@feardread/fear 1.1.5 → 1.1.6

package/FEARServer.js

@@ -71,9 +71,9 @@ const FearServer = (function () {
     setupProcessHandlers() {
       // Handle unhandled promise rejections
       process.on("unhandledRejection", (reason, promise) => {
-        console.log('Unhandled Rejection at:', promise, 'reason:', reason);
+        console.log('Unhandled Rejection at:', promise);
         this.fear.getLogger().error('Unhandled Rejection at:', promise, 'reason:', reason);
-        //this.gracefulShutdown('unhandledRejection');
+        this.gracefulShutdown('unhandledRejection');
       });
 
       // Handle uncaught exceptions

package/controllers/address.js

@@ -0,0 +1,9 @@
+const Address = require("../models/address");
+const methods = require("./crud");
+
+const crud = methods.crudController( Address );
+for(prop in crud) {
+  if(crud.hasOwnProperty(prop)) {
+    module.exports[prop] = crud[prop];
+  }
+}

package/controllers/auth/index.js

@@ -18,15 +18,8 @@ const response = {
    * @param {string} message - Success message
    */
   success: (res, user, token, statusCode = 200, message = "Authentication successful") => {
-    // Remove sensitive data from user object
-    const userResponse = {
-      _id: user._id,
-      email: user.email,
-      name: user.name,
-      role: user.role,
-      createdAt: user.createdAt,
-      updatedAt: user.updatedAt
-    };
+    // Use the model's toJSON method which automatically removes sensitive data
+    const userResponse = user.toJSON();
 
     return res
       .status(statusCode)
@@ -64,34 +57,72 @@ const response = {
  * @description Validates user credentials (email/password) and returns JWT token for authenticated user
  * @tags authentication
  */
-exports.login = async (req, res) => {
+exports.login = (req, res) => {
   const { email, password } = req.body;
 
   // Validate input
   const validation = validator.input.login({ email, password });
   if (!validation.isValid) {
-    return response.sendError(res, 400, validation.message);
+    return response.error(res, 400, validation.message);
   }
 
-  console.log('Authentication attempt for:', email);
-  await User.findOne({ email }).select('+password')
-    .then((user) => {
-      if (!user) return response.error(res, 401, "Invalid credentials");
+  logger.info('Authentication attempt for:', email);
+
+  // Find user and include password field
+  User.findOne({ 
+    email: email.toLowerCase(),
+    status: { $ne: 'deleted' }
+  })
+    .select('+password')
+    .then(user => {
+      if (!user) {
+        return response.error(res, 401, "Invalid credentials");
+      }
+
+      // Check if account is locked
+      if (user.isLocked()) {
+        return response.error(
+          res, 
+          423, 
+          "Account temporarily locked due to too many failed login attempts. Please try again later."
+        );
+      }
+
+      // Check if account is suspended or inactive
+      if (user.status === 'suspended') {
+        return response.error(res, 403, "Your account has been suspended. Please contact support.");
+      }
+
+      if (user.status === 'inactive') {
+        return response.error(res, 403, "Your account is inactive. Please contact support to reactivate.");
+      }
 
       // Verify password
-      user.compare(password)
-        .then((isPasswordValid) => {
+      return user.comparePassword(password)
+        .then(isPasswordValid => {
           if (!isPasswordValid) {
-            return response.error(res, 401, "Invalid credentials");
+            return user.incLoginAttempts()
+              .then(() => {
+                return response.error(res, 401, "Invalid credentials");
+              });
           }
 
-          const token = TokenService.generateToken(user);
-          return response.success(res, user, token, 200, "Login successful");
-        })
-        .catch(err => response.error(res, 500, 'Server Error'))
-
+          // Reset login attempts and update last login
+          return user.resetLoginAttempts()
+            .then(() => {
+              return user.updateOne({ 
+                lastLoginAt: new Date(),
+                lastLoginIP: req.ip || req.connection.remoteAddress
+              });
+            })
+            .then(() => {
+              // Generate token
+              const token = TokenService.generateToken(user);
+              return response.success(res, user, token, 200, "Login successful");
+            });
+        });
     })
-    .catch((error) => {
+    .catch(error => {
       logger.error('Login error:', error);
       return response.error(res, 500, "Authentication failed", error.message);
     });
@@ -103,50 +134,77 @@ exports.login = async (req, res) => {
  * @description Creates a new user account with provided information and returns JWT token
  * @tags authentication
  */
-exports.register = async (req, res) => {
-  const { email, firstname, lastname, name: providedName, password, ...otherFields } = req.body;
+exports.register = (req, res) => {
+  const { 
+    email, 
+    password,
+    firstName,
+    lastName,
+    displayName,
+    phoneNumber,
+    dateOfBirth,
+    ...otherFields 
+  } = req.body;
 
