OTP Authentication

.gitignore

@@ -1,5 +1,5 @@
 **/.DS_Store
-
+.vscode/easycode.ignore
 ## Backend ignored file (Root level)
 backend/.DS_Store
 node_modules/

backend/app.js

@@ -7,20 +7,20 @@ import authResource from "./resources/authResource.js";
 import otpResource from "./resources/otpResource.js";
 import Connection from "./database/db.js";
 import bodyParser from "body-parser";
-
+import cors from "cors";
+const PORT =`${process.env.PORT || 3000}`;
 const app = express();
 
 app.use(logger("dev"));
 app.use(express.json())
 app.use(express.urlencoded({ extended: false }));
 app.use(cookieParser());
+app.use(cors());
 
 // Get Database connection
 Connection();
 
-app.use(authResource);
-app.use("/signup",otpResource);
-app.use("/signin",otpResource);
+app.use(otpResource);
 app.use("/", testResource);
 
 export default app;

backend/bin/www

@@ -25,7 +25,7 @@ const server = http.createServer(app);
  * Listen on provided port, on all network interfaces.
  */
 
-server.listen(port);
+server.listen(port,"0.0.0.0");
 server.on("error", onError);
 server.on("listening", onListening);
 
@@ -82,7 +82,7 @@ function onError(error) {
 function onListening() {
   const addr = server.address();
   let address = addr.address;
-  if (address === "::" || address === "127.0.0.1" || address === "::1") {
+  if (address === "::" || address === "127.0.0.1" || address === "::1" || address==="0.0.0.0") {
     address = "localhost";
   }
   const bind = typeof addr === "string" ? "pipe " + addr : "port " + addr.port;

backend/constants/errorMessages.js

@@ -11,9 +11,13 @@ export const databaseConnectionError = "Error while connecting with the database
 
 // OTP 
 export const emailIsRequired = 'Email is required';
-export const failedToSendOTPEmail = 'Failed to send OTP email';
+export const failedToSendOTPEmail = 'Failed to send OTP to email';
 export const emailAndOTPRequired = 'Email and OTP are required';
 export const noOTPFoundForEmail = 'No OTP found for the email';
 export const incorrectOTP = 'Incorrect OTP';
 export const otpVerfied = 'OTP verified successfully';
-export const otpSent = 'OTP sent successfully';
+export const otpSent = 'OTP sent successfully';
+
+// Auth Middleware
+export const noAuthToken = 'No auth token, access denied';
+export const tokenVerificationFailed = 'Token verification failed, authorization denied.';

backend/constants/mailOption.js

@@ -1,4 +1,3 @@
-export const senderEmail = '[email protected]';
 export const subjectOTPLogin = 'OTP for Login';
 
 export function createOTPEmailBody(otp) {

backend/middlewares/auth.js

@@ -1,17 +1,18 @@
 import jwt from "jsonwebtoken";
-const passwordKey = proccess.env.PASSWORD_KEY;
+import * as errorMessages from "../constants/errorMessages.js";
+const passwordKey = process.env.PASSWORD_KEY;
 
 const auth = async (req, res, next) => {
   try {
     const token = req.header("x-auth-token");
     if (!token)
-      return res.status(401).json({ msg: "No auth token, access denied" });
+      return res.status(401).json({ msg: errorMessages.noAuthToken });
 
     const verified = jwt.verify(token, passwordKey);
     if (!verified)
       return res
         .status(401)
-        .json({ msg: "Token verification failed, authorization denied." });
+        .json({ msg: errorMessages.tokenVerificationFailed });
 
     req.user = verified.id;
     req.token = token;

backend/package.json

@@ -12,6 +12,7 @@
     "bcryptjs": "^2.4.3",
     "body-parser": "^1.20.2",
     "cookie-parser": "~1.4.4",
+    "cors": "^2.8.5",
     "debug": "^4.3.4",
     "dotenv": "^16.3.2",
     "express": "~4.16.1",
@@ -22,6 +23,8 @@
     "multer": "^1.4.5-lts.1",
     "nodemailer": "^6.9.8",
     "nodemon": "^3.0.3",
-    "pug": "2.0.0-beta11"
+    "pug": "2.0.0-beta11",
+    "xoauth2": "^1.2.0",
+    "yarn": "^1.22.21"
   }
 }

backend/resources/otpResource.js

@@ -1,37 +1,32 @@
 import express from 'express'
 import nodemailer  from 'nodemailer'
 import dotenv from 'dotenv'
+import { MongoClient } from 'mongodb';
+import jwt from 'jsonwebtoken';
 import * as errorConstants from '../constants/errorMessages.js';
 import * as mailOption from '../constants/mailOption.js';
-const otpRouter = express.Router();
 
