@feardread/fear 1.1.4 → 1.1.6

package/FEARServer.js

@@ -71,9 +71,9 @@ const FearServer = (function () {
     setupProcessHandlers() {
       // Handle unhandled promise rejections
       process.on("unhandledRejection", (reason, promise) => {
-        console.log('Unhandled Rejection at:', promise, 'reason:', reason);
+        console.log('Unhandled Rejection at:', promise);
         this.fear.getLogger().error('Unhandled Rejection at:', promise, 'reason:', reason);
-        //this.gracefulShutdown('unhandledRejection');
+        this.gracefulShutdown('unhandledRejection');
       });
 
       // Handle uncaught exceptions

package/controllers/address.js

@@ -0,0 +1,9 @@
+const Address = require("../models/address");
+const methods = require("./crud");
+
+const crud = methods.crudController( Address );
+for(prop in crud) {
+  if(crud.hasOwnProperty(prop)) {
+    module.exports[prop] = crud[prop];
+  }
+}

package/controllers/auth/index.js

@@ -18,15 +18,8 @@ const response = {
    * @param {string} message - Success message
    */
   success: (res, user, token, statusCode = 200, message = "Authentication successful") => {
-    // Remove sensitive data from user object
-    const userResponse = {
-      _id: user._id,
-      email: user.email,
-      name: user.name,
-      role: user.role,
-      createdAt: user.createdAt,
-      updatedAt: user.updatedAt
-    };
+    // Use the model's toJSON method which automatically removes sensitive data
+    const userResponse = user.toJSON();
 
     return res
       .status(statusCode)
@@ -64,34 +57,72 @@ const response = {
  * @description Validates user credentials (email/password) and returns JWT token for authenticated user
  * @tags authentication
  */
-exports.login = async (req, res) => {
+exports.login = (req, res) => {
   const { email, password } = req.body;
 
   // Validate input
   const validation = validator.input.login({ email, password });
   if (!validation.isValid) {
-    return response.sendError(res, 400, validation.message);
+    return response.error(res, 400, validation.message);
   }
 
-  console.log('Authentication attempt for:', email);
-  await User.findOne({ email }).select('+password')
-    .then((user) => {
-      if (!user) return response.error(res, 401, "Invalid credentials");
+  logger.info('Authentication attempt for:', email);
+
+  // Find user and include password field
+  User.findOne({ 
+    email: email.toLowerCase(),
+    status: { $ne: 'deleted' }
+  })
+    .select('+password')
+    .then(user => {
+      if (!user) {
+        return response.error(res, 401, "Invalid credentials");
+      }
+
+      // Check if account is locked
+      if (user.isLocked()) {
+        return response.error(
+          res, 
+          423, 
+          "Account temporarily locked due to too many failed login attempts. Please try again later."
+        );
+      }
+
+      // Check if account is suspended or inactive
+      if (user.status === 'suspended') {
+        return response.error(res, 403, "Your account has been suspended. Please contact support.");
+      }
+
+      if (user.status === 'inactive') {
+        return response.error(res, 403, "Your account is inactive. Please contact support to reactivate.");
+      }
 
       // Verify password
-      user.compare(password)
-        .then((isPasswordValid) => {
+      return user.comparePassword(password)
+        .then(isPasswordValid => {
           if (!isPasswordValid) {
-            return response.error(res, 401, "Invalid credentials");
+            return user.incLoginAttempts()
+              .then(() => {
+                return response.error(res, 401, "Invalid credentials");
+              });
           }
 
-          const token = TokenService.generateToken(user);
-          return response.success(res, user, token, 200, "Login successful");
-        })
-        .catch(err => response.error(res, 500, 'Server Error'))
-
+          // Reset login attempts and update last login
+          return user.resetLoginAttempts()
+            .then(() => {
+              return user.updateOne({ 
+                lastLoginAt: new Date(),
+                lastLoginIP: req.ip || req.connection.remoteAddress
+              });
+            })
+            .then(() => {
+              // Generate token
+              const token = TokenService.generateToken(user);
+              return response.success(res, user, token, 200, "Login successful");
+            });
+        });
     })
-    .catch((error) => {
+    .catch(error => {
       logger.error('Login error:', error);
       return response.error(res, 500, "Authentication failed", error.message);
     });
@@ -103,50 +134,77 @@ exports.login = async (req, res) => {
  * @description Creates a new user account with provided information and returns JWT token
  * @tags authentication
  */
-exports.register = async (req, res) => {
-  const { email, firstname, lastname, name: providedName, password, ...otherFields } = req.body;
+exports.register = (req, res) => {
+  const { 
+    email, 
+    password,
+    firstName,
+    lastName,
+    displayName,
+    phoneNumber,
+    dateOfBirth,
+    ...otherFields 
+  } = req.body;
 
   // Validate input
   const validation = validator.input.register({
-    email, firstname, lastname, name: providedName, password
+    email, 
+    password,
+    firstName,
+    lastName
   });
 
   if (!validation.isValid) {
     return response.error(res, 400, validation.message);
   }
 
-  try {
-    // Check if user already exists
-    const existingUser = await User.findOne({ email });
-    if (existingUser) {
-      return response.error(res, 409, "User with this email already exists");
-    }
+  // Check if user already exists
+  User.findOne({ email: email.toLowerCase() })
+    .then(existingUser => {
+      if (existingUser) {
+        return response.error(res, 409, "User with this email already exists");
+      }
+
+      // Create new user with nested profile structure
+      const userData = {
+        email: email.toLowerCase(),
+        password,
+        firstName: firstName.trim(),
+        lastName: lastName.trim(),
+        displayName: displayName || `${firstName} ${lastName}`,
+        mobile: phoneNumber || undefined,
+        dateOfBirth: dateOfBirth || undefined,
+        role: otherFields.role || 'user',
+        status: 'active'
+      };
+
+      return User.create(userData);
+    })
+    .then(user => {
+      if (!user) return; // Already handled in previous then
 
-    // Create new user
-    const userData = {
-      ...otherFields,
-      email: email.toLowerCase(),
-      name: validation.name,
-      password,
-      role: otherFields.role || 'user' // Default role
-    };
+      logger.info('New user registered:', user.email);
 
-    const user = await User.create(userData);
+      // Generate token and send response
+      const token = TokenService.generateToken(user);
+      return response.success(res, user, token, 201, "Registration successful");
+    })
+    .catch(error => {
+      logger.error('Registration error:', error);
 
-    // Generate token and send response
-    const token = TokenService.generateToken(user);
-    return response.success(res, user, token, 201, "Registration successful");
+      // Handle duplicate key error (in case of race condition)
+      if (error.code === 11000) {
+        return response.error(res, 409, "User with this email already exists");
+      }
 
-  } catch (error) {
-    console.error('Registration error:', error);
+      // Handle validation errors
+      if (error.name === 'ValidationError') {
+        const messages = Object.values(error.errors).map(err => err.message);
+        return response.error(res, 400, messages.join(', '));
+      }
 
-    // Handle duplicate key error (in case of race condition)
-    if (error.code === 11000) {
-      return response.error(res, 409, "User with this email already exists");
-    }
-
-    return response.error(res, 500, "Registration failed", error.message);
-  }
+      return response.error(res, 500, "Registration failed", error.message);
+    });
 };
 
 /**
@@ -175,18 +233,12 @@ exports.logout = async (req, res) => {
  * @description Returns the current user's profile information
  * @tags authentication
  */
-exports.getCurrentUser = async (req, res) => {
+exports.getCurrentUser = (req, res) => {
   // req.user is set by isAuthorized middleware
   const user = req.user;
 