   // Validate input
   const validation = validator.input.register({
-    email, firstname, lastname, name: providedName, password
+    email, 
+    password,
+    firstName,
+    lastName
   });
 
   if (!validation.isValid) {
     return response.error(res, 400, validation.message);
   }
 
-  try {
-    // Check if user already exists
-    const existingUser = await User.findOne({ email });
-    if (existingUser) {
-      return response.error(res, 409, "User with this email already exists");
-    }
+  // Check if user already exists
+  User.findOne({ email: email.toLowerCase() })
+    .then(existingUser => {
+      if (existingUser) {
+        return response.error(res, 409, "User with this email already exists");
+      }
+
+      // Create new user with nested profile structure
+      const userData = {
+        email: email.toLowerCase(),
+        password,
+        firstName: firstName.trim(),
+        lastName: lastName.trim(),
+        displayName: displayName || `${firstName} ${lastName}`,
+        mobile: phoneNumber || undefined,
+        dateOfBirth: dateOfBirth || undefined,
+        role: otherFields.role || 'user',
+        status: 'active'
+      };
+
+      return User.create(userData);
+    })
+    .then(user => {
+      if (!user) return; // Already handled in previous then
 
-    // Create new user
-    const userData = {
-      ...otherFields,
-      email: email.toLowerCase(),
-      name: validation.name,
-      password,
-      role: otherFields.role || 'user' // Default role
-    };
+      logger.info('New user registered:', user.email);
 
-    const user = await User.create(userData);
+      // Generate token and send response
+      const token = TokenService.generateToken(user);
+      return response.success(res, user, token, 201, "Registration successful");
+    })
+    .catch(error => {
+      logger.error('Registration error:', error);
 
-    // Generate token and send response
-    const token = TokenService.generateToken(user);
-    return response.success(res, user, token, 201, "Registration successful");
+      // Handle duplicate key error (in case of race condition)
+      if (error.code === 11000) {
+        return response.error(res, 409, "User with this email already exists");
+      }
 
-  } catch (error) {
-    console.error('Registration error:', error);
+      // Handle validation errors
+      if (error.name === 'ValidationError') {
+        const messages = Object.values(error.errors).map(err => err.message);
+        return response.error(res, 400, messages.join(', '));
+      }
 
-    // Handle duplicate key error (in case of race condition)
-    if (error.code === 11000) {
-      return response.error(res, 409, "User with this email already exists");
-    }
-
-    return response.error(res, 500, "Registration failed", error.message);
-  }
+      return response.error(res, 500, "Registration failed", error.message);
+    });
 };
 
 /**
@@ -175,18 +233,12 @@ exports.logout = async (req, res) => {
  * @description Returns the current user's profile information
  * @tags authentication
  */
-exports.getCurrentUser = async (req, res) => {
+exports.getCurrentUser = (req, res) => {
   // req.user is set by isAuthorized middleware
   const user = req.user;
 
-  const userResponse = {
-    _id: user._id,
-    email: user.email,
-    name: user.name,
-    role: user.role,
-    createdAt: user.createdAt,
-    updatedAt: user.updatedAt
-  };
+  // Use toJSON to automatically remove sensitive fields
+  const userResponse = user.toJSON();
 
   return res.status(200).json({
     success: true,
@@ -200,20 +252,112 @@ exports.getCurrentUser = async (req, res) => {
  * @description Generates a new JWT token for authenticated user
  * @tags authentication
  */
-exports.refreshToken = async (req, res) => {
+exports.refreshToken = (req, res) => {
   const user = req.user; // Set by isAuthorized middleware
 
   const newToken = TokenService.generateToken(user);
   return response.success(res, user, newToken, 200, "Token refreshed successfully");
 };
 
