ShackMCrazyFish · ShackMCrazyFish · Mar 22, 2026 · Mar 22, 2026 · Mar 23, 2026
diff --git a/backend/package-lock.json b/backend/package-lock.json
diff --git a/backend/simple-chat b/backend/simple-chat
diff --git a/backend/src/app.ts b/backend/src/app.ts
@@ -2,6 +2,7 @@ import express from 'express';
 import cors from 'cors';
 import chatRouter from './routes/chat.routes';
 import authRouter from './routes/auth.routes';
+import userRouter from './routes/user.routes';
 import { authMiddleware } from './middleware/auth.middleware';
 
 const app = express();
@@ -12,6 +13,7 @@ app.use(express.urlencoded({ extended: false }));
 app.use(express.json());
 
 app.use('/v1/api/auth', authRouter);
+app.use('/v1/api/users', authMiddleware, userRouter);
 app.use('/v1/api/chats', authMiddleware, chatRouter);
 
 export default app;
diff --git a/backend/src/controllers/user.controller.ts b/backend/src/controllers/user.controller.ts
@@ -1,26 +1,17 @@
 import { Request, Response } from 'express';
 import { UserService } from '../services/user.service';
-import jwt from 'jsonwebtoken';
 
 export class UserController {
     constructor(private readonly userService: UserService) {}
 
     async getUser(req: Request, res: Response): Promise<void> {
-        const authToken = req.headers.authorization?.split(' ')[1];
-
-        if (!authToken) {
-            res.status(401).json({ error: 'Unauthorized' });
-            return;
-        }
-
-        const decoded = jwt.verify(authToken, process.env.JWT_SECRET as string);
-
-        if (!(decoded as any).user?.id) {
+        const userId = req.authUser?.id;
+        if (!userId) {
             res.status(401).json({ error: 'Unauthorized' });
             return;
         }
 
-        const user = await this.userService.getUserById((decoded as any).user?.id);
+        const user = await this.userService.getUserById(userId);
 
         if (!user) {
             res.status(404).json({ error: 'User not found' });

diff --git a/backend/src/middleware/auth.middleware.ts b/backend/src/middleware/auth.middleware.ts
@@ -1,17 +1,26 @@
 import { Request, Response, NextFunction } from 'express';
 import jwt from 'jsonwebtoken';
+import type { AuthTokenPayload } from '../types/auth-token-payload';
 
 export const authMiddleware = (req: Request, res: Response, next: NextFunction) => {
     const token = req.headers.authorization?.split(' ')[1];
-    
+
     if (!token) {
         return res.status(401).json({ error: 'Unauthorized' });
     }
 
-    const decoded = jwt.verify(token, process.env.JWT_SECRET as string);
-    if (!decoded) {
+    try {
+        const decoded = jwt.verify(token, process.env.JWT_SECRET as string);
+        if (typeof decoded === 'string') {
+            return res.status(401).json({ error: 'Unauthorized' });
+        }
+        const payload = decoded as AuthTokenPayload;
+        if (!payload.user?.id) {
+            return res.status(401).json({ error: 'Unauthorized' });
+        }
+        req.authUser = payload.user;
+        next();
+    } catch {
         return res.status(401).json({ error: 'Unauthorized' });
     }
-
-    next();
-}
+};
diff --git a/backend/src/routes/auth.routes.ts b/backend/src/routes/auth.routes.ts
@@ -8,8 +8,8 @@ const router = Router();
 const authService = new AuthService(UserModel);
 const authController = new AuthController(authService);
 
-router.post('/register', authController.register);
-router.post('/login', authController.login);
-router.post('/refresh', authController.refreshToken);
+router.post('/register', authController.register.bind(authController));
+router.post('/login', authController.login.bind(authController));
+router.post('/refresh', authController.refreshToken.bind(authController));
 
 export default router;
diff --git a/backend/src/routes/user.routes.ts b/backend/src/routes/user.routes.ts
@@ -1,5 +1,5 @@
 import { Router } from 'express';
-import { UserModel } from 'src/models/user.model';
+import { UserModel } from '../models/user.model';
 import { UserController } from '../controllers/user.controller';
 import { UserService } from '../services/user.service';
 const router = Router();

