 | ## Technologies Used
 23 | 
 24 | - **Frontend**: React, Axios, Bootstrap/Material-UI (optional)
 25 | - **Backend**: Node.js, Express.js, MongoDB, Mongoose
 26 | - **Authentication**: JWT, bcrypt
 27 | - **Email Service**: Mailtrap
 28 | 
 29 | ## Prerequisites
 30 | 
 31 | - Node.js and npm installed
 32 | - MongoDB installed and running
 33 | - Mailtrap account for email testing
 34 | 
 35 | ## Installation
 36 | 
 37 | 1. Clone the repository:
 38 |    ```bash
 39 |    git clone https://github.com/arafatDU/mern-advanced-auth.git
 40 |    cd mern-advanced-auth
 41 |    ```
 42 | 
 43 | 2. Install dependencies for the root project:
 44 |    ```bash
 45 |    npm install
 46 |    ```
 47 | 
 48 | 3. Install dependencies for both backend and frontend:
 49 |    ```bash
 50 |    cd backend
 51 |    npm install
 52 |    cd ../frontend
 53 |    npm install
 54 |    ```
 55 | 
 56 | 4. Configure environment variables:
 57 |    - Create a `.env` file in the `backend` folder with the following:
 58 |      ```env
 59 |      MONGO_URI=your_mongodb_connection_string
 60 |      JWT_SECRET=your_jwt_secret
 61 |      MAILTRAP_USER=your_mailtrap_username
 62 |      MAILTRAP_PASS=your_mailtrap_password
 63 |      ```
 64 | 
 65 | 5. Start the development server:
 66 |    ```bash
 67 |    npm run dev
 68 |    ```
 69 |    This will start the backend server located at `backend/index.js`.
 70 | 
 71 | ## Usage
 72 | 
 73 | 1. Register a new user.
 74 | 2. Check your Mailtrap inbox for the verification email.
 75 | 3. Verify your email to activate your account.
 76 | 4. Log in to access protected routes.
 77 | 
 78 | ## Folder Structure
 79 | 
 80 | ```
 81 | mern-advanced-auth/
 82 | ├── backend/
 83 | │   ├── controllers/
 84 | │   ├── db/
 85 | │   ├── routes/
 86 | │   ├── index.js
 87 | │   └── ...
 88 | ├── frontend/
 89 | │   ├── src/
 90 | │   │   ├── components/
 91 | │   │   ├── pages/
 92 | │   │   ├── utils/
 93 | │   │   └── App.js
 94 | ├── package.json
 95 | └── README.md
 96 | ```
 97 | 
 98 | ## License
 99 | 
100 | This project is licensed under the [MIT License](LICENSE).
101 | 
102 | ## Acknowledgments
103 | 
104 | - [Mailtrap](https://mailtrap.io/) for email testing
105 | - [MERN Stack Documentation](https://www.mongodb.com/mern-stack)
106 | 
107 | Feel free to contribute to this project by submitting issues or pull requests!


--------------------------------------------------------------------------------
/frontend/src/store/authStore.js:
--------------------------------------------------------------------------------
 1 | import { create } from "zustand";
 2 | import axios from "axios";
 3 | 
 4 | const API_URL = import.meta.env.MODE === "development" ? "http://localhost:5000/api/auth" : "/api/auth";
 5 | 
 6 | axios.defaults.withCredentials = true;
 7 | 
 8 | export const useAuthStore = create((set) => ({
 9 | 	user: null,
10 | 	isAuthenticated: false,
11 | 	error: null,
12 | 	isLoading: false,
13 | 	isCheckingAuth: true,
14 | 	message: null,
15 | 
16 | 	signup: async (email, password, name) => {
17 | 		set({ isLoading: true, error: null });
18 | 		try {
19 | 			const response = await axios.post(`${API_URL}/signup`, { email, password, name });
20 | 			set({ user: response.data.user, isAuthenticated: true, isLoading: false });
21 | 		} catch (error) {
22 | 			set({ error: error.response.data.message || "Error signing up", isLoading: false });
23 | 			throw error;
24 | 		}
25 | 	},
26 | 	login: async (email, password) => {
27 | 		set({ isLoading: true, error: null });
28 | 		try {
29 | 			const response = await axios.post(`${API_URL}/login`, { email, password });
30 | 			set({
31 | 				isAuthenticated: true,
32 | 				user: response.data.user,
33 | 				error: null,
34 | 				isLoading: false,
35 | 			});
36 | 		} catch (error) {