+/**
+ * PUT /fear/api/auth/update-profile
+ * @summary Update user profile information
+ * @description Updates the authenticated user's profile data
+ * @tags authentication
+ */
+exports.updateProfile = (req, res) => {
+  const { firstName, lastName, displayName, phoneNumber, bio, dateOfBirth, avatar } = req.body;
+
+  User.findById(req.user._id)
+    .then(user => {
+      if (!user) {
+        return response.error(res, 404, "User not found");
+      }
+
+      // Update profile fields if provided
+      if (firstName) user.firstName = firstName.trim();
+      if (lastName) user.lastName = lastName.trim();
+      if (displayName !== undefined) user.displayName = displayName.trim();
+      if (phoneNumber !== undefined) user.phoneNumber = phoneNumber;
+      if (bio !== undefined) user.bio = bio;
+      if (dateOfBirth !== undefined) user.dateOfBirth = dateOfBirth;
+      if (avatar !== undefined) user.avatar = avatar;
+
+      return user.save();
+    })
+    .then(user => {
+      if (!user) return; // Already handled
+
+      return res.status(200).json({
+        success: true,
+        message: "Profile updated successfully",
+        data: { user: user.toJSON() }
+      });
+    })
+    .catch(error => {
+      logger.error('Profile update error:', error);
+
+      if (error.name === 'ValidationError') {
+        const messages = Object.values(error.errors).map(err => err.message);
+        return response.error(res, 400, messages.join(', '));
+      }
+
+      return response.error(res, 500, "Profile update failed", error.message);
+    });
+};
+
+/**
+ * PUT /fear/api/auth/update-preferences
+ * @summary Update user preferences
+ * @description Updates the authenticated user's preferences (language, timezone, notifications, theme)
+ * @tags authentication
+ */
+exports.updatePreferences = (req, res) => {
+  const { language, timezone, notifications, theme } = req.body;
+
+  User.findById(req.user._id)
+    .then(user => {
+      if (!user) {
+        return response.error(res, 404, "User not found");
+      }
+
+      // Update preferences
+      if (language) user.preferences.language = language;
+      if (timezone) user.preferences.timezone = timezone;
+      if (theme) user.preferences.theme = theme;
+      if (notifications) {
+        user.preferences.notifications = {
+          ...user.preferences.notifications,
+          ...notifications
+        };
+      }
+
+      return user.save();
+    })
+    .then(user => {
+      if (!user) return; // Already handled
+
+      return res.status(200).json({
+        success: true,
+        message: "Preferences updated successfully",
+        data: { 
+          preferences: user.preferences
+        }
+      });
+    })
+    .catch(error => {
+      logger.error('Preferences update error:', error);
+      return response.error(res, 500, "Preferences update failed", error.message);
+    });
+};
+
 /**
  * Middleware: Verify JWT token and authenticate user
  * @summary Checks if user has valid JWT token in cookies or Authorization header
  * @description Validates JWT token and attaches user object to request
  * @tags middleware, authentication
  */
-exports.isAuthorized = async (req, res, next) => {
+exports.isAuthorized = (req, res, next) => {
   let token;
 
   // Check for token in cookies first, then Authorization header
@@ -232,23 +376,37 @@ exports.isAuthorized = async (req, res, next) => {
     const decodedToken = TokenService.verifyToken(token);
 
     // Get user from database
-    const user = await User.findById(decodedToken.id);
-    if (!user) {
-      return response.error(res, 401, "Invalid token. User not found.");
-    }
+    User.findById(decodedToken.id)
+      .then(user => {
+        if (!user) {
+          return response.error(res, 401, "Invalid token. User not found.");
+        }
 
-    // Check if user is still active (optional)
-    if (user.isActive === false) {
-      return response.error(res, 401, "Account has been deactivated.");
-    }
+        // Check user status
+        if (user.status === 'deleted') {
+          return response.error(res, 401, "Account has been deleted.");
+        }
 
-    // Attach user to request
-    req.user = user;
-    req.token = token;
-    next();
+        if (user.status === 'suspended') {
+          return response.error(res, 403, "Account has been suspended.");
+        }
+
+        if (user.status === 'inactive') {
+          return response.error(res, 403, "Account is inactive.");
+        }
+
+        // Attach user to request
+        req.user = user;
+        req.token = token;
+        next();
+      })
+      .catch(error => {
+        logger.error('Authorization error:', error);
+        return response.error(res, 500, "Authentication failed", error.message);
+      });
 
   } catch (error) {
-    console.error('Authorization error:', error);
+    logger.error('Authorization error:', error);
 
     if (error.name === 'JsonWebTokenError') {
       return response.error(res, 401, "Invalid token.");
@@ -268,7 +426,7 @@ exports.isAuthorized = async (req, res, next) => {
  * @description Checks if req.user.role equals 'admin'. Must be used after isAuthorized middleware
  * @tags middleware, authorization
  */
-exports.isAdmin = async (req, res, next) => {
+exports.isAdmin = (req, res, next) => {
   if (!req.user) {
     return response.error(res, 401, "Authentication required");
   }
@@ -289,7 +447,7 @@ exports.isAdmin = async (req, res, next) => {
  * @returns {function} Express middleware function
  */
 exports.authorizeRoles = (...roles) => {
-  return handler.async(async (req, res, next) => {
+  return (req, res, next) => {
     if (!req.user) {
       return response.error(res, 401, "Authentication required");
     }
@@ -303,7 +461,7 @@ exports.authorizeRoles = (...roles) => {
     }
 
     next();
-  });
+  };
 };
 
 /**
@@ -312,7 +470,7 @@ exports.authorizeRoles = (...roles) => {
  * @description Useful for routes that behave differently for authenticated vs anonymous users
  * @tags middleware, authentication
  */
-exports.optionalAuth = async (req, res, next) => {
+exports.optionalAuth = (req, res, next) => {
   let token;
 
   if (req.cookies?.jwt) {
@@ -327,19 +485,32 @@ exports.optionalAuth = async (req, res, next) => {
 
   try {
     const decodedToken = TokenService.verifyToken(token);
-    const user = await User.findById(decodedToken.id);
-
-    if (user && user.isActive !== false) {
-      req.user = user;
-      req.token = token;
-    }
+    
+    User.findById(decodedToken.id)
+      .then(user => {
+        if (user && user.status === 'active') {
+          req.user = user;
+          req.token = token;
+        }
+        next();
+      })
+      .catch(error => {
+        // Silently fail for optional auth
+        logger.debug('Optional auth failed:', error.message);
+        next();
+      });
   } catch (error) {
     // Silently fail for optional auth
-    console.log('Optional auth failed:', error.message);
+    logger.debug('Optional auth failed:', error.message);
+    next();
   }
-
-  next();
 };
 
 // Export TokenService and other utilities for use in other modules
 exports.AuthResponse = response;
+
+module.exports = {
+  login: exports.login,
+  register: exports.register,
+  logout: exports.logout
+}

package/controllers/order.js

@@ -7,7 +7,6 @@ exports.getMyOrders = async (req, res) => {
       const orders = await Order.find({ user: _id })
         .populate("user")
         .populate("orderItems.product")
-        .populate("orderItems.color");
       res.json({
         orders,
       });

package/libs/db/index.js

@@ -41,6 +41,11 @@ class DatabaseManager {
       await this.close();
       process.exit(0);
     });
+
+    process.on('UnhandledRejection', async (promise, reson) => {
+      console.log('Unhandled Rejection at ', reason);
+      await this.close();
+    })
   }
 
   /**

package/libs/validator/index.js

@@ -52,7 +52,7 @@ exports.input = {
    * @returns {object} Validation result
    */
   register: (data) => {
-    const { email, password, firstname, lastname, name } = data;
+    const { email, password, firstName, lastName, displayName } = data;
 
     if (!email) return { isValid: false, message: "Email is required" };
     if (!exports.input.email(email)) return { isValid: false, message: "Please provide a valid email address" };
@@ -60,7 +60,7 @@ exports.input = {
     const passwordValidation = exports.input.password(password);
     if (!passwordValidation.isValid) return passwordValidation;
 
-    const fullName = firstname && lastname ? `${firstname} ${lastname}` : name;
+    const fullName = (displayName) ? displayName : `${firstName} ${lastName}`;
     if (!fullName) return { isValid: false, message: "Name is required" };
 
     return { isValid: true, name: fullName };

package/models/address.js

@@ -0,0 +1,37 @@
+const mongoose = require('mongoose');
+
+const addressSchema = new mongoose.Schema({
+  userId: { type: mongoose.Schema.Types.ObjectId, ref: 'User', required: true, index: true },
+  type: { type: String, enum: ['home', 'work', 'billing', 'shipping', 'other'], default: 'billing' },
+  isDefault: { type: Boolean, default: false },
+  name: { type: String, trim: true, maxlength: 50 },
+  line1: { type: String, required: true, trim: true },
+  line2: { type: String, trim: true },
+  city: { type: String, required: true, trim: true },
+  state: { type: String, required: true, trim: true },
+  postalCode: { type: String, required: true, trim: true },
+  country: { type: String, required: true, default: 'US', uppercase: true },
+  coordinates: { type: { type: String, enum: ['Point'], default: 'Point' },
+    coordinates: { type: [Number], default: [0, 0] }},
+  phoneNumber: { type: String, trim: true },
+  deliveryInstructions: { type: String, trim: true, maxlength: 500 }
+}, {
+  timestamps: true
+});
+
+// Indexes
+addressSchema.index({ userId: 1, isDefault: 1 });
+addressSchema.index({ coordinates: '2dsphere' });
+
+// Ensure only one default address per user
+addressSchema.pre('save', async function(next) {
+  if (this.isDefault) {
+    await this.constructor.updateMany(
+      { userId: this.userId, _id: { $ne: this._id } },
+      { $set: { isDefault: false } }
+    );
+  }
+  next();
+});
+
+module.exports = mongoose.model('Address', addressSchema);

