npm - alpe-temp - Versions diffs - 1.0.2 → 1.0.3 - Mend

alpe-temp 1.0.2 → 1.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (60) hide show

package/backend-project/package-lock.json CHANGED Viewed

@@ -9,10 +9,12 @@
       "version": "1.0.0",
       "dependencies": {
         "bcryptjs": "^2.4.3",
+        "connect-mongo": "^6.0.0",
         "cors": "^2.8.5",
         "dotenv": "^16.4.5",
         "exceljs": "^4.4.0",
         "express": "^4.19.2",
+        "express-session": "^1.19.0",
         "helmet": "^7.1.0",
         "jsonwebtoken": "^9.0.2",
         "mongoose": "^8.5.0",
@@ -183,6 +185,18 @@
       "integrity": "sha512-PCVAQswWemu6UdxsDFFX/+gVeYqKAod3D3UVm91jHwynguOwAvYPhx8nNlM++NqRcK6CxxpUafjmhIdKiHibqg==",
       "license": "MIT"
     },
+    "node_modules/asn1.js": {
+      "version": "5.4.1",
+      "resolved": "https://registry.npmjs.org/asn1.js/-/asn1.js-5.4.1.tgz",
+      "integrity": "sha512-+I//4cYPccV8LdmBLiX8CYvf9Sp3vQsrqu2QNXRcrbiWvcx/UdlFiqUJJzxRQxgsZmvhXhn4cSKeSmoFjVdupA==",
+      "license": "MIT",
+      "dependencies": {
+        "bn.js": "^4.0.0",
+        "inherits": "^2.0.1",
+        "minimalistic-assert": "^1.0.0",
+        "safer-buffer": "^2.1.0"
+      }
+    },
     "node_modules/async": {
       "version": "3.2.6",
       "resolved": "https://registry.npmjs.org/async/-/async-3.2.6.tgz",
@@ -273,6 +287,12 @@
       "integrity": "sha512-iD3898SR7sWVRHbiQv+sHUtHnMvC1o3nW5rAcqnq3uOn07DSAppZYUkIGslDz6gXC7HfunPe7YVBgoEJASPcHA==",
       "license": "MIT"
     },
+    "node_modules/bn.js": {
+      "version": "4.12.3",
+      "resolved": "https://registry.npmjs.org/bn.js/-/bn.js-4.12.3.tgz",
+      "integrity": "sha512-fGTi3gxV/23FTYdAoUtLYp6qySe2KE3teyZitipKNRuVYcBkoP/bB3guXN/XVKUe9mxCHXnc9C4ocyz8OmgN0g==",
+      "license": "MIT"
+    },
     "node_modules/body-parser": {
       "version": "1.20.5",
       "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.5.tgz",
@@ -481,6 +501,46 @@
       "integrity": "sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg==",
       "license": "MIT"
     },
+    "node_modules/connect-mongo": {
+      "version": "6.0.0",
+      "resolved": "https://registry.npmjs.org/connect-mongo/-/connect-mongo-6.0.0.tgz",
+      "integrity": "sha512-mHxfnTiWk7ZtxmHdcrFBKlr7fCtgGoFpx/oe9jFW0yb2NinagsxEeuol78nUWMpnWyYK0nnuXMlU9wrgUjTE6g==",
+      "license": "MIT",
+      "dependencies": {
+        "debug": "^4.4.3",
+        "kruptein": "3.0.8"
+      },
+      "engines": {
+        "node": ">=20.8.0"
+      },
+      "peerDependencies": {
+        "express-session": "^1.17.1",
+        "mongodb": ">=5.0.0"
+      }
+    },
+    "node_modules/connect-mongo/node_modules/debug": {
+      "version": "4.4.3",
+      "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.3.tgz",
+      "integrity": "sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA==",
+      "license": "MIT",
+      "dependencies": {
+        "ms": "^2.1.3"
+      },
+      "engines": {
+        "node": ">=6.0"
+      },
+      "peerDependenciesMeta": {
+        "supports-color": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/connect-mongo/node_modules/ms": {
+      "version": "2.1.3",
+      "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
+      "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==",
+      "license": "MIT"
+    },
     "node_modules/content-disposition": {
       "version": "0.5.4",
       "resolved": "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.4.tgz",
@@ -818,6 +878,29 @@
         "url": "https://opencollective.com/express"
       }