37 | 			set({ error: error.response?.data?.message || "Error logging in", isLoading: false });
38 | 			throw error;
39 | 		}
40 | 	},
41 | 
42 | 	logout: async () => {
43 | 		set({ isLoading: true, error: null });
44 | 		try {
45 | 			await axios.post(`${API_URL}/logout`);
46 | 			set({ user: null, isAuthenticated: false, error: null, isLoading: false });
47 | 		} catch (error) {
48 | 			set({ error: "Error logging out", isLoading: false });
49 | 			throw error;
50 | 		}
51 | 	},
52 | 	verifyEmail: async (code) => {
53 | 		set({ isLoading: true, error: null });
54 | 		try {
55 | 			const response = await axios.post(`${API_URL}/verify-email`, { code });
56 | 			set({ user: response.data.user, isAuthenticated: true, isLoading: false });
57 | 			return response.data;
58 | 		} catch (error) {
59 | 			set({ error: error.response.data.message || "Error verifying email", isLoading: false });
60 | 			throw error;
61 | 		}
62 | 	},
63 | 	checkAuth: async () => {
64 | 		set({ isCheckingAuth: true, error: null });
65 | 		try {
66 | 			const response = await axios.get(`${API_URL}/check-auth`);
67 | 			set({ user: response.data.user, isAuthenticated: true, isCheckingAuth: false });
68 | 		} catch (error) {
69 | 			set({ error: null, isCheckingAuth: false, isAuthenticated: false });
70 | 		}
71 | 	},
72 | 	forgotPassword: async (email) => {
73 | 		set({ isLoading: true, error: null });
74 | 		try {
75 | 			const response = await axios.post(`${API_URL}/forgot-password`, { email });
76 | 			set({ message: response.data.message, isLoading: false });
77 | 		} catch (error) {
78 | 			set({
79 | 				isLoading: false,
80 | 				error: error.response.data.message || "Error sending reset password email",
81 | 			});
82 | 			throw error;
83 | 		}
84 | 	},
85 | 	resetPassword: async (token, password) => {
86 | 		set({ isLoading: true, error: null });
87 | 		try {
88 | 			const response = await axios.post(`${API_URL}/reset-password/${token}`, { password });
89 | 			set({ message: response.data.message, isLoading: false });
90 | 		} catch (error) {
91 | 			set({
92 | 				isLoading: false,
93 | 				error: error.response.data.message || "Error resetting password",
94 | 			});
95 | 			throw error;
96 | 		}
97 | 	},
98 | }));
99 | 


--------------------------------------------------------------------------------
/frontend/src/App.jsx:
--------------------------------------------------------------------------------
  1 | import { Navigate, Route, Routes } from "react-router-dom";
  2 | import FloatingShape from "./components/FloatingShape";
  3 | 
  4 | import SignUpPage from "./pages/SignUpPage";
  5 | import LoginPage from "./pages/LoginPage";
  6 | import DashboardPage from "./pages/DashboardPage";
  7 | 
  8 | import LoadingSpinner from "./components/LoadingSpinner";
  9 | 
 10 | import { Toaster } from "react-hot-toast";
 11 | import { useAuthStore } from "./store/authStore";
 12 | import { useEffect } from "react";
 13 | import EmailVerificationPage from "./pages/EmailVerificationPage";
 14 | import ForgotPasswordPage from "./pages/ForgotPasswordPage";
 15 | import ResetPasswordPage from "./pages/ResetPasswordPage";
 16 | 
 17 | // protect routes that require authentication
 18 | const ProtectedRoute = ({ children }) => {
 19 | 	const { isAuthenticated, user } = useAuthStore();
 20 | 
 21 | 	if (!isAuthenticated) {
 22 | 		return <Navigate to='/login' replace />;
 23 | 	}
 24 | 
 25 | 	if (!user.isVerified) {
 26 | 		return <Navigate to='/verify-email' replace />;
 27 | 	}
 28 | 
 29 | 	return children;
 30 | };
 31 | 
 32 | // redirect authenticated users to the home page
 33 | const RedirectAuthenticatedUser = ({ children }) => {
 34 | 	const { isAuthenticated, user } = useAuthStore();
 35 | 
 36 | 	if (isAuthenticated && user.isVerified) {
 37 | 		return <Navigate to='/' replace />;