package/models/order.js

@@ -1,93 +1,30 @@
 const mongoose = require("mongoose");
 
 const orderItemSchema = new mongoose.Schema({
-  productId: {
-    type: mongoose.Schema.Types.ObjectId,
-    ref: "Product",
-    required: true,
-  },
-  name: {
-    type: String,
-    required: true,
-  },
-  quantity: {
-    type: Number,
-    required: true,
-    min: 1,
-  },
-  price: {
-    type: Number,
-    required: true,
-  },
-  discount: {
-    type: Number,
-    default: 0,
-  },
-  tax: {
-    type: Number,
-    default: 0,
-  },
-  subtotal: {
-    type: Number,
-    required: true,
-  },
+  productId: {  type: mongoose.Schema.Types.ObjectId, ref: "Product", required: true },
+  title: { type: String,  required: true, },
+  quantity: { type: Number, required: true, min: 1, },
+  price: { type: Number, required: true, },
+  discount: { type: Number,  default: 0, },
+  tax: { type: Number, default: 0, },
+  subtotal: { type: Number, required: true, },
   image: String,
   sku: String,
-  attributes: {
-    type: Map,
-    of: String, // For size, color, etc.
-  },
+  attributes: { type: Map, of: String, },
 });
 
 const orderSchema = new mongoose.Schema(
   {
-    orderNumber: {
-      type: String,
-      unique: true,
-      required: true,
-    },
-    userId: {
-      type: mongoose.Schema.Types.ObjectId,
-      ref: "User",
-      required: true,
-      index: true,
-    },
-    // Order Items
+    orderNumber: { type: String, unique: true, required: true, },
+    userId: { type: mongoose.Schema.Types.ObjectId, ref: "User", required: true, index: true, },
     items: [orderItemSchema],
-    
-    // Pricing
-    subtotal: {
-      type: Number,
-      required: true,
-    },
-    discount: {
-      type: Number,
-      default: 0,
-    },
-    tax: {
-      type: Number,
-      default: 0,
-    },
-    shippingCost: {
-      type: Number,
-      default: 0,
-    },
-    total: {
-      type: Number,
-      required: true,
-    },
-    currency: {
-      type: String,
-      default: "INR",
-      enum: ["INR", "USD", "EUR", "GBP"],
-    },
-    
-    // Payment Information
-    paymentMethod: {
-      type: String,
-      enum: ["razorpay", "paypal", "card", "upi", "netbanking", "cod"],
-      required: true,
-    },
+    subtotal: {  type: Number, required: true },
+    discount: { type: Number, default: 0, },
+    tax: { type: Number, default: 0, },
+    shippingCost: { type: Number, default: 0, },
+    total: { type: Number, required: true, },
+    currency: { type: String,  default: "INR", enum: ["INR", "USD", "EUR", "GBP"], },
+    paymentMethod: { type: String, enum: ["razorpay", "paypal", "card", "upi", "netbanking", "cod"], required: true, },
     paymentStatus: {
       type: String,
       enum: ["pending", "processing", "completed", "failed", "refunded", "partially_refunded"],
@@ -112,8 +49,6 @@ const orderSchema = new mongoose.Schema(
       },
       paidAt: Date,
     },
-    
-    // Order Status
     orderStatus: {
       type: String,
       enum: [
@@ -130,62 +65,12 @@ const orderSchema = new mongoose.Schema(
       default: "pending",
       index: true,
     },
-    
-    // Shipping Information
-    shippingAddress: {
-      name: {
-        type: String,
-        required: true,
-      },
-      phone: {
-        type: String,
-        required: true,
-      },
-      email: String,
-      line1: {
-        type: String,
-        required: true,
-      },
-      line2: String,
-      city: {
-        type: String,
-        required: true,
-      },
-      state: {
-        type: String,
-        required: true,
-      },
-      postalCode: {
-        type: String,
-        required: true,
-      },
-      country: {
-        type: String,
-        required: true,
-        default: "IN",
-      },
-      landmark: String,
-    },
-    
-    billingAddress: {
-      name: String,
-      phone: String,
-      email: String,
-      line1: String,
-      line2: String,
-      city: String,
-      state: String,
-      postalCode: String,
-      country: String,
-    },
-    
-    // Shipping Details
+    shippingAddress: { type: mongoose.Schema.Types.ObjectId, ref: "Address", required: true, },
+    billingAddress: { type: mongoose.Schema.Types.ObjectId, ref: "Address", required: true, },
     shippingProvider: String,
     trackingNumber: String,
     estimatedDeliveryDate: Date,
     actualDeliveryDate: Date,
-    
-    // Status History
     statusHistory: [
       {
         status: String,
@@ -200,30 +85,21 @@ const orderSchema = new mongoose.Schema(
         },
       },
     ],
-    
-    // Discount/Coupon
     couponCode: String,
     couponDiscount: {
       type: Number,
       default: 0,
     },
-    
-    // Notes
     customerNote: String,
     internalNote: String,
-    
-    // Cancellation/Return
     cancellationReason: String,
     cancelledAt: Date,
     cancelledBy: {
       type: mongoose.Schema.Types.ObjectId,
       ref: "User",
     },
-    
     returnReason: String,
     returnedAt: Date,
-    
-    // Refund Information
     refundAmount: Number,
     refundStatus: {
       type: String,
@@ -232,8 +108,6 @@ const orderSchema = new mongoose.Schema(
     },
     refundedAt: Date,
     refundTransactionId: String,
-    
-    // Metadata
     metadata: {
       type: Map,
       of: mongoose.Schema.Types.Mixed,
@@ -252,6 +126,8 @@ orderSchema.index({ paymentStatus: 1 });
 orderSchema.index({ "paymentDetails.razorpayOrderId": 1 });
 orderSchema.index({ "paymentDetails.paypalOrderId": 1 });
 orderSchema.index({ trackingNumber: 1 });
+orderSchema.index({ shippingAddress: 1 });
+orderSchema.index({ billingAddress: 1 });
 
