backend/controllers/user.js

const crypto = require("crypto");
const db = require("../utils/database");
const { sendVerificationEmail } = require("../utils/helper");

exports.sendVerificationCode = async (req, res) => {
  const { email } = req.body;

  if (!email) {
    return res.status(400).json({ error: "Email is required" });
  }

  try {
    // Generate a random 6-digit code
    const verificationCode = crypto.randomInt(100000, 999999).toString();
    console.log(
      `Generated verification code for ${email}: ${verificationCode}`
    );

    // Check if email already exists in verification table
    db.execute(
      "SELECT * FROM AuthVerification WHERE Email = ?",
      [email],
      async (err, results) => {
        if (err) {
          console.error("Database error:", err);
          return res.status(500).json({ error: "Database error" });
        }

        if (results.length > 0) {
          // Update existing record
          db.execute(
            `UPDATE AuthVerification SET VerificationCode = ?, Authenticated = FALSE, Date = CURRENT_TIMESTAMP
            WHERE Email = ?`,
            [verificationCode, email],
            async (err) => {
              if (err) {
                console.error("Database error:", err);
                return res.status(500).json({ error: "Database error" });
              }

              // Send email and respond
              await sendVerificationEmail(email, verificationCode);
              res.json({ success: true, message: "Verification code sent" });
            }
          );
        } else {
          // Insert new record
          db.execute(
            "INSERT INTO AuthVerification (Email, VerificationCode, Authenticated) VALUES (?, ?, FALSE)",
            [email, verificationCode],
            async (err) => {
              if (err) {
                console.error("Database error:", err);
                return res.status(500).json({ error: "Database error" });
              }

              // Send email and respond
              await sendVerificationEmail(email, verificationCode);
              res.json({ success: true, message: "Verification code sent" });
            }
          );
        }
      }
    );
  } catch (error) {
    console.error("Error:", error);
    res.status(500).json({ error: "Server error" });
  }
};

exports.verifyCode = (req, res) => {
  const { email, code } = req.body;

  if (!email || !code) {
    return res.status(400).json({ error: "Email and code are required" });
  }

  console.log(`Attempting to verify code for ${email}: ${code}`);

  // Check verification code
  db.execute(
    "SELECT * FROM AuthVerification WHERE Email = ? AND VerificationCode = ? AND Authenticated = 0 AND Date > DATE_SUB(NOW(), INTERVAL 15 MINUTE)",
    [email, code],
    (err, results) => {
      if (err) {
        console.error("Database error:", err);
        return res.status(500).json({ error: "Database error" });
      }

      if (results.length === 0) {
        console.log(`Invalid or expired verification code for email ${email}`);
        return res
          .status(400)
          .json({ error: "Invalid or expired verification code" });
      }

      const userId = results[0].UserID;

      // Mark as authenticated
      db.execute(
        "UPDATE AuthVerification SET Authenticated = TRUE WHERE Email = ?",
        [email],
        (err) => {
          if (err) {
            console.error("Database error:", err);
            return res.status(500).json({ error: "Database error" });
          }

          console.log(`Email ${email} successfully verified`);

          res.json({
            success: true,
            message: "Verification successful",
            userId,
          });
        }
      );
    }
  );
};

exports.completeSignUp = (req, res) => {
  const data = req.body;

  db.execute(
    `SELECT * FROM AuthVerification WHERE Email = '${data.email}' AND Authenticated = 1;`,
    (err, results) => {
      if (err) {
        console.error("Database error:", err);
        return res.status(500).json({ error: "Database error" });
      }
      if (results.length === 0) {
        return res.status(400).json({ error: "Email not verified" });
      }

      // Create the user
      db.execute(
        `INSERT INTO User (Name, Email, UCID, Password, Phone, Address)
          VALUES ('${data.name}', '${data.email}', '${data.UCID}', '${data.password}', '${data.phone}', '${data.address}')`,
        (err, result) => {
          if (err) {
            console.error("Error creating user:", err);
            return res.status(500).json({ error: "Could not create user" });
          }

          // Insert role using the user's ID
          db.execute(
            `INSERT INTO UserRole (UserID, Client, Admin)
              VALUES (LAST_INSERT_ID(), ${data.client || true}, ${
              data.admin || false
            })`,
            (roleErr) => {
              if (roleErr) {
                console.error("Error creating role:", roleErr);
                return res.status(500).json({ error: "Could not create role" });
              }