 38 | 	}
 39 | 
 40 | 	return children;
 41 | };
 42 | 
 43 | function App() {
 44 | 	const { isCheckingAuth, checkAuth } = useAuthStore();
 45 | 
 46 | 	useEffect(() => {
 47 | 		checkAuth();
 48 | 	}, [checkAuth]);
 49 | 
 50 | 	if (isCheckingAuth) return <LoadingSpinner />;
 51 | 
 52 | 	return (
 53 | 		<div
 54 | 			className='min-h-screen bg-gradient-to-br
 55 |     from-gray-900 via-green-900 to-emerald-900 flex items-center justify-center relative overflow-hidden'
 56 | 		>
 57 | 
 58 | 			<FloatingShape color='bg-green-500' size='w-64 h-64' top='-5%' left='10%' delay={0} />
 59 | 			<FloatingShape color='bg-emerald-500' size='w-48 h-48' top='70%' left='80%' delay={5} />
 60 | 			<FloatingShape color='bg-lime-500' size='w-32 h-32' top='40%' left='-10%' delay={2} />
 61 | 			
 62 | 			<Routes>
 63 | 				<Route
 64 | 					path='/'
 65 | 					element={
 66 | 						<ProtectedRoute>
 67 | 							<DashboardPage />
 68 | 						</ProtectedRoute>
 69 | 					}
 70 | 				/>
 71 | 				<Route
 72 | 					path='/signup'
 73 | 					element={
 74 | 						<RedirectAuthenticatedUser>
 75 | 							<SignUpPage />
 76 | 						</RedirectAuthenticatedUser>
 77 | 					}
 78 | 				/>
 79 | 				<Route
 80 | 					path='/login'
 81 | 					element={
 82 | 						<RedirectAuthenticatedUser>
 83 | 							<LoginPage />
 84 | 						</RedirectAuthenticatedUser>
 85 | 					}
 86 | 				/>
 87 | 				<Route path='/verify-email' element={<EmailVerificationPage />} />
 88 | 				<Route
 89 | 					path='/forgot-password'
 90 | 					element={
 91 | 						<RedirectAuthenticatedUser>
 92 | 							<ForgotPasswordPage />
 93 | 						</RedirectAuthenticatedUser>
 94 | 					}
 95 | 				/>
 96 | 
 97 | 				<Route
 98 | 					path='/reset-password/:token'
 99 | 					element={
100 | 						<RedirectAuthenticatedUser>
101 | 							<ResetPasswordPage />
102 | 						</RedirectAuthenticatedUser>
103 | 					}
104 | 				/>
105 | 
106 | 				{/* catch all routes */}
107 | 				<Route path='*' element={<Navigate to='/' replace />} />
108 | 			</Routes>
109 | 			<Toaster />
110 | 		</div>
111 | 	);
112 | }
113 | 
114 | export default App;
115 | 


--------------------------------------------------------------------------------
/frontend/src/pages/EmailVerificationPage.jsx:
--------------------------------------------------------------------------------
  1 | import { useEffect, useRef, useState } from "react";
  2 | import { useNavigate } from "react-router-dom";
  3 | import { motion } from "framer-motion";
  4 | import { useAuthStore } from "../store/authStore";
  5 | import toast from "react-hot-toast";
  6 | 
  7 | const EmailVerificationPage = () => {
  8 | 	const [code, setCode] = useState(["", "", "", "", "", ""]);
  9 | 	const inputRefs = useRef([]);
 10 | 	const navigate = useNavigate();
 11 | 
 12 | 	const { error, isLoading, verifyEmail } = useAuthStore();
 13 | 
 14 | 	const handleChange = (index, value) => {
 15 | 		const newCode = [...code];
 16 | 
 17 | 		// Handle pasted content
 18 | 		if (value.length > 1) {
 19 | 			const pastedCode = value.slice(0, 6).split("");
 20 | 			for (let i = 0; i < 6; i++) {
 21 | 				newCode[i] = pastedCode[i] || "";
 22 | 			}
 23 | 			setCode(newCode);
 24 | 
 25 | 			// Focus on the last non-empty input or the first empty one
 26 | 			const lastFilledIndex = newCode.findLastIndex((digit) => digit !== "");
 27 | 			const focusIndex = lastFilledIndex < 5 ? lastFilledIndex + 1 : 5;
 28 | 			inputRefs.current[focusIndex].focus();
 29 | 		} else {
 30 | 			newCode[index] = value;
 31 | 			setCode(newCode);
 32 | 
 33 | 			// Move focus to the next input field if value is entered
 34 | 			if (value && index < 5) {
 35 | 				inputRefs.current[index + 1].focus();
 36 | 			}
 37 | 		}
 38 | 	};
 39 | 
 40 | 	const handleKeyDown = (index, e) => {