 // Pre-save middleware to generate order number
 orderSchema.pre("save", async function (next) {
@@ -288,7 +164,9 @@ orderSchema.statics.getUserOrders = async function (userId, options = {}) {
     .limit(limit)
     .skip(skip)
     .populate("items.productId", "name images")
-    .populate("paymentDetails.paymentMethodId");
+    .populate("paymentDetails.paymentMethodId")
+    .populate("shippingAddress")
+    .populate("billingAddress");
 };
 
 // Static method to get order statistics

package/models/payment.js

@@ -3,87 +3,28 @@ const crypto = require("crypto");
 
 const paymentMethodSchema = new mongoose.Schema(
   {
-    userId: {
-      type: mongoose.Schema.Types.ObjectId,
-      ref: "User",
-      required: true,
-      index: true,
-    },
-    paymentType: {
-      type: String,
-      enum: ["razorpay", "paypal", "card", "upi", "netbanking"],
-      required: true,
-    },
-    paymentToken: {
-      type: String,
-      required: true,
-      // This stores the tokenized payment method from the payment gateway
-    },
-    isDefault: {
-      type: Boolean,
-      default: false,
-    },
-    isActive: {
-      type: Boolean,
-      default: true,
-    },
-    // Card/Payment details (only non-sensitive info for display)
+    userId: { type: mongoose.Schema.Types.ObjectId. ref: "User", required: true, index: true, },
+    paymentType: {  type: String, enum: ["razorpay", "paypal", "card", "upi", "netbanking", "stripe"], required: true, },
+    paymentToken: { type: String, required: true, },
+    isDefault: { type: Boolean, default: false, },
+    isActive: { type: Boolean,  default: true, },
     cardDetails: {
-      last4: {
-        type: String,
-        maxlength: 4,
-      },
-      brand: {
-        type: String, // Visa, Mastercard, Amex, etc.
-      },
-      expiryMonth: {
-        type: String,
-        maxlength: 2,
-      },
-      expiryYear: {
-        type: String,
-        maxlength: 4,
-      },
-      cardholderName: {
-        type: String,
-      },
-      fingerprint: {
-        type: String, // Unique identifier for the card
-      },
+      last4: { type: String, maxlength: 4, },
+      brand: { type: String, },
+      expiryMonth: { type: String, maxlength: 2, },
+      expiryYear: { type: String, maxlength: 4, },
+      cardholderName: { type: String, },
+      fingerprint: { type: String,} 
     },
-    // PayPal details
-    paypalDetails: {
-      email: {
-        type: String,
-      },
-      payerId: {
-        type: String,
-      },
+    paypalDetails: { 
+      email: { type: String, },
+      payerId: { type: String, },
     },
-    // UPI details
     upiDetails: {
-      vpa: {
-        type: String, // Virtual Payment Address (e.g., user@paytm)
-      },
-    },
-    // Billing address
-    billingAddress: {
-      name: String,
-      line1: String,
-      line2: String,
-      city: String,
-      state: String,
-      postalCode: String,
-      country: {
-        type: String,
-        default: "IN",
-      },
-    },
-    // Metadata for additional information
-    metadata: {
-      type: Map,
-      of: String,
+      vpa: { type: String, },
     },
+    billingAddress: { type: mongoose.Schema.Types.ObjectId, ref: "Address", required: true, index: true, },
+    metadata: { type: Map,  of: String, },
   },
   {
     timestamps: true,