     },
+    "node_modules/express-session": {
+      "version": "1.19.0",
+      "resolved": "https://registry.npmjs.org/express-session/-/express-session-1.19.0.tgz",
+      "integrity": "sha512-0csaMkGq+vaiZTmSMMGkfdCOabYv192VbytFypcvI0MANrp+4i/7yEkJ0sbAEhycQjntaKGzYfjfXQyVb7BHMA==",
+      "license": "MIT",
+      "dependencies": {
+        "cookie": "~0.7.2",
+        "cookie-signature": "~1.0.7",
+        "debug": "~2.6.9",
+        "depd": "~2.0.0",
+        "on-headers": "~1.1.0",
+        "parseurl": "~1.3.3",
+        "safe-buffer": "~5.2.1",
+        "uid-safe": "~2.1.5"
+      },
+      "engines": {
+        "node": ">= 0.8.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/express"
+      }
+    },
     "node_modules/fast-csv": {
       "version": "4.3.6",
       "resolved": "https://registry.npmjs.org/fast-csv/-/fast-csv-4.3.6.tgz",
@@ -1307,6 +1390,18 @@
         "node": ">=12.0.0"
       }
     },
+    "node_modules/kruptein": {
+      "version": "3.0.8",
+      "resolved": "https://registry.npmjs.org/kruptein/-/kruptein-3.0.8.tgz",
+      "integrity": "sha512-0CyalFA0Cjp3jnziMp0u1uLZW2/ouhQ0mEMfYlroBXNe86na1RwAuwBcdRAegeWZNMfQy/G5fN47g/Axjtqrfw==",
+      "license": "MIT",
+      "dependencies": {
+        "asn1.js": "^5.4.1"
+      },
+      "engines": {
+        "node": ">8"
+      }
+    },
     "node_modules/lazystream": {
       "version": "1.0.1",
       "resolved": "https://registry.npmjs.org/lazystream/-/lazystream-1.0.1.tgz",
@@ -1548,6 +1643,12 @@
         "node": ">= 0.6"
       }
     },
+    "node_modules/minimalistic-assert": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/minimalistic-assert/-/minimalistic-assert-1.0.1.tgz",
+      "integrity": "sha512-UtJcAD4yEaGtjPezWuO9wC4nwUnVH/8/Im3yEHQP4b67cXlD/Qr9hdITCU1xDbSEXg2XKNaP8jsReV7vQd00/A==",
+      "license": "ISC"
+    },
     "node_modules/minimatch": {
       "version": "3.1.5",
       "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
@@ -1859,6 +1960,15 @@
         "node": ">= 0.8"
       }
     },
+    "node_modules/on-headers": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/on-headers/-/on-headers-1.1.0.tgz",
+      "integrity": "sha512-737ZY3yNnXy37FHkQxPzt4UZ2UWPWiCZWLvFZ4fu5cueciegX0zGPnrlY6bwRg4FdQOe9YU8MkmJwGhoMybl8A==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
     "node_modules/once": {
       "version": "1.4.0",
       "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz",
@@ -1961,6 +2071,15 @@
         "url": "https://github.com/sponsors/ljharb"
       }
     },
+    "node_modules/random-bytes": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/random-bytes/-/random-bytes-1.0.0.tgz",
+      "integrity": "sha512-iv7LhNVO047HzYR3InF6pUcUsPQiHTM1Qal51DcGSuZFBil1aBBWG5eHPNek7bvILMaYJ/8RU1e8w1AMdHmLQQ==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
     "node_modules/range-parser": {
       "version": "1.2.1",
       "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz",
@@ -2384,6 +2503,18 @@
         "node": ">= 0.6"
       }
     },
+    "node_modules/uid-safe": {
+      "version": "2.1.5",
+      "resolved": "https://registry.npmjs.org/uid-safe/-/uid-safe-2.1.5.tgz",
+      "integrity": "sha512-KPHm4VL5dDXKz01UuEd88Df+KzynaohSL9fBh096KWAxSKZQDI2uBrVqtvRM4rwrIrRRKsdLNML/lnaaVSRioA==",
+      "license": "MIT",
+      "dependencies": {
+        "random-bytes": "~1.0.0"
+      },
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
     "node_modules/undefsafe": {
       "version": "2.0.5",
       "resolved": "https://registry.npmjs.org/undefsafe/-/undefsafe-2.0.5.tgz",