 41 | 		if (e.key === "Backspace" && !code[index] && index > 0) {
 42 | 			inputRefs.current[index - 1].focus();
 43 | 		}
 44 | 	};
 45 | 
 46 | 	const handleSubmit = async (e) => {
 47 | 		e.preventDefault();
 48 | 		const verificationCode = code.join("");
 49 | 		try {
 50 | 			await verifyEmail(verificationCode);
 51 | 			navigate("/");
 52 | 			toast.success("Email verified successfully");
 53 | 		} catch (error) {
 54 | 			console.log(error);
 55 | 		}
 56 | 	};
 57 | 
 58 | 	// Auto submit when all fields are filled
 59 | 	useEffect(() => {
 60 | 		if (code.every((digit) => digit !== "")) {
 61 | 			handleSubmit(new Event("submit"));
 62 | 		}
 63 | 	}, [code]);
 64 | 
 65 | 	return (
 66 | 		<div className='max-w-md w-full bg-gray-800 bg-opacity-50 backdrop-filter backdrop-blur-xl rounded-2xl shadow-xl overflow-hidden'>
 67 | 			<motion.div
 68 | 				initial={{ opacity: 0, y: -50 }}
 69 | 				animate={{ opacity: 1, y: 0 }}
 70 | 				transition={{ duration: 0.5 }}
 71 | 				className='bg-gray-800 bg-opacity-50 backdrop-filter backdrop-blur-xl rounded-2xl shadow-2xl p-8 w-full max-w-md'
 72 | 			>
 73 | 				<h2 className='text-3xl font-bold mb-6 text-center bg-gradient-to-r from-green-400 to-emerald-500 text-transparent bg-clip-text'>
 74 | 					Verify Your Email
 75 | 				</h2>
 76 | 				<p className='text-center text-gray-300 mb-6'>Enter the 6-digit code sent to your email address.</p>
 77 | 
 78 | 				<form onSubmit={handleSubmit} className='space-y-6'>
 79 | 					<div className='flex justify-between'>
 80 | 						{code.map((digit, index) => (
 81 | 							<input
 82 | 								key={index}
 83 | 								ref={(el) => (inputRefs.current[index] = el)}
 84 | 								type='text'
 85 | 								maxLength='6'
 86 | 								value={digit}
 87 | 								onChange={(e) => handleChange(index, e.target.value)}
 88 | 								onKeyDown={(e) => handleKeyDown(index, e)}
 89 | 								className='w-12 h-12 text-center text-2xl font-bold bg-gray-700 text-white border-2 border-gray-600 rounded-lg focus:border-green-500 focus:outline-none'
 90 | 							/>
 91 | 						))}
 92 | 					</div>
 93 | 					{error && <p className='text-red-500 font-semibold mt-2'>{error}</p>}
 94 | 					<motion.button
 95 | 						whileHover={{ scale: 1.05 }}
 96 | 						whileTap={{ scale: 0.95 }}
 97 | 						type='submit'
 98 | 						disabled={isLoading || code.some((digit) => !digit)}
 99 | 						className='w-full bg-gradient-to-r from-green-500 to-emerald-600 text-white font-bold py-3 px-4 rounded-lg shadow-lg hover:from-green-600 hover:to-emerald-700 focus:outline-none focus:ring-2 focus:ring-green-500 focus:ring-opacity-50 disabled:opacity-50'
100 | 					>
101 | 						{isLoading ? "Verifying..." : "Verify Email"}
102 | 					</motion.button>
103 | 				</form>
104 | 			</motion.div>
105 | 		</div>
106 | 	);
107 | };
108 | export default EmailVerificationPage;
109 | 


--------------------------------------------------------------------------------
/backend/mailtrap/emailTemplates.js:
--------------------------------------------------------------------------------
 1 | export const VERIFICATION_EMAIL_TEMPLATE = `
 2 | <!DOCTYPE html>
 3 | <html lang="en">
 4 | <head>
 5 |   <meta charset="UTF-8">
 6 |   <meta name="viewport" content="width=device-width, initial-scale=1.0">
 7 |   <title>Verify Your Email</title>
 8 | </head>
 9 | <body style="font-family: Arial, sans-serif; line-height: 1.6; color: #333; max-width: 600px; margin: 0 auto; padding: 20px;">
10 |   <div style="background: linear-gradient(to right, #4CAF50, #45a049); padding: 20px; text-align: center;">
11 |     <h1 style="color: white; margin: 0;">Verify Your Email</h1>
12 |   </div>
13 |   <div style="background-color: #f9f9f9; padding: 20px; border-radius: 0 0 5px 5px; box-shadow: 0 2px 5px rgba(0,0,0,0.1);">