diff --git a/backend/src/server.ts b/backend/src/server.ts
@@ -18,6 +18,12 @@ const envSchema = z.object({
 async function startServer() {
     const env = envSchema.parse(process.env);
     await mongoose.connect(env.MONGO_URL);
+        try {
+            await mongoose.connect(env.MONGO_URL);
+        } catch (error) {
+            console.error('Error connecting to MongoDB', error);
+            process.exit(1);
+        };
     const port = env.PORT ?? 3000;
     app.listen(port, () => {
         console.log(`Server on port ${port}`);

diff --git a/backend/src/services/auth.service.ts b/backend/src/services/auth.service.ts
@@ -2,6 +2,7 @@ import { Model } from "mongoose";
 import { UserDocument } from "src/models/user.model";
 import bcrypt from 'bcrypt';
 import jwt from "jsonwebtoken";
+import type { AuthTokenPayload } from "../types/auth-token-payload";
 
 export class AuthService {
     constructor(private readonly userModel: Model<UserDocument>) {}
@@ -14,7 +15,7 @@ export class AuthService {
             throw new Error('User already exists');
         }
 
-        const newUser = await this.userModel.create({ name, email, passwordHash });
+        const newUser = await this.userModel.create({ name, email, password_hash: passwordHash });
 
         return this.tokenSign(newUser);
     }
@@ -26,23 +27,35 @@ export class AuthService {
             throw new Error('Invalid login or password');
         }
 
-        const passwordHash = await bcrypt.hash(password, 10);
+        const passwordHash = await bcrypt.compare(password, user.password_hash);
 
-        if (user.password_hash !== passwordHash) {
+        if (!passwordHash) {
             throw new Error('Invalid login or password');
         }
 
         return this.tokenSign(user);
     }
 
     async refreshToken(refreshToken: string): Promise<any> {
-        const decoded = jwt.verify(refreshToken, process.env.JWT_REFRESH_TOKEN_SECRET as string);
-
-        if (!decoded) {
+        const decoded = jwt.verify(
+            refreshToken,
+            process.env.JWT_REFRESH_TOKEN_SECRET as string
+        );
+
+        if (typeof decoded === 'string') {
+            throw new Error('Invalid refresh token');
+        }
+
+        const payload = decoded as AuthTokenPayload;
+        const id = payload.user?.id;
+        const email = payload.user?.email;
+        if (!id && !email) {
             throw new Error('Invalid refresh token');
         }
 
-        const user = await this.userModel.findOne({ email: (decoded as any).user.id });
+        const user = id
+            ? await this.userModel.findById(id)
+            : await this.userModel.findOne({ email });
 
         if (!user) {
             throw new Error('User not found');
@@ -52,7 +65,14 @@ export class AuthService {
     }
 
     private async tokenSign(user: UserDocument) {
-        const payload = { user: {name: user.name, email: user.email, admin: false}};
+        const payload: { user: AuthTokenPayload['user'] } = {
+            user: {
+                id: user.id,
+                name: user.name,
+                email: user.email,
+                admin: false,
+            },
+        };
         return {
             accessToken: jwt.sign(
                 payload,

diff --git a/backend/src/types/auth-token-payload.ts b/backend/src/types/auth-token-payload.ts
@@ -0,0 +1,10 @@
+import type { JwtPayload } from 'jsonwebtoken';
+
+export type AuthTokenPayload = JwtPayload & {
+    user: {
+        id: string;
+        name: string;
+        email: string;
+        admin: boolean;
+    };
+};
diff --git a/backend/src/types/express.d.ts b/backend/src/types/express.d.ts
@@ -0,0 +1,11 @@
+import type { AuthTokenPayload } from './auth-token-payload';
+
+declare global {
+    namespace Express {
+        interface Request {
+            authUser?: AuthTokenPayload['user'];
+        }
+    }
+}
+
+export {};
diff --git a/backend/tsconfig.json b/backend/tsconfig.json
@@ -27,5 +27,8 @@
   ], // Include files from the src directory
   "exclude": [
     "node_modules"
-  ] // Exclude the node_modules directory
+  ],
+  "ts-node": {
+    "files": true
+  }
 }