Paul R Kartchner
2d53b9e283
Some checks failed
CI Pipeline / Lint Code (push) Has been cancelled
CI Pipeline / Test API Package (push) Has been cancelled
CI Pipeline / Test Web Package (push) Has been cancelled
CI Pipeline / Test Shared Package (push) Has been cancelled
CI Pipeline / Build All Packages (push) Has been cancelled
CI Pipeline / Generate Coverage Report (push) Has been cancelled
Docker Build & Deploy / Build Docker Images (push) Has been cancelled
Docker Build & Deploy / Push Docker Images (push) Has been cancelled
Docker Build & Deploy / Deploy to Staging (push) Has been cancelled
Docker Build & Deploy / Deploy to Production (push) Has been cancelled
E2E Tests / End-to-End Tests (push) Has been cancelled
E2E Tests / E2E Tests (Mobile) (push) Has been cancelled
Security Scanning / NPM Audit (push) Has been cancelled
Security Scanning / Dependency License Check (push) Has been cancelled
Security Scanning / Code Quality Scan (push) Has been cancelled
Security Scanning / Docker Image Security (push) Has been cancelled
Security Scanning / Security Summary (push) Has been cancelled
Implement a complete authentication system with local email/password authentication, Google OAuth, JWT tokens, and role-based access control. Backend Features: - Database schema with User, RefreshToken, VerificationToken, RecipeShare models - Role-based access control (USER, ADMIN) - Recipe visibility controls (PRIVATE, SHARED, PUBLIC) - Email verification for local accounts - Password reset functionality - JWT access tokens (15min) and refresh tokens (7 days) - Passport.js strategies: Local, JWT, Google OAuth - bcrypt password hashing with 12 salt rounds - Password strength validation (min 8 chars, uppercase, lowercase, number) - Rate limiting on auth endpoints (5 attempts/15min) - Email service with styled HTML templates for verification and password reset API Endpoints: - POST /api/auth/register - Register with email/password - POST /api/auth/login - Login and get tokens - POST /api/auth/logout - Invalidate refresh token - POST /api/auth/refresh - Get new access token - GET /api/auth/verify-email/:token - Verify email address - POST /api/auth/resend-verification - Resend verification email - POST /api/auth/forgot-password - Request password reset - POST /api/auth/reset-password - Reset password with token - GET /api/auth/google - Initiate Google OAuth - GET /api/auth/google/callback - Google OAuth callback - GET /api/auth/me - Get current user info Security Middleware: - requireAuth - Protect routes requiring authentication - requireAdmin - Admin-only route protection - optionalAuth - Routes that work with or without auth - requireOwnership - Check resource ownership Admin Tools: - npm run create-admin - Interactive script to create admin users - verify-user-manual.ts - Helper script for testing Test Coverage: - 49 unit and integration tests (all passing) - Password utility tests (12 tests) - JWT utility tests (17 tests) - Auth middleware tests (12 tests) - Auth routes integration tests (8 tests) Dependencies Added: - passport, passport-local, passport-jwt, passport-google-oauth20 - bcrypt, jsonwebtoken - nodemailer - express-rate-limit, express-validator, cookie-parser Environment Variables Required: - JWT_SECRET, JWT_REFRESH_SECRET - JWT_EXPIRES_IN, JWT_REFRESH_EXPIRES_IN - GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET (optional) - SMTP configuration for email - APP_URL, API_URL 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>