14 |     <p>Hello,</p>
15 |     <p>Thank you for signing up! Your verification code is:</p>
16 |     <div style="text-align: center; margin: 30px 0;">
17 |       <span style="font-size: 32px; font-weight: bold; letter-spacing: 5px; color: #4CAF50;"> {verificationCode} </span>
18 |     </div>
19 |     <p>Enter this code on the verification page to complete your registration.</p>
20 |     <p>This code will expire in 15 minutes for security reasons.</p>
21 |     <p>If you didn't create an account with us, please ignore this email.</p>
22 |     <p>Best regards,<br>Your App Team</p>
23 |   </div>
24 |   <div style="text-align: center; margin-top: 20px; color: #888; font-size: 0.8em;">
25 |     <p>This is an automated message, please do not reply to this email.</p>
26 |   </div>
27 | </body>
28 | </html>
29 | `;
30 | 
31 | export const PASSWORD_RESET_SUCCESS_TEMPLATE = `
32 | <!DOCTYPE html>
33 | <html lang="en">
34 | <head>
35 |   <meta charset="UTF-8">
36 |   <meta name="viewport" content="width=device-width, initial-scale=1.0">
37 |   <title>Password Reset Successful</title>
38 | </head>
39 | <body style="font-family: Arial, sans-serif; line-height: 1.6; color: #333; max-width: 600px; margin: 0 auto; padding: 20px;">
40 |   <div style="background: linear-gradient(to right, #4CAF50, #45a049); padding: 20px; text-align: center;">
41 |     <h1 style="color: white; margin: 0;">Password Reset Successful</h1>
42 |   </div>
43 |   <div style="background-color: #f9f9f9; padding: 20px; border-radius: 0 0 5px 5px; box-shadow: 0 2px 5px rgba(0,0,0,0.1);">
44 |     <p>Hello,</p>
45 |     <p>We're writing to confirm that your password has been successfully reset.</p>
46 |     <div style="text-align: center; margin: 30px 0;">
47 |       <div style="background-color: #4CAF50; color: white; width: 50px; height: 50px; line-height: 50px; border-radius: 50%; display: inline-block; font-size: 30px;">
48 |         ✓
49 |       </div>
50 |     </div>
51 |     <p>If you did not initiate this password reset, please contact our support team immediately.</p>
52 |     <p>For security reasons, we recommend that you:</p>
53 |     <ul>
54 |       <li>Use a strong, unique password</li>
55 |       <li>Enable two-factor authentication if available</li>
56 |       <li>Avoid using the same password across multiple sites</li>
57 |     </ul>
58 |     <p>Thank you for helping us keep your account secure.</p>
59 |     <p>Best regards,<br>Your App Team</p>
60 |   </div>
61 |   <div style="text-align: center; margin-top: 20px; color: #888; font-size: 0.8em;">
62 |     <p>This is an automated message, please do not reply to this email.</p>
63 |   </div>
64 | </body>
65 | </html>
66 | `;
67 | 
68 | export const PASSWORD_RESET_REQUEST_TEMPLATE = `
69 | <!DOCTYPE html>
70 | <html lang="en">
71 | <head>
72 |   <meta charset="UTF-8">
73 |   <meta name="viewport" content="width=device-width, initial-scale=1.0">
74 |   <title>Reset Your Password</title>
75 | </head>
76 | <body style="font-family: Arial, sans-serif; line-height: 1.6; color: #333; max-width: 600px; margin: 0 auto; padding: 20px;">
77 |   <div style="background: linear-gradient(to right, #4CAF50, #45a049); padding: 20px; text-align: center;">
78 |     <h1 style="color: white; margin: 0;">Password Reset</h1>
79 |   </div>
80 |   <div style="background-color: #f9f9f9; padding: 20px; border-radius: 0 0 5px 5px; box-shadow: 0 2px 5px rgba(0,0,0,0.1);">
81 |     <p>Hello,</p>
82 |     <p>We received a request to reset your password. If you didn't make this request, please ignore this email.</p>
83 |     <p>To reset your password, click the button below:</p>
84 |     <div style="text-align: center; margin: 30px 0;">
85 |       <a href="{resetURL}" style="background-color: #4CAF50; color: white; padding: 12px 20px; text-decoration: none; border-radius: 5px; font-weight: bold;">Reset Password</a>