package/backend-project/package.json CHANGED Viewed

@@ -10,13 +10,15 @@
   },
   "dependencies": {
     "bcryptjs": "^2.4.3",
+    "connect-mongo": "^6.0.0",
     "cors": "^2.8.5",
     "dotenv": "^16.4.5",
     "exceljs": "^4.4.0",
     "express": "^4.19.2",
-    "mongoose": "^8.5.0",
+    "express-session": "^1.19.0",
     "helmet": "^7.1.0",
     "jsonwebtoken": "^9.0.2",
+    "mongoose": "^8.5.0",
     "uuid": "^10.0.0"
   },
   "devDependencies": {

package/backend-project/src/app.js CHANGED Viewed

@@ -1,39 +1,37 @@
-// ═══════════════════════════════════════════════════════════════════════════
-//  🚀  APP  —  Express application setup
-// ═══════════════════════════════════════════════════════════════════════════
-//
-//  WHAT THIS FILE DOES:
-//    - Creates the Express app
-//    - Adds middleware (security, CORS, JSON parsing)
-//    - Registers all API module routes
-//    - Exports the app for server.js to use
-//
-//  HOW TO ADD A NEW MODULE:
-//    1. Add its routes to src/config/app.config.js (registeredRoutes array)
-//    2. Add a use() line below (see the PATTERN section)
-//    3. Done! Your new API is live.
-//
-// ═══════════════════════════════════════════════════════════════════════════
 const express = require('express');
-const path    = require('path');
-const helmet  = require('helmet');
-const cors    = require('cors');
-const db      = require('./config/db');
-const cfg     = require('./config/app.config');
+const path = require('path');
+const helmet = require('helmet');
+const cors = require('cors');
+const session = require('express-session');
+const { MongoStore } = require('connect-mongo');
+const db = require('./config/db');
+const cfg = require('./config/app.config');
+const env = require('./config/env');
 const { errorHandler, notFoundHandler } = require('./middleware/error.middleware');
 const app = express();
-// ─── GLOBAL MIDDLEWARE (applied to every request) ────────────────────────────
-app.use(helmet());                    // security headers
-app.use(cors());                      // allow cross-origin requests
-app.use(express.json({ limit: '10mb' }));  // parse JSON bodies
+app.use(helmet({ contentSecurityPolicy: false }));
+app.use(cors({
+  origin: process.env.NODE_ENV === 'production' ? false : 'http://localhost:5173',
+  credentials: true,
+}));
+app.use(express.json({ limit: '10mb' }));
 app.use(express.urlencoded({ extended: true }));
-// ─── HEALTH CHECK ────────────────────────────────────────────────────────────
-//  Every scenario needs a health endpoint for deployment monitoring.
+app.use(session({
+  secret: env.SESSION_SECRET,
+  resave: false,
+  saveUninitialized: false,
+  store: MongoStore.create({ mongoUrl: env.MONGODB_URI, collectionName: 'sessions' }),
+  cookie: {
+    httpOnly: true,
+    secure: false,
+    sameSite: 'lax',
+    maxAge: 24 * 60 * 60 * 1000,
+  },
+}));
 app.get('/health', (_req, res) =>
   res.json({
     status: 'ok',
@@ -42,28 +40,12 @@ app.get('/health', (_req, res) =>
   })
 );
-// ╔═══════════════════════════════════════════════════════════════════════════╗
-// ║  📌  PATTERN: Register a new module                                    ║
-// ║                                                                         ║
-// ║  Step 1. In app.config.js, add to registeredRoutes:                     ║
-// ║    { name: 'products', routes: require('./modules/product/product.routes') } ║
-// ║                                                                         ║
-// ║  Step 2. Add one line below:                                           ║
-// ║    app.use('/api/products', require('./modules/product/product.routes'));    ║
-// ╚═══════════════════════════════════════════════════════════════════════════╝
-// ─── MODULE ROUTES ───────────────────────────────────────────────────────────
-//  Each line starts a new API group under /api/...
-//  The route file inside each module handles its own sub-routes.
-//
-app.use('/api/auth',        require('./modules/auth/auth.routes'));
-app.use('/api/excel',       require('./modules/excel/excel.routes'));
-app.use('/api/employees',   require('./modules/employee/employee.routes'));
+app.use('/api/auth', require('./modules/auth/auth.routes'));
+app.use('/api/employees', require('./modules/employee/employee.routes'));
 app.use('/api/departments', require('./modules/department/department.routes'));
-app.use('/api/salaries',    require('./modules/salary/salary.routes'));
-app.use('/api/reports',     require('./modules/reports/reports.routes'));
+app.use('/api/positions', require('./modules/position/position.routes'));
+app.use('/api/reports', require('./modules/reports/reports.routes'));
-// ─── FRONTEND SPA (serves built React app) ────────────────────────────────────
 const distPath = path.join(__dirname, '..', '..', 'frontend-project', 'dist');
 app.use(express.static(distPath));
@@ -72,13 +54,9 @@ app.get('*', (req, res, next) => {
   res.sendFile(path.join(distPath, 'index.html'));
 });
-// ─── ERROR HANDLING (must be last) ───────────────────────────────────────────
-//  These catch any errors from routes above.
-app.use(notFoundHandler);   // handles 404 - route not found
-app.use(errorHandler);      // handles 500 - server errors
+app.use(notFoundHandler);
+app.use(errorHandler);
-// ─── DATABASE CONNECTION ─────────────────────────────────────────────────────
-//  Called by server.js (not here) so the app is testable without a DB.
 app.connectDB = () => db.connect();
 module.exports = app;

