Added test cases along with the Authentication endpoints

Author: sabbas-ctrl

app/.env.example

@@ -1,3 +1,4 @@
 PORT=your_port_here
 DB_URI=your_db_uri_here
 JWT_SECRET=your_jwt_secret_here
+JWT_REFRESH_SECRET=your_jwt_refresh_secret_here

app/controllers/authController.js

@@ -2,20 +2,25 @@ import bcrypt from 'bcrypt';
 import jwt from 'jsonwebtoken';
 import User, { ROLES, PERMISSIONS } from '../models/User.js';
 import winston from 'winston';
+import dotenv from 'dotenv';
+
+dotenv.config();
 
 // === Logger Setup ===
 const logger = winston.createLogger({
   level: 'info',
   format: winston.format.json(),
-  transports: [
-    new winston.transports.File({ filename: 'logs/auth.log' }),
-  ],
+  transports: [new winston.transports.File({ filename: 'logs/auth.log' })],
 });
 
 // === Secrets from Environment ===
 const JWT_SECRET = process.env.JWT_SECRET;
 const JWT_REFRESH_SECRET = process.env.JWT_REFRESH_SECRET;
 
+if (!JWT_SECRET || !JWT_REFRESH_SECRET) {
+  console.error("❌ JWT secrets are missing from .env");
+}
+
 // === Generate Access + Refresh Tokens ===
 const generateTokens = (user) => {
   const payload = {
@@ -60,30 +65,41 @@ export const register = async (req, res) => {
     });
 
     await newUser.save();
-    logger.info(`User registered: ${email} by ${addedBy}`);
+    logger.info(`✅ User registered: ${email} by ${addedBy}`);
 
     res.status(201).json({ message: 'User registered successfully.' });
 
   } catch (err) {
-    logger.error('Registration failed', err);
+    logger.error('❌ Registration failed', err);
+    console.error("REGISTER ERROR:", err);
     res.status(500).json({ message: 'Server error during registration.' });
   }
 };
 
 // === LOGIN ===
 export const login = async (req, res) => {
   try {
+    console.log("ENV JWT_SECRET:", !!JWT_SECRET);
+    console.log("ENV JWT_REFRESH_SECRET:", !!JWT_REFRESH_SECRET);
+
     const { email, password } = req.body;
+    console.log("Login attempt:", email);
 
     const user = await User.findOne({ email });
     if (!user) return res.status(400).json({ message: 'Invalid credentials.' });
 
     const isMatch = await bcrypt.compare(password, user.password);
+    console.log("Password match:", isMatch);
+
     if (!isMatch) return res.status(400).json({ message: 'Invalid credentials.' });
 
     const { accessToken, refreshToken } = generateTokens(user);
 
-    logger.info(`User login: ${email}`);
+    // Save refresh token for future verification
+    user.refreshToken = refreshToken;
+    await user.save();
+
+    logger.info(`✅ User login: ${email}`);
 
     res.status(200).json({
       accessToken,
@@ -98,7 +114,8 @@ export const login = async (req, res) => {
     });
 
   } catch (err) {
-    logger.error('Login failed', err);
+    logger.error('❌ Login failed', err);
+    console.error("LOGIN ERROR:", err);
     res.status(500).json({ message: 'Server error during login.' });
   }
 };
@@ -114,8 +131,7 @@ export const logout = async (req, res) => {
   }
 };
 
-
-// 🔁 Issue a new access token using refresh token
+// === REFRESH TOKEN ===
 export const refreshToken = async (req, res) => {
   const token = req.body.token;
   if (!token) return res.status(401).json({ message: 'Refresh token required' });
@@ -124,49 +140,46 @@ export const refreshToken = async (req, res) => {
     const user = await User.findOne({ refreshToken: token });
     if (!user) return res.status(403).json({ message: 'Invalid refresh token' });
 
-    jwt.verify(token, process.env.JWT_REFRESH_SECRET, (err, decoded) => {
+    jwt.verify(token, JWT_REFRESH_SECRET, (err, decoded) => {
       if (err || decoded.id !== user._id.toString()) {
         return res.status(403).json({ message: 'Invalid or expired refresh token' });
       }
 
-      const accessToken = generateTokens(user);
-      res.json({ accessToken });
+      const { accessToken, refreshToken: newRefreshToken } = generateTokens(user);
+      user.refreshToken = newRefreshToken;
+      user.save();
+
+      res.json({ accessToken, refreshToken: newRefreshToken });
     });
   } catch (err) {
-    res.status(500).json({ message: 'Server error'});
-    console.error('Refresh token error:', err);
+    console.error('REFRESH ERROR:', err);
+    res.status(500).json({ message: 'Server error' });
   }
 };
 
-
-
-
-
-//temporary dev registration endpoint
-// 🚨 Only for initial setup — REMOVE after first use
+// === DEV REGISTER ===
 export const devRegister = async (req, res) => {
   try {
-    const existingAdmin = await User.findOne({ email: 'admin@vision.pk' });
+    const existingAdmin = await User.findOne({ email: 'sabbbas.a30@gmail.com' });
     if (existingAdmin) {
       return res.status(400).json({ message: 'Admin already exists' });
     }
 
-    const hashedPassword = await bcrypt.hash('Admin123!', 12); // choose your own secure default
+    const hashedPassword = await bcrypt.hash('Admin123!', 12);
 
     const admin = new User({
       fullName: 'Sabbas Ahmad',
       email: 'sabbbas.a30@gmail.com',
       password: hashedPassword,
       role: 'admin',
-      permissions: PERMISