solution #217
solution #217
Conversation
mateacademy-ai-mentor
left a comment
mateacademy-ai-mentor
left a comment
There was a problem hiding this comment.
Review Summary
This requires changes because several core features from the task description are missing. You've done a great job setting up the project structure and the initial registration flow, which is a solid foundation to build upon!
To complete the task, please focus on the following critical points:
- Missing
nameField: The user registration is incomplete. You need to add thenamefield to theUsermodel insrc/models/user.jsand handle it in the registration controller (src/controllers/auth.controller.js). - Implement Redirects: After a successful login or account activation, the user should be redirected to their profile page. Currently, your controllers in
src/controllers/auth.controller.jssend a JSON response instead. Please implement a server-side redirect usingres.redirect(). - Missing Core Features: The application is missing several key features. You'll need to implement the routes, controllers, and services for logout, the full password reset flow, and the user profile page as outlined in the requirements.
- Missing 404 Handler: The application must return a 404 status for any undefined routes. Please add a catch-all middleware to
src/index.jsto handle this.
Addressing these items will get your project aligned with the requirements. Keep up the great work!
✨ Please rate this review in the Platform's notification center1. I will be grateful for your feedback! ✨
Important
Fix the issues, commit the changes, and then re-request my review using the Re-request review button2 in the Reviewers tab.
Tip
If you have any comments about this review, please leave a message in the Add a comment section below and mention me with the @mateacademy-ai-mentor tag3.
I will read your message during my next review of your pull request. Please do not reply directly to my comments, as that feature is not supported yet.
Caution
Do not close the pull request until the review is complete. Closing it early can lead to unexpected behavior and disrupt the review process.
Footnotes
src/controllers/auth.controller.js
Outdated
|
|
||
| const register = async (req, res) => { | ||
| try { | ||
| const { email, password } = req.body || {}; |
There was a problem hiding this comment.
According to the task requirements, user registration should include a name field in addition to email and password. Please make sure to handle the name from the request body and save it when creating a new user.
src/controllers/auth.controller.js
Outdated
| res.send({ | ||
| message: 'Акаунт успішно активовано!', | ||
| email: user.email, | ||
| }); |
There was a problem hiding this comment.
The requirements state that the user should be redirected to the Profile page after successful activation. Instead of sending a JSON response, you should perform a redirect, for example using res.redirect('/profile').
src/controllers/auth.controller.js
Outdated
| res.send({ | ||
| message: 'з поверненням!', | ||
| accessToken, | ||
| user: { | ||
| id: user.id, | ||
| email: user.email, | ||
| }, | ||
| }); |
There was a problem hiding this comment.
The requirements specify that the user should be redirected to the Profile page after a successful login. This implementation sends a JWT token, which is common for APIs, but it doesn't fulfill the redirect requirement. Please implement a server-side redirect.
|
|
||
| app.get('/', (req, res) => { | ||
| res.send('index!'); | ||
| }); |
There was a problem hiding this comment.
According to the task requirements, the application must return a 404 status for all undefined pages. You should add a catch-all middleware function at the end of your route definitions (before app.listen) to handle any requests that don't match the existing routes.
src/middlewares/auth.middleware.js
Outdated
| req.user = userData; | ||
| next(); | ||
| } catch (error) { | ||
| return res.status(401).send('ytlsqcybq njrty'); |
There was a problem hiding this comment.
The error message sent when token verification fails appears to be scrambled text ('ytlsqcybq njrty'). It should be a clear, human-readable message, such as 'Invalid token' or 'Недійсний токен', to aid in debugging.
| const User = client.define('user', { | ||
| email: { | ||
| type: DataTypes.STRING, | ||
| allowNull: false, | ||
| unique: true, | ||
| }, | ||
| password: { | ||
| type: DataTypes.STRING, | ||
| allowNull: false, | ||
| }, | ||
| activationToken: { | ||
| type: DataTypes.STRING, | ||
| }, | ||
| }); |
There was a problem hiding this comment.
The task requires user registration with a name, but the User model is missing this field. You should add a name property to the model definition to store the user's name.
| authRouter.post('/registration', authController.register); | ||
| authRouter.get('/activation/:activationToken', authController.activation); | ||
| authRouter.post('/login', authController.login); |
There was a problem hiding this comment.
This router is missing several key endpoints required by the task description. You need to add routes for logout, the password reset flow (requesting and confirming), and the profile page (viewing and updating user information).
| module.exports = { | ||
| activateSendEmail, | ||
| send, | ||
| }; |
There was a problem hiding this comment.
This service is a good start, but it's missing functions for other required email notifications. You'll need to add methods for sending password reset emails and for notifying a user's old email address when they change it, as specified in the task requirements.
mateacademy-ai-mentor
left a comment
mateacademy-ai-mentor
left a comment
There was a problem hiding this comment.