package/backend-project/src/config/app.config.js CHANGED Viewed

@@ -1,72 +1,24 @@
-// ═══════════════════════════════════════════════════════════════════════════
-//  ⚙️  APP CONFIG  —  One place to control the whole backend
-// ═══════════════════════════════════════════════════════════════════════════
-//
-//  WHAT THIS FILE DOES:
-//    - Loads environment variables from .env (via env.js)
-//    - Lists every registered module (so you can add/remove features)
-//    - Exports everything in one easy-to-find object
-//
-//  HOW TO ADD A NEW FEATURE (e.g. "Products"):
-//    1. Create folder:  src/modules/product/
-//    2. Copy files from src/modules/_example/  (rename to product.*)
-//    3. Import routes below in this file (see REGISTERED MODULES)
-//    4. Add route line in app.js (see instructions there)
-//
-// ═══════════════════════════════════════════════════════════════════════════
 const env = require('./env');
-// ─── SERVER SETTINGS ─────────────────────────────────────────────────────────
 const server = {
   PORT: env.PORT,
   NODE_ENV: env.NODE_ENV,
 };
-// ─── DATABASE ────────────────────────────────────────────────────────────────
 const database = {
   URI: env.MONGODB_URI,
 };
-// ─── JWT AUTHENTICATION ──────────────────────────────────────────────────────
-const jwt = {
-  SECRET: env.JWT_SECRET,
-  EXPIRES_IN: env.JWT_EXPIRES_IN,
-  REFRESH_SECRET: env.JWT_REFRESH_SECRET,
-  REFRESH_EXPIRES_IN: env.JWT_REFRESH_EXPIRES_IN,
-};
-// ─── BCRYPT ──────────────────────────────────────────────────────────────────
-const bcrypt = {
-  ROUNDS: env.BCRYPT_ROUNDS,
-};
-// ─── REGISTERED MODULES ──────────────────────────────────────────────────────
-//  🔵  To ADD a new module:
-//       1. Import its routes:  const productRoutes = require('../modules/product/product.routes');
-//       2. Add to the list:    { name: 'products', routes: productRoutes }
-//
-//  🔴  To REMOVE a module:
-//       Just delete its line from this array (and the import above).
-//
-//  Every module in this list automatically gets:
-//    - Route registration in app.js
-//    - Listed in the /health endpoint for debugging
-//
 const registeredRoutes = [
   { name: 'auth',        routes: require('../modules/auth/auth.routes') },
   { name: 'employees',   routes: require('../modules/employee/employee.routes') },
   { name: 'departments', routes: require('../modules/department/department.routes') },
-  { name: 'salaries',    routes: require('../modules/salary/salary.routes') },
+  { name: 'positions',   routes: require('../modules/position/position.routes') },
   { name: 'reports',     routes: require('../modules/reports/reports.routes') },
-  { name: 'excel',       routes: require('../modules/excel/excel.routes') },
 ];
-// ─── EXPORT EVERYTHING ───────────────────────────────────────────────────────
 module.exports = {
   server,
   database,
-  jwt,
-  bcrypt,
   registeredRoutes,
 };

