Added OTP and makeAdmin/Client routes #3
Conversation
✅ Deploy Preview for currenci-ecell ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
src/helpers/verifyAdmin.ts
Outdated
| if (!user) { | ||
| return false; | ||
| } | ||
| const isReqAdmin = user.role === "admin" || "superadmin"; |
There was a problem hiding this comment.
change to const isReqAdmin = user.role === "admin" || user.role === "superadmin";
Your current code give only truthy value . Find out why ?
|
|
||
| const token = authHeader.split(" ")[1]; | ||
| try { | ||
| const decoded = jwt.verify(token, JWT_SECRET); |
There was a problem hiding this comment.
Add error handling for cases where jwt.verify fails due to expired or invalid tokens
src/helpers/verifyOtp.ts
Outdated
| import OtpModel from "../model/OTP"; | ||
|
|
||
| export async function verifyOtp(email: string, otp: number) { | ||
| const OTPData = await OtpModel.findOne({ email }); |
There was a problem hiding this comment.
Add error handling for the findOne query in case the database fails or the connection is lost.
| } | ||
|
|
||
| const { pathname } = req.nextUrl; | ||
| const id = pathname.split("/").pop(); |
There was a problem hiding this comment.
Consider checking if id is a valid MongoDB ObjectID to prevent errors.
| } | ||
|
|
||
| const { pathname } = req.nextUrl; | ||
| const id = pathname.split("/").pop(); |
There was a problem hiding this comment.
Consider checking if id is a valid MongoDB ObjectID to prevent errors.
src/app/api/v1/sendOtp/route.ts
Outdated
| ); | ||
| } | ||
|
|
||
| const otp = Math.floor(100000 + Math.random() * 900000).toString(); |
There was a problem hiding this comment.
Use Strong OTP generation Libraries, as Math.random() can be predictable.
src/app/api/v1/sendOtp/route.ts
Outdated
| } | ||
|
|
||
| const otp = Math.floor(100000 + Math.random() * 900000).toString(); | ||
| console.log(`Generated OTP for ${email}: ${otp}`); |
There was a problem hiding this comment.
Remove logging to maintain security
src/app/api/v1/signUp/route.ts
Outdated
| await dbConnect(); | ||
| try { | ||
| const { username, email, password } = await req.json(); | ||
| const { username, email, password, otp } = await req.json(); |
There was a problem hiding this comment.
Add validation to check if the password meets specific strength criteria before hashing it.
| @@ -0,0 +1,29 @@ | |||
| import nodemailer from "nodemailer"; | |||
|
|
|||
| const transporter = nodemailer.createTransport({ | |||
There was a problem hiding this comment.
Add error handling for transporter.sendMail to capture cases where the email server might be down.
src/helpers/SendEmail.ts
Outdated
| html, | ||
| }; | ||
|
|
||
| transporter.sendMail(mailOptions, (error, info) => { |
There was a problem hiding this comment.
Add error handling for transporter.sendMail to capture cases where the email server might be down.
No description provided.