package/models/user.js

@@ -1,70 +1,135 @@
-const mongoose = require("mongoose");
-const bcrypt = require("bcrypt");
-const crypto = require("crypto");
+const mongoose = require('mongoose');
+const bcrypt = require('bcrypt');
 
 const userSchema = new mongoose.Schema({
-    name: { type: String, required: true },
-    firstname: { type: String, required: true },
-    lastname: { type: String, required: false },
-    displayname: { type: String, required: false },
-    email: { type: String, required: true, unique: true },
-    username: { type: String, required: false, unique: false },
-    mobile: { type: String, required: false, unique: true },
-    password: { type: String, required: true },
-    avatar: { type: Object, required: false, default: {
+  email: { type: String, required: true, unique: true, lowercase: true, trim: true,
+    match: [/^\S+@\S+\.\S+$/, 'Please enter a valid email']
+  },
+  password: { type: String, required: true, minlength: 8, select: false },
+  firstName: { type: String, required: true, trim: true },
+  lastName: { type: String, required: true, trim: true },
+  displayName: { type: String, trim: true },
+  avatar: { type: Object, required: false, default: {
       public_id: '',
-      secure_url: ''
-    }},
-    role: { type: String, default: "customer" },
-    isBlocked: { type: Boolean, default: false },
-    address: { type: String },
-    shipping: { type: String },
-    wishlist: [{ type: mongoose.Schema.Types.ObjectId, ref: "Product" }],
-    refreshToken: { type: String },
-      passwordChangedAt: Date,
-      passwordResetToken: String,
-      passwordResetExpires: Date
+      secure_url: '',
+    }, trim: true
+  },
+  bio: { type: String, maxlength: 500 },
+  dateOfBirth: Date,
+  mobile: { type: String, trim: true, unique: false, required: false },
+  role: { type: String, 
+    enum: ['user', 'admin', 'moderator'], default: 'user' },
+  status: { type: String, 
+    enum: ['active', 'inactive', 'suspended', 'deleted'], default: 'active' },
+  emailVerified: { type: Boolean, default: false },
+  emailVerificationToken: String,
+  emailVerificationExpires: Date,
+  passwordResetToken: String,
+  passwordResetExpires: Date,
+  twoFactorSecret: { type: String, select: false},
+  twoFactorEnabled: { type: Boolean, default: false },
+  preferences: {
+    language: { type: String, default: 'en' },
+    timezone: { type: String, default: 'UTC' },
+    notifications: {
+      email: { type: Boolean, default: true },
+      push: { type: Boolean, default: true },
+      sms: { type: Boolean, default: false }
     },
-  { timestamps: true }
-);
+    theme: { type: String, enum: ['light', 'dark', 'auto'], default: 'auto' }
+  },
+  socialAccounts: [{
+    provider: { type: String,
+      enum: ['google', 'facebook', 'github', 'apple']},
+    providerId: String,
+    email: String,
+    connectedAt: {
+      type: Date,
+      default: Date.now
+    }
+  }],
+  lastLoginAt: Date,
+  lastLoginIP: String,
+  loginAttempts: { type: Number, default: 0 },
+  lockUntil: Date
+}, {
+  timestamps: true
+});
+
+// Indexes
+userSchema.index({ email: 1 });
+userSchema.index({ 'profile.firstName': 1, 'profile.lastName': 1 });
+userSchema.index({ createdAt: 1 });
+userSchema.index({ status: 1, role: 1 });
+
+// Virtual for full name
+userSchema.virtual('profile.fullName').get(function() {
+  return `${this.profile.firstName} ${this.profile.lastName}`;
+});
 