package/backend-project/src/config/env.js CHANGED Viewed

@@ -3,17 +3,9 @@ require('dotenv').config();
 const env = {
   PORT: process.env.PORT || 3000,
   NODE_ENV: process.env.NODE_ENV || 'development',
-  MONGODB_URI: process.env.MONGODB_URI || 'mongodb://127.0.0.1:27017/auth_db',
-  JWT_SECRET: process.env.JWT_SECRET || 'change-this-secret-in-production',
-  JWT_EXPIRES_IN: process.env.JWT_EXPIRES_IN || '7d',
-  JWT_REFRESH_SECRET: process.env.JWT_REFRESH_SECRET || 'change-this-refresh-secret',
-  JWT_REFRESH_EXPIRES_IN: process.env.JWT_REFRESH_EXPIRES_IN || '30d',
+  MONGODB_URI: process.env.MONGODB_URI || 'mongodb://127.0.0.1:27017/HRMS',
+  SESSION_SECRET: process.env.SESSION_SECRET || 'hrms-session-secret-change-in-production',
   BCRYPT_ROUNDS: parseInt(process.env.BCRYPT_ROUNDS || '12', 10),
-  EXCEL_OUTPUT_DIR: process.env.EXCEL_OUTPUT_DIR || './exports',
 };
 module.exports = env;

package/backend-project/src/middleware/auth.middleware.js CHANGED Viewed

@@ -1,33 +1,10 @@
-const { verifyAccessToken } = require('../utils/token');
 const res_ = require('../utils/response');
-/**
- * authenticate — verifies the Bearer token and attaches `req.user`.
- */
 const authenticate = (req, res, next) => {
-  const header = req.headers.authorization || '';
-  const token = header.startsWith('Bearer ') ? header.slice(7) : null;
-  if (!token) return res_.unauthorized(res, 'No token provided');
-  try {
-    req.user = verifyAccessToken(token);
-    return next();
-  } catch (err) {
-    const message = err.name === 'TokenExpiredError' ? 'Token expired' : 'Invalid token';
-    return res_.unauthorized(res, message);
-  }
-};
-/**
- * authorize — gates a route to specific roles.
- * Usage: router.delete('/admin', authenticate, authorize('admin'), handler)
- */
-const authorize = (...roles) => (req, res, next) => {
-  if (!roles.includes(req.user?.role)) {
-    return res_.forbidden(res, 'Insufficient permissions');
+  if (!req.session || !req.session.userId) {
+    return res_.unauthorized(res, 'Please log in first');
   }
   return next();
 };
-module.exports = { authenticate, authorize };
+module.exports = { authenticate };