-  const userResponse = {
-    _id: user._id,
-    email: user.email,
-    name: user.name,
-    role: user.role,
-    createdAt: user.createdAt,
-    updatedAt: user.updatedAt
-  };
+  // Use toJSON to automatically remove sensitive fields
+  const userResponse = user.toJSON();
 
   return res.status(200).json({
     success: true,
@@ -200,20 +252,112 @@ exports.getCurrentUser = async (req, res) => {
  * @description Generates a new JWT token for authenticated user
  * @tags authentication
  */
-exports.refreshToken = async (req, res) => {
+exports.refreshToken = (req, res) => {
   const user = req.user; // Set by isAuthorized middleware
 
   const newToken = TokenService.generateToken(user);
   return response.success(res, user, newToken, 200, "Token refreshed successfully");
 };
 
+/**
+ * PUT /fear/api/auth/update-profile
+ * @summary Update user profile information
+ * @description Updates the authenticated user's profile data
+ * @tags authentication
+ */
+exports.updateProfile = (req, res) => {
+  const { firstName, lastName, displayName, phoneNumber, bio, dateOfBirth, avatar } = req.body;
+
+  User.findById(req.user._id)
+    .then(user => {
+      if (!user) {
+        return response.error(res, 404, "User not found");
+      }
+
+      // Update profile fields if provided
+      if (firstName) user.firstName = firstName.trim();
+      if (lastName) user.lastName = lastName.trim();
+      if (displayName !== undefined) user.displayName = displayName.trim();
+      if (phoneNumber !== undefined) user.phoneNumber = phoneNumber;
+      if (bio !== undefined) user.bio = bio;
+      if (dateOfBirth !== undefined) user.dateOfBirth = dateOfBirth;
+      if (avatar !== undefined) user.avatar = avatar;
+
+      return user.save();
+    })
+    .then(user => {
+      if (!user) return; // Already handled
+
+      return res.status(200).json({
+        success: true,
+        message: "Profile updated successfully",
+        data: { user: user.toJSON() }
+      });
+    })
+    .catch(error => {
+      logger.error('Profile update error:', error);
+
+      if (error.name === 'ValidationError') {
+        const messages = Object.values(error.errors).map(err => err.message);
+        return response.error(res, 400, messages.join(', '));
+      }
+
+      return response.error(res, 500, "Profile update failed", error.message);
+    });
+};
+
+/**
+ * PUT /fear/api/auth/update-preferences
+ * @summary Update user preferences
+ * @description Updates the authenticated user's preferences (language, timezone, notifications, theme)
+ * @tags authentication
+ */
+exports.updatePreferences = (req, res) => {
+  const { language, timezone, notifications, theme } = req.body;
+
+  User.findById(req.user._id)
+    .then(user => {
+      if (!user) {
+        return response.error(res, 404, "User not found");
+      }
+
+      // Update preferences
+      if (language) user.preferences.language = language;
+      if (timezone) user.preferences.timezone = timezone;
+      if (theme) user.preferences.theme = theme;
+      if (notifications) {
+        user.preferences.notifications = {
+          ...user.preferences.notifications,
+          ...notifications
+        };
+      }
+
+      return user.save();
+    })
+    .then(user => {
+      if (!user) return; // Already handled
+
+      return res.status(200).json({
+        success: true,
+        message: "Preferences updated successfully",
+        data: { 
+          preferences: user.preferences
+        }
+      });
+    })
+    .catch(error => {
+      logger.error('Preferences update error:', error);
+      return response.error(res, 500, "Preferences update failed", error.message);
+    });
+};
+
 /**
  * Middleware: Verify JWT token and authenticate user
  * @summary Checks if user has valid JWT token in cookies or Authorization header
  * @description Validates JWT token and attaches user object to request
  * @tags middleware, authentication
  */
-exports.isAuthorized = async (req, res, next) => {
+exports.isAuthorized = (req, res, next) => {
   let token;
 
   // Check for token in cookies first, then Authorization header
@@ -232,23 +376,37 @@ exports.isAuthorized = async (req, res, next) => {
     const decodedToken = TokenService.verifyToken(token);
 