86 |     </div>
87 |     <p>This link will expire in 1 hour for security reasons.</p>
88 |     <p>Best regards,<br>Your App Team</p>
89 |   </div>
90 |   <div style="text-align: center; margin-top: 20px; color: #888; font-size: 0.8em;">
91 |     <p>This is an automated message, please do not reply to this email.</p>
92 |   </div>
93 | </body>
94 | </html>
95 | `;


--------------------------------------------------------------------------------
/backend/controllers/auth.controller.js:
--------------------------------------------------------------------------------
  1 | import { User } from "../models/user.model.js";
  2 | import bcryptjs from "bcryptjs";
  3 | import crypto from "crypto";
  4 | import { generateTokenAndSetCookie } from "../utils/generateTokenAndSetCookie.js";
  5 | import { sendPasswordResetEmail, sendVerificationEmail, sendWelcomeEmail, sendResetSuccessEmail } from "../mailtrap/emails.js";
  6 | 
  7 | export const signup = async (req, res) => {
  8 |   const { email, password, name } = req.body;
  9 | 
 10 |   try {
 11 |     if(!email || !password || !name) {
 12 |       throw new Error("All fields are required");
 13 |     }
 14 | 
 15 |     const userAlreadyExists = await User.findOne({ email });
 16 |     if(userAlreadyExists) {
 17 |       return res.status(400).json({success: false, message: "User already exists"});
 18 |     }
 19 | 
 20 |     const hashedPassword = await bcryptjs.hash(password, 10);
 21 |     const verificationToken = Math.floor(100000 + Math.random() * 900000).toString();
 22 | 
 23 |     const user = new User({
 24 |       email,
 25 |       password: hashedPassword,
 26 |       name,
 27 |       verificationToken,
 28 |       verificationTokenExpiresAt: Date.now() + 24 * 60 * 60 * 1000, // 24 hours
 29 |     })
 30 | 
 31 |     await user.save();
 32 |     
 33 |     // send verification email
 34 |     await sendVerificationEmail(user.email, verificationToken);
 35 | 
 36 |     // jwt token
 37 |     generateTokenAndSetCookie(res, user._id);
 38 | 
 39 |     
 40 | 
 41 |     res.status(201).json({
 42 |       success: true,
 43 |       message: "User created successfully",
 44 |       user: {
 45 |         ...user._doc,
 46 |         password: undefined,
 47 |       }
 48 |     });
 49 | 
 50 |   } catch (error) {
 51 |     res.status(400).json({success: false, message: error.message});
 52 |   }
 53 | }
 54 | 
 55 | 
 56 | 
 57 | export const verifyEmail = async (req, res) => {
 58 | 	const { code } = req.body;
 59 | 	try {
 60 | 		const user = await User.findOne({
 61 | 			verificationToken: code,
 62 | 			verificationTokenExpiresAt: { $gt: Date.now() },
 63 | 		});
 64 | 
 65 | 		if (!user) {
 66 | 			return res.status(400).json({ success: false, message: "Invalid or expired verification code" });
 67 | 		}
 68 | 
 69 | 		user.isVerified = true;
 70 | 		user.verificationToken = undefined;
 71 | 		user.verificationTokenExpiresAt = undefined;
 72 | 		await user.save();
 73 | 
 74 | 		await sendWelcomeEmail(user.email, user.name);
 75 | 
 76 | 		res.status(200).json({
 77 | 			success: true,
 78 | 			message: "Email verified successfully",
 79 | 			user: {
 80 | 				...user._doc,
 81 | 				password: undefined,
 82 | 			},
 83 | 		});
 84 | 	} catch (error) {
 85 | 		console.log("error in verifyEmail ", error);
 86 | 		res.status(500).json({ success: false, message: "Server error" });
 87 | 	}
 88 | };
 89 | 
 90 | 
 91 | export const login = async (req, res) => {
 92 |   const { email, password } = req.body;
 93 |   try {
 94 |     if(!email || !password) {
 95 |       throw new Error("All fields are required");
 96 |     }
 97 |     const user = await User.findOne({ email });
 98 |     if(!user) {