-// Hooks
-userSchema.pre("save", async function (next) {
-  if (!this.isModified("password")) {
+// Hash password before saving
+userSchema.pre('save', async function(next) {
+  if (!this.isModified('password')) return next();
+  
+  try {
+    const salt = await bcrypt.genSalt(12);
+    this.password = await bcrypt.hash(this.password, salt);
     next();
+  } catch (error) {
+    next(error);
   }
-  const salt = await bcrypt.genSaltSync(10);
-  this.password = await bcrypt.hash(this.password, salt);
-  next();
 });
 
-// Methods
-userSchema.methods.compare = async function (entered) {
-  return await bcrypt.compare(entered, this.password);
+// Method to compare passwords
+userSchema.methods.comparePassword = async function(candidatePassword) {
+  return await bcrypt.compare(candidatePassword, this.password);
 };
 
-userSchema.methods.token = async function () {
-  const resettoken = crypto.randomBytes(32).toString("hex");
-
-  this.passwordResetToken = crypto.createHash("sha256").update(resettoken).digest("hex");
-  this.passwordResetExpires = Date.now() + 30 * 60 * 1000;
-
-  return resettoken;
+// Method to check if account is locked
+userSchema.methods.isLocked = function() {
+  return !!(this.lockUntil && this.lockUntil > Date.now());
 };
 
-//Statics
-userSchema.statics.countUsers = function () {
-  return this.countDocuments({});
+// Method to increment login attempts
+userSchema.methods.incLoginAttempts = async function() {
+  if (this.lockUntil && this.lockUntil < Date.now()) {
+    return await this.updateOne({
+      $set: { loginAttempts: 1 },
+      $unset: { lockUntil: 1 }
+    });
+  }
+  
+  const updates = { $inc: { loginAttempts: 1 } };
+  const maxAttempts = 5;
+  const lockTime = 2 * 60 * 60 * 1000; // 2 hours
+  
+  if (this.loginAttempts + 1 >= maxAttempts && !this.isLocked()) {
+    updates.$set = { lockUntil: Date.now() + lockTime };
+  }
+  
+  return await this.updateOne(updates);
 };
 
-userSchema.statics.findByEmail = async function (email) {
-return await this.findOne({ email });
+// Method to reset login attempts
+userSchema.methods.resetLoginAttempts = async function() {
+  return await this.updateOne({
+    $set: { loginAttempts: 0 },
+    $unset: { lockUntil: 1 }
+  });
 };
 
-// Query
-userSchema.query.paginate = function ({ page, limit }) {
-  const skip = limit * (page - 1);
-  return this.skip(skip).limit(limit);
+// Remove sensitive data from JSON output
+userSchema.methods.toJSON = function() {
+  const obj = this.toObject();
+  delete obj.password;
+  delete obj.twoFactorSecret;
+  delete obj.emailVerificationToken;
+  delete obj.emailVerificationExpires;
+  delete obj.passwordResetToken;
+  delete obj.passwordResetExpires;
+  delete obj.loginAttempts;
+  delete obj.lockUntil;
+  return obj;
 };
 
-module.exports = mongoose.model("User", userSchema);
+module.exports = mongoose.model('User', userSchema);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@feardread/fear",
-  "version": "1.1.5",
+  "version": "1.1.6",
   "description": "",
   "main": "index.js",
   "scripts": {

package/routes/address.js

@@ -0,0 +1,15 @@
+const Address = require('../controllers/address');
+
+module.exports = ( fear ) => {
+      const router = fear.createRouter();
+      const handler = fear.getHandler();
+
+      router.get("/all", handler.async(Address.all));
+      router.post("/new", handler.async(Address.create));
+      router.route("/:id")
+            .get(handler.async(Address.read))
+            .put(handler.async(Address.update))
+            .delete(handler.async(Address.delete));
+
+      return router;
+}

package/routes/order.js

@@ -5,8 +5,10 @@ module.exports = ( fear ) => {
         const handler = fear.getHandler();
         const validator = fear.getValidator();
 
-        router.get("/all", Order.list);
-        router.post("/new", Order.create);
+        router.get("/all", handler.async(Order.list));
+        router.post("/new", handler.async(Order.create));
+        router.post("/create", handler.async(Order.create));
+
         router.route('/:id')
                 .get(Order.read)
                 .put(Order.update);

package/routes/payment.js

@@ -5,9 +5,9 @@ module.exports = (fear) => {
     const handler = fear.getHandler();
     const validator = fear.getValidator();
 
-    router.get("/all", Payment.list);
-    router.post("/new", Payment.create);
-    router.post("/:params", Payment.create);
+    router.get("/all", handler.async(Payment.list));
+    router.post("/new", handler.async(Payment.create));
+    router.post("/create", handler.async(Payment.create));
     
     router.route('/:id')
         .get(Payment.read)