package/backend-project/src/modules/auth/auth.controller.js CHANGED Viewed

@@ -2,10 +2,10 @@ const AuthService = require('./auth.service');
 const res_ = require('../../utils/response');
 const AuthController = {
-  async signup(req, res) {
+  async register(req, res) {
     try {
-      const result = await AuthService.signup(req.body);
-      return res_.created(res, result, 'Account created successfully');
+      const user = await AuthService.createUser(req.body);
+      return res_.created(res, user, 'User account created');
     } catch (err) {
       return res_.error(res, err.message, err.statusCode || 500);
     }
@@ -13,17 +13,10 @@ const AuthController = {
   async login(req, res) {
     try {
-      const result = await AuthService.login(req.body);
-      return res_.success(res, result, 'Login successful');
-    } catch (err) {
-      return res_.error(res, err.message, err.statusCode || 500);
-    }
-  },
-  async refresh(req, res) {
-    try {
-      const result = await AuthService.refresh(req.body.refreshToken);
-      return res_.success(res, result, 'Tokens refreshed');
+      const user = await AuthService.login(req.body);
+      req.session.userId = user.id;
+      req.session.userName = user.userName;
+      return res_.success(res, { user }, 'Login successful');
     } catch (err) {
       return res_.error(res, err.message, err.statusCode || 500);
     }
@@ -31,16 +24,19 @@ const AuthController = {
   async me(req, res) {
     try {
-      const user = await AuthService.me(req.user.id);
-      return res_.success(res, user);
+      const user = await AuthService.me(req.session.userId);
+      return res_.success(res, { user });
     } catch (err) {
       return res_.error(res, err.message, err.statusCode || 500);
     }
   },
-  logout(_req, res) {
-    // JWT logout is client-side. Add a token blocklist here for server-side invalidation.
-    return res_.success(res, null, 'Logged out successfully');
+  async logout(req, res) {
+    req.session.destroy((err) => {
+      if (err) return res_.error(res, 'Logout failed', 500);
+      res.clearCookie('connect.sid');
+      return res_.success(res, null, 'Logged out successfully');
+    });
   },
 };

package/backend-project/src/modules/auth/auth.routes.js CHANGED Viewed

@@ -4,13 +4,9 @@ const { authenticate } = require('../../middleware/auth.middleware');
 const router = Router();
-// Public routes
-router.post('/signup',  AuthController.signup);
-router.post('/login',   AuthController.login);
-router.post('/refresh', AuthController.refresh);
-// Protected routes
-router.get('/me',      authenticate, AuthController.me);
-router.post('/logout', authenticate, AuthController.logout);
+router.post('/register', AuthController.register);
+router.post('/login',    AuthController.login);
+router.get('/me',        authenticate, AuthController.me);
+router.post('/logout',   authenticate, AuthController.logout);
 module.exports = router;

package/backend-project/src/modules/auth/auth.service.js CHANGED Viewed

@@ -1,7 +1,6 @@
 const bcrypt = require('bcryptjs');
 const User = require('./user.model');
 const env = require('../../config/env');
-const { generateTokens, verifyRefreshToken } = require('../../utils/token');
 const fail = (message, statusCode) => {
   const err = new Error(message);
@@ -10,45 +9,24 @@ const fail = (message, statusCode) => {
 };
 const AuthService = {
-  async signup({ name, email, password }) {
-    const existing = await User.findOne({ email: email.toLowerCase() });
-    if (existing) fail('Email is already registered', 409);
+  async createUser({ userName, password }) {
+    const existing = await User.findOne({ userName });
+    if (existing) fail('Username is already taken', 409);
     const hashed = await bcrypt.hash(password, env.BCRYPT_ROUNDS);
-    const user = await User.create({ name, email, password: hashed });
-    const tokens = generateTokens(user.toSafeObject());
-    return { user: user.toSafeObject(), ...tokens };
+    const user = await User.create({ userName, password: hashed });
+    return user.toSafeObject();
   },
-  async login({ email, password }) {
-    const user = await User.findOne({ email: email.toLowerCase() });
+  async login({ userName, password }) {
+    const user = await User.findOne({ userName }).populate('employee');
     if (!user) fail('Invalid credentials', 401);
     const valid = await bcrypt.compare(password, user.password);
     if (!valid) fail('Invalid credentials', 401);
-    const tokens = generateTokens(user.toSafeObject());
-    return { user: user.toSafeObject(), ...tokens };
-  },
-  async refresh(refreshToken) {
-    let payload;
-    try {
-      payload = verifyRefreshToken(refreshToken);
-    } catch {
-      fail('Invalid or expired refresh token', 401);
-    }
-    const user = await User.findById(payload.id);
-    if (!user) fail('User not found', 401);
-    const tokens = generateTokens(user.toSafeObject());
-    return { user: user.toSafeObject(), ...tokens };
+    return user.toSafeObject();
   },
   async me(userId) {
-    const user = await User.findById(userId);
+    const user = await User.findById(userId).populate('employee');
     if (!user) fail('User not found', 404);
     return user.toSafeObject();
   },