 99 |       return res.status(400).json({success: false, message: "User not found"});
100 |     }
101 |     const isPasswordCorrect = await bcryptjs.compare(password, user.password);
102 |     if(!isPasswordCorrect) {
103 |       return res.status(400).json({success: false, message: "Invalid credentials"});
104 |     }
105 | 
106 |     generateTokenAndSetCookie(res, user._id);
107 |     user.lastLogin = new Date();
108 |     await user.save();
109 | 
110 |     return res.status(200).json({
111 |       success: true,
112 |       message: "Logged in successfully",
113 |       user: {
114 |         ...user._doc,
115 |         password: undefined,
116 |       }
117 |     });
118 |     
119 |   } catch (error) {
120 |     console.log("error in login ", error);
121 |     res.status(400).json({success: false, message: error.message});
122 |   }
123 | }
124 | 
125 | 
126 | export const logout = async (req, res) => {
127 | 	res.clearCookie("token");
128 | 	res.status(200).json({ success: true, message: "Logged out successfully" });
129 | };
130 | 
131 | 
132 | 
133 | export const forgotPassword = async (req, res) => {
134 |   const { email } = req.body;
135 | 
136 |   try {
137 |     if(!email) {
138 |       throw new Error("Email is required");
139 |     }
140 |     const user = await User.findOne({email});
141 |     if(!user) {
142 |       return res.status(400).json({success: false, message: "User not found"});
143 |     }
144 | 
145 |     const resetToken = crypto.randomBytes(20).toString("hex");
146 |     const resetTokenExpiresAt = Date.now() + 1 * 60 * 60 * 1000; // 1 hour
147 | 
148 |     user.resetPasswordToken = resetToken;
149 |     user.resetPasswordExpiresAt = resetTokenExpiresAt;
150 |     await user.save();
151 | 
152 |     await sendPasswordResetEmail(user.email, `${process.env.CLIENT_URL}/reset-password/${resetToken}`);
153 | 
154 |     res.status(200).json({
155 |       success: true,
156 |       message: "Password reset email sent successfully",
157 |     });
158 | 
159 |     
160 |   } catch (error) {
161 |     console.log("error in forgotPassword ", error);
162 |     res.status(400).json({success: false, message: error.message});
163 |   }
164 | }
165 | 
166 | 
167 | 
168 | export const resetPassword = async (req, res) => {
169 | 	try {
170 | 		const { token } = req.params;
171 | 		const { password } = req.body;
172 | 
173 | 		const user = await User.findOne({
174 | 			resetPasswordToken: token,
175 | 			resetPasswordExpiresAt: { $gt: Date.now() },
176 | 		});
177 | 
178 | 		if (!user) {
179 | 			return res.status(400).json({ success: false, message: "Invalid or expired reset token" });
180 | 		}
181 | 
182 | 		// update password
183 | 		const hashedPassword = await bcryptjs.hash(password, 10);
184 | 
185 | 		user.password = hashedPassword;
186 | 		user.resetPasswordToken = undefined;
187 | 		user.resetPasswordExpiresAt = undefined;
188 | 		await user.save();
189 | 
190 | 		await sendResetSuccessEmail(user.email);
191 | 
192 | 		res.status(200).json({ success: true, message: "Password reset successful" });
193 | 	} catch (error) {
194 | 		console.log("Error in resetPassword ", error);
195 | 		res.status(400).json({ success: false, message: error.message });
196 | 	}
197 | };
198 | 
199 | 
200 | export const checkAuth = async (req, res) => {
201 | 	try {
202 | 		const user = await User.findById(req.userId).select("-password");
203 | 		if (!user) {
204 | 			return res.status(400).json({ success: false, message: "User not found" });
205 | 		}
206 | 
207 | 		res.status(200).json({ success: true, user });
208 | 	} catch (error) {
209 | 		console.log("Error in checkAuth ", error);
210 | 		res.status(400).json({ success: false, message: error.message });
211 | 	}
212 | };


--------------------------------------------------------------------------------