+const otpRouter = express.Router();
 dotenv.config();
 
-// Nodemailer configuration using Ethereal
-async function getTestAccount() {
-  return nodemailer.createTestAccount();
-}
-
 // Generate a random 4-digit OTP
 function generateOTP() {
   return Math.floor(1000 + Math.random() * 9000).toString();
 }
 
-// Nodemailer configuration
 const transporter = nodemailer.createTransport({
-  // Create an ethereal account and replace it in .env file 
-  host: process.env.SMTP_HOST,
-  port: process.env.SMTP_PORT,
+  service: "Gmail",
+  host: "smtp.gmail.com",
+  port: 465,
+  secure: false,
   auth: {
     user: process.env.SMTP_USER,
-    pass: process.env.SMTP_PASS,
+    pass: process.env.SMTP_PASSWORD,
   },
 });
 
-import { MongoClient } from 'mongodb';
-
 // Connection URI for your MongoDB database
-const uri = process.env.MONGODB_URI; // Change this to your actual MongoDB connection URI
+const uri = process.env.MONGODB_URI; 
 
 // Create a new MongoClient
 const client = new MongoClient(uri);
@@ -45,38 +40,16 @@ const otpStorage = new Map();
 
 otpRouter.post('/send-otp', async (req, res) => {
   const { email } = req.body;
-
   if (!email) {
     return res.status(400).json({ error: errorConstants.emailIsRequired });
   }
-
   // Generate OTP
   const otp = generateOTP();
-  console.log(otp);
+
   // Store OTP with the associated email
   otpStorage.set(email, otp);
-
-   try {
-    // Connect to the MongoDB server
-    await client.connect();
-
-    // Use a specific database
-    const database = client.db(dbName);
-
-    // Use a specific collection
-    const collection = database.collection(collectionName);
-    await collection.deleteMany({
-      email:email,
-    });
-    await collection.insertOne({ email, otp});
-    console.log('OTP data stored in MongoDB');
-  } finally {
-    // Close the connection when done
-    await client.close();
-  }
-  // Nodemailer options
   const mailOptions = {
-    from: mailOption.senderEmail,
+    from: process.env.SENDER_EMAIL,
     to: email,
     subject: mailOption.subjectOTPLogin,
     text: mailOption.createOTPEmailBody(otp)
@@ -85,10 +58,30 @@ otpRouter.post('/send-otp', async (req, res) => {
   // Send mail
   transporter.sendMail(mailOptions, (error, info) => {
     if (error) {
+      console.log(error);
       return res.status(500).json({ error: errorConstants.failedToSendOTPEmail });
     }
-    res.json({ message: errorConstants.otpSent, email });
+    else{
+      console.log('Message sent: %s', info.response);
+      res.json({ message: errorConstants.otpSent, email });
+    }
   });
+
+  // Connect to the MongoDB server
+  try {
+    await client.connect();
+    const database = client.db(dbName);
+    const collection = database.collection(collectionName);
+    await collection.deleteMany({
+      email:email,
+  });
+
+    await collection.insertOne({ email, otp});
+    console.log('OTP data stored in MongoDB');
+
+  } finally {
+    await client.close();
+  }
 });
 
 otpRouter.post('/verify-otp', async (req, res) => {
@@ -100,11 +93,9 @@ otpRouter.post('/verify-otp', async (req, res) => {
 
   try {
     await client.connect();
-
+    
     const database = client.db(dbName);
     const collection = database.collection(collectionName);
-
-    // Retrieve stored OTP and timestamp for the email from the database
     const result = await collection.findOne({ email });
 
     if (!result || !result.otp) {
@@ -115,15 +106,13 @@ otpRouter.post('/verify-otp', async (req, res) => {
 
     // Compare the provided OTP with the stored OTP
     if (otp === storedOTP) {
-      // Clear OTP from storage after successful verification (for demo purposes)
       await collection.deleteOne({ email });
-      return res.json({ message: errorConstants.otpVerfied });
+      const token = jwt.sign({ email }, process.env.ACCESS_TOKEN_SECRET, { expiresIn: '1h' });
+      return res.json({ message: errorConstants.otpVerfied, token });
     }
-
     res.status(401).json({ error: errorConstants.incorrectOTP });
   } catch (err) {
-    console.error('Error:', err.message);
-    res.status(500).json({ error: 'Internal Server Error' });
+    res.status(500).json({ error: errorConstants.internalServerError });
   } finally {
     await client.close();
   }