              // Delete verification record
              db.execute(
                `DELETE FROM AuthVerification WHERE Email = '${data.email}'`,
                (deleteErr) => {
                  if (deleteErr) {
                    console.error("Error deleting verification:", deleteErr);
                  }
                  res.json({
                    success: true,
                    message: "User registration completed successfully",
                    name: data.name,
                    email: data.email,
                    UCID: data.UCID,
                  });
                }
              );
            }
          );
        }
      );
    }
  );
};

exports.getAllUser = (req, res) => {
  db.execute("SELECT * FROM User;", (err, data) => {
    if (err) {
      console.error("Errors: ", err);
      return res.status(500).json({ error: "\nCould not fetch users!" });
    }
    res.json({ Users: data });
  });
};

exports.findUserByEmail = (req, res) => {
  const { email } = req.body;

  // Input validation
  if (!email) {
    return res.status(400).json({
      found: false,
      error: "Email is required",
    });
  }

  // Query to find user with matching email and password
  const query = "SELECT * FROM User WHERE email = ?";
  db.execute(query, [email], (err, data) => {
    if (err) {
      console.error("Error finding user:", err);
      return res.status(500).json({
        found: false,
        error: "Database error occurred",
      });
    }

    // Check if user was found
    if (data && data.length > 0) {
      console.log(data);
      const user = data[0];

      // Return all user data except password
      return res.json({
        found: true,
        userID: user.UserID,
        name: user.Name,
        email: user.Email,
        UCID: user.UCID,
        phone: user.Phone,
        address: user.Address,
        // Include any other fields your user might have
        // Make sure the field names match exactly with your database column names
      });
    } else {
      // User not found or invalid credentials
      return res.json({
        found: false,
        error: "Invalid email or password",
      });
    }
  });
};

exports.updateUser = (req, res) => {
  const { userId, ...updateData } = req.body;

  if (!userId) {
    return res.status(400).json({ error: "User ID is required" });
  }

  //query dynamically based on provided fields
  const updateFields = [];
  const values = [];

  Object.entries(updateData).forEach(([key, value]) => {
    // Only include fields that are actually in the User table
    if (["Name", "Email", "Password", "Phone", "UCID"].includes(key)) {
      updateFields.push(`${key} = ?`);
      values.push(value);
    }
  });

  if (updateFields.length === 0) {
    return res.status(400).json({ error: "No valid fields to update" });
  }

  // Add userId to values array
  values.push(userId);

  const query = `UPDATE User SET ${updateFields.join(", ")} WHERE UserID = ?`;

  db.execute(query, values, (err, result) => {
    if (err) {
      console.error("Error updating user:", err);
      return res.status(500).json({ error: "Could not update user" });
    }

    if (result.affectedRows === 0) {
      return res.status(404).json({ error: "User not found" });
    }

    res.json({ success: true, message: "User updated successfully" });
  });
};

exports.deleteUser = (req, res) => {
  const { userId } = req.body;

  if (!userId) {
    return res.status(400).json({ error: "User ID is required" });
  }

  // Delete from UserRole first (assuming foreign key constraint)
  db.execute("DELETE FROM UserRole WHERE UserID = ?", [userId], (err) => {
    if (err) {
      console.error("Error deleting user role:", err);
      return res.status(500).json({ error: "Could not delete user role" });
    }

    // Then delete from User table
    db.execute("DELETE FROM User WHERE UserID = ?", [userId], (err, result) => {
      if (err) {
        console.error("Error deleting user:", err);
        return res.status(500).json({ error: "Could not delete user" });
      }

      if (result.affectedRows === 0) {
        return res.status(404).json({ error: "User not found" });
      }

      res.json({ success: true, message: "User deleted successfully" });
    });
  });
};
Refactor code, split routes, change url in backend and update in frontend. Still have bugs, infinite loading after signup? 2025-03-19 02:09:30 -06:00			`const crypto = require("crypto");`
			`const db = require("../utils/database");`
			`const { sendVerificationEmail } = require("../utils/helper");`

			`exports.sendVerificationCode = async (req, res) => {`
			`const { email } = req.body;`

			`if (!email) {`
			`return res.status(400).json({ error: "Email is required" });`
			`}`

			`try {`
			`// Generate a random 6-digit code`
			`const verificationCode = crypto.randomInt(100000, 999999).toString();`
			`console.log(`
			`Generated verification code for ${email}: ${verificationCode}`
			`);`