     // Get user from database
-    const user = await User.findById(decodedToken.id);
-    if (!user) {
-      return response.error(res, 401, "Invalid token. User not found.");
-    }
+    User.findById(decodedToken.id)
+      .then(user => {
+        if (!user) {
+          return response.error(res, 401, "Invalid token. User not found.");
+        }
 
-    // Check if user is still active (optional)
-    if (user.isActive === false) {
-      return response.error(res, 401, "Account has been deactivated.");
-    }
+        // Check user status
+        if (user.status === 'deleted') {
+          return response.error(res, 401, "Account has been deleted.");
+        }
 
-    // Attach user to request
-    req.user = user;
-    req.token = token;
-    next();
+        if (user.status === 'suspended') {
+          return response.error(res, 403, "Account has been suspended.");
+        }
+
+        if (user.status === 'inactive') {
+          return response.error(res, 403, "Account is inactive.");
+        }
+
+        // Attach user to request
+        req.user = user;
+        req.token = token;
+        next();
+      })
+      .catch(error => {
+        logger.error('Authorization error:', error);
+        return response.error(res, 500, "Authentication failed", error.message);
+      });
 
   } catch (error) {
-    console.error('Authorization error:', error);
+    logger.error('Authorization error:', error);
 
     if (error.name === 'JsonWebTokenError') {
       return response.error(res, 401, "Invalid token.");
@@ -268,7 +426,7 @@ exports.isAuthorized = async (req, res, next) => {
  * @description Checks if req.user.role equals 'admin'. Must be used after isAuthorized middleware
  * @tags middleware, authorization
  */
-exports.isAdmin = async (req, res, next) => {
+exports.isAdmin = (req, res, next) => {
   if (!req.user) {
     return response.error(res, 401, "Authentication required");
   }
@@ -289,7 +447,7 @@ exports.isAdmin = async (req, res, next) => {
  * @returns {function} Express middleware function
  */
 exports.authorizeRoles = (...roles) => {
-  return handler.async(async (req, res, next) => {
+  return (req, res, next) => {
     if (!req.user) {
       return response.error(res, 401, "Authentication required");
     }
@@ -303,7 +461,7 @@ exports.authorizeRoles = (...roles) => {
     }
 
     next();
-  });
+  };
 };
 
 /**
@@ -312,7 +470,7 @@ exports.authorizeRoles = (...roles) => {
  * @description Useful for routes that behave differently for authenticated vs anonymous users
  * @tags middleware, authentication
  */
-exports.optionalAuth = async (req, res, next) => {
+exports.optionalAuth = (req, res, next) => {
   let token;
 
   if (req.cookies?.jwt) {
@@ -327,19 +485,32 @@ exports.optionalAuth = async (req, res, next) => {
 
   try {
     const decodedToken = TokenService.verifyToken(token);
-    const user = await User.findById(decodedToken.id);
-
-    if (user && user.isActive !== false) {
-      req.user = user;
-      req.token = token;
-    }
+    
+    User.findById(decodedToken.id)
+      .then(user => {
+        if (user && user.status === 'active') {
+          req.user = user;
+          req.token = token;
+        }
+        next();
+      })
+      .catch(error => {
+        // Silently fail for optional auth
+        logger.debug('Optional auth failed:', error.message);
+        next();
+      });
   } catch (error) {
     // Silently fail for optional auth
-    console.log('Optional auth failed:', error.message);
+    logger.debug('Optional auth failed:', error.message);
+    next();
   }
-
-  next();
 };
 
 // Export TokenService and other utilities for use in other modules
 exports.AuthResponse = response;
+
+module.exports = {
+  login: exports.login,
+  register: exports.register,
+  logout: exports.logout
+}

package/controllers/order.js

@@ -7,7 +7,6 @@ exports.getMyOrders = async (req, res) => {
       const orders = await Order.find({ user: _id })
         .populate("user")
         .populate("orderItems.product")
-        .populate("orderItems.color");
       res.json({
         orders,
       });