Review Summary
You've built a solid foundation for user registration and activation, which is great work! However, this submission requires changes because several core features are still missing and some existing functionality doesn't meet the task requirements.
Here are the main points to address:
- Missing Core Features: The password reset flow and the user profile page (including the ability to change name, email, and password) have not been implemented. Please add the necessary routes, controllers, and service functions to support these critical features.
- Incorrect Redirects: The login and logout behavior needs to be corrected.
- In
src/controllers/auth.controller.js, theloginfunction should perform a server-side redirect to the user's profile page after a successful login, instead of returning a JSON token. - The
logoutfunction should redirect the user to the login page, rather than sending a204 No Contentresponse.
- In
Please focus on implementing these missing pieces to complete the project. You're on the right track!
✨ Please rate this review in the Platform's notification center1. I will be grateful for your feedback! ✨
Important
Fix the issues, commit the changes, and then re-request my review using the Re-request review button2 in the Reviewers tab.
Tip
If you have any comments about this review, please leave a message in the Add a comment section below and mention me with the @mateacademy-ai-mentor tag3.
I will read your message during my next review of your pull request. Please do not reply directly to my comments, as that feature is not supported yet.
Caution
Do not close the pull request until the review is complete. Closing it early can lead to unexpected behavior and disrupt the review process.
Footnotes
src/controllers/auth.controller.js
Outdated
| return res.status(200).send({ | ||
| accessToken, | ||
| user: { | ||
| id: user.id, | ||
| name: user.name, | ||
| email: user.email, | ||
| }, | ||
| }); |
There was a problem hiding this comment.
According to the task requirements, a successful login should redirect the user to their profile page. This function currently returns a JSON response with a token instead. Please implement a server-side redirect here, similar to how you've done it in the activation function.
src/controllers/auth.controller.js
Outdated
|
|
||
| const logout = async (req, res) => { | ||
| try { | ||
| res.status(204).send(); |
There was a problem hiding this comment.
The requirements state that after logging out, the user should be redirected to the login page. This implementation sends a 204 No Content response, but it should perform a redirect.
src/middlewares/auth.middleware.js
Outdated
| if (!userData) { | ||
| return res.status(401).send('email не авторизовано'); | ||
| } |
There was a problem hiding this comment.
This check for !userData is redundant. If jwt.verify fails to validate the token (e.g., it's invalid or expired), it will throw an error, which is caught by the catch block below. If it succeeds, userData will always be a truthy object (the decoded payload). You can safely remove this if block.
| authRouter.post('/registration', authController.register); | ||
| authRouter.get('/activation/:activationToken', authController.activation); | ||
| authRouter.post('/login', authController.login); | ||
| authRouter.post('/logout', authMiddleware, authController.logout); |
There was a problem hiding this comment.
This router is a good start, but it's missing several required endpoints. According to the task description, you also need to implement routes for the full password reset flow and for managing the user profile (e.g., changing name, email, and password).
| module.exports = { | ||
| activateSendEmail, | ||
| send, | ||
| }; |
There was a problem hiding this comment.
This service is a good start, but it only handles activation emails. According to the task requirements, you will also need to send emails for password resets and to notify users when their email address has been changed. Consider adding more functions here to support those features.
mateacademy-ai-mentor
left a comment
mateacademy-ai-mentor
left a comment
There was a problem hiding this comment.
Review Summary
I am approving this submission as an educational override to help you progress, but there are a few important validation checks you'll need to add. Great job on the overall structure of the application! The routing, middleware, and services are all well-implemented.
The main area for improvement is in src/controllers/auth.controller.js. The task requires you to add confirmation checks for sensitive operations. Specifically:
- When resetting a password, you need to verify that the
passwordandconfirmationfields match. - The same password confirmation check is needed when a user changes their password on their profile page.
- When a user changes their email, you should also add a confirmation field to prevent typos.
Adding these checks will make the application more secure and user-friendly. Keep up the great work!
✨ Please rate this review in the Platform's notification center1. I will be grateful for your feedback! ✨
Footnotes
|
|
||
| const resetPasswordConfirm = async (req, res) => { | ||
| try { | ||
| const { token, password } = req.body; |
There was a problem hiding this comment.
According to the task requirements, the password reset confirmation should include both a password and a confirmation field. You need to add a check to ensure these two fields are equal before proceeding with the password update.
| return res.status(400).send('Невірний старий пароль'); | ||
| } | ||
|
|
||
| if (newPassword) { |
There was a problem hiding this comment.
The requirements for changing a password on the profile page state that it needs a new password and a confirmation field that must match. Please add this validation check here.
| user.password = await bcrypt.hash(newPassword, 10); | ||
| } | ||
|
|
||
| if (email && email !== user.email) { |
There was a problem hiding this comment.
The task requires the user to "confirm the new email". This usually means the request should contain two fields, for example email and emailConfirmation, and you should verify they match before updating the user's email address. This validation is currently missing.
2 participants
No description provided.