			`// Check if email already exists in verification table`
			`db.execute(`
			`"SELECT * FROM AuthVerification WHERE Email = ?",`
			`[email],`
			`async (err, results) => {`
			`if (err) {`
			`console.error("Database error:", err);`
			`return res.status(500).json({ error: "Database error" });`
			`}`

			`if (results.length > 0) {`
			`// Update existing record`
			`db.execute(`
			`UPDATE AuthVerification SET VerificationCode = ?, Authenticated = FALSE, Date = CURRENT_TIMESTAMP
			WHERE Email = ?`,
			`[verificationCode, email],`
			`async (err) => {`
			`if (err) {`
			`console.error("Database error:", err);`
			`return res.status(500).json({ error: "Database error" });`
			`}`

			`// Send email and respond`
			`await sendVerificationEmail(email, verificationCode);`
			`res.json({ success: true, message: "Verification code sent" });`
			`}`
			`);`
			`} else {`
			`// Insert new record`
			`db.execute(`
			`"INSERT INTO AuthVerification (Email, VerificationCode, Authenticated) VALUES (?, ?, FALSE)",`
			`[email, verificationCode],`
			`async (err) => {`
			`if (err) {`
			`console.error("Database error:", err);`
			`return res.status(500).json({ error: "Database error" });`
			`}`

			`// Send email and respond`
			`await sendVerificationEmail(email, verificationCode);`
			`res.json({ success: true, message: "Verification code sent" });`
			`}`
			`);`
			`}`
			`}`
			`);`
			`} catch (error) {`
			`console.error("Error:", error);`
			`res.status(500).json({ error: "Server error" });`
			`}`
			`};`

			`exports.verifyCode = (req, res) => {`
			`const { email, code } = req.body;`

			`if (!email \|\| !code) {`
			`return res.status(400).json({ error: "Email and code are required" });`
			`}`

			console.log(`Attempting to verify code for ${email}: ${code}`);

			`// Check verification code`
			`db.execute(`
			`"SELECT * FROM AuthVerification WHERE Email = ? AND VerificationCode = ? AND Authenticated = 0 AND Date > DATE_SUB(NOW(), INTERVAL 15 MINUTE)",`
			`[email, code],`
			`(err, results) => {`
			`if (err) {`
			`console.error("Database error:", err);`
			`return res.status(500).json({ error: "Database error" });`
			`}`

			`if (results.length === 0) {`
			console.log(`Invalid or expired verification code for email ${email}`);
			`return res`
			`.status(400)`
			`.json({ error: "Invalid or expired verification code" });`
			`}`

			`const userId = results[0].UserID;`

			`// Mark as authenticated`
			`db.execute(`
			`"UPDATE AuthVerification SET Authenticated = TRUE WHERE Email = ?",`
			`[email],`
			`(err) => {`
			`if (err) {`
			`console.error("Database error:", err);`
			`return res.status(500).json({ error: "Database error" });`
			`}`

			console.log(`Email ${email} successfully verified`);

			`res.json({`
			`success: true,`
			`message: "Verification successful",`
			`userId,`
			`});`
			`}`
			`);`
			`}`
			`);`
			`};`

			`exports.completeSignUp = (req, res) => {`
			`const data = req.body;`

			`db.execute(`
			`SELECT * FROM AuthVerification WHERE Email = '${data.email}' AND Authenticated = 1;`,
			`(err, results) => {`
			`if (err) {`
			`console.error("Database error:", err);`
			`return res.status(500).json({ error: "Database error" });`
			`}`
			`if (results.length === 0) {`
			`return res.status(400).json({ error: "Email not verified" });`
			`}`

			`// Create the user`
			`db.execute(`
			`INSERT INTO User (Name, Email, UCID, Password, Phone, Address)
			VALUES ('${data.name}', '${data.email}', '${data.UCID}', '${data.password}', '${data.phone}', '${data.address}')`,
			`(err, result) => {`
			`if (err) {`
			`console.error("Error creating user:", err);`
			`return res.status(500).json({ error: "Could not create user" });`
			`}`

			`// Insert role using the user's ID`
			`db.execute(`
			`INSERT INTO UserRole (UserID, Client, Admin)
			`VALUES (LAST_INSERT_ID(), ${data.client \|\| true}, ${`
			`data.admin \|\| false`
			})`,
			`(roleErr) => {`
			`if (roleErr) {`
			`console.error("Error creating role:", roleErr);`
			`return res.status(500).json({ error: "Could not create role" });`
			`}`

			`// Delete verification record`
			`db.execute(`
			`DELETE FROM AuthVerification WHERE Email = '${data.email}'`,
			`(deleteErr) => {`
			`if (deleteErr) {`
			`console.error("Error deleting verification:", deleteErr);`
			`}`
			`res.json({`
			`success: true,`
			`message: "User registration completed successfully",`
			`name: data.name,`
			`email: data.email,`
			`UCID: data.UCID,`
			`});`
			`}`
			`);`
			`}`
			`);`
			`}`
			`);`
			`}`
			`);`
			`};`

			`exports.getAllUser = (req, res) => {`
			`db.execute("SELECT * FROM User;", (err, data) => {`
			`if (err) {`
			`console.error("Errors: ", err);`
			`return res.status(500).json({ error: "\nCould not fetch users!" });`
			`}`
			`res.json({ Users: data });`
			`});`
			`};`

			`exports.findUserByEmail = (req, res) => {`
			`const { email } = req.body;`

			`// Input validation`
			`if (!email) {`
			`return res.status(400).json({`
			`found: false,`
			`error: "Email is required",`
			`});`
			`}`

			`// Query to find user with matching email and password`
			`const query = "SELECT * FROM User WHERE email = ?";`
			`db.execute(query, [email], (err, data) => {`
			`if (err) {`
			`console.error("Error finding user:", err);`
			`return res.status(500).json({`
			`found: false,`
			`error: "Database error occurred",`
			`});`
			`}`

			`// Check if user was found`
			`if (data && data.length > 0) {`
			`console.log(data);`
			`const user = data[0];`

			`// Return all user data except password`
			`return res.json({`
			`found: true,`
			`userID: user.UserID,`
			`name: user.Name,`
			`email: user.Email,`
			`UCID: user.UCID,`
			`phone: user.Phone,`
			`address: user.Address,`
			`// Include any other fields your user might have`
			`// Make sure the field names match exactly with your database column names`
			`});`
			`} else {`
			`// User not found or invalid credentials`
			`return res.json({`
			`found: false,`
			`error: "Invalid email or password",`
			`});`
			`}`
			`});`
			`};`

			`exports.updateUser = (req, res) => {`
			`const { userId, ...updateData } = req.body;`

			`if (!userId) {`
			`return res.status(400).json({ error: "User ID is required" });`
			`}`

			`//query dynamically based on provided fields`
			`const updateFields = [];`
			`const values = [];`

			`Object.entries(updateData).forEach(([key, value]) => {`
			`// Only include fields that are actually in the User table`
			`if (["Name", "Email", "Password", "Phone", "UCID"].includes(key)) {`
			updateFields.push(`${key} = ?`);
			`values.push(value);`
			`}`
			`});`

			`if (updateFields.length === 0) {`
			`return res.status(400).json({ error: "No valid fields to update" });`
			`}`

			`// Add userId to values array`
			`values.push(userId);`

			const query = `UPDATE User SET ${updateFields.join(", ")} WHERE UserID = ?`;

			`db.execute(query, values, (err, result) => {`
			`if (err) {`
			`console.error("Error updating user:", err);`
			`return res.status(500).json({ error: "Could not update user" });`
			`}`

			`if (result.affectedRows === 0) {`
			`return res.status(404).json({ error: "User not found" });`
			`}`

			`res.json({ success: true, message: "User updated successfully" });`
			`});`
			`};`

			`exports.deleteUser = (req, res) => {`
			`const { userId } = req.body;`

			`if (!userId) {`
			`return res.status(400).json({ error: "User ID is required" });`
			`}`

			`// Delete from UserRole first (assuming foreign key constraint)`
			`db.execute("DELETE FROM UserRole WHERE UserID = ?", [userId], (err) => {`
			`if (err) {`
			`console.error("Error deleting user role:", err);`
			`return res.status(500).json({ error: "Could not delete user role" });`
			`}`

			`// Then delete from User table`
			`db.execute("DELETE FROM User WHERE UserID = ?", [userId], (err, result) => {`
			`if (err) {`
			`console.error("Error deleting user:", err);`
			`return res.status(500).json({ error: "Could not delete user" });`
			`}`

			`if (result.affectedRows === 0) {`
			`return res.status(404).json({ error: "User not found" });`
			`}`

			`res.json({ success: true, message: "User deleted successfully" });`
			`});`
			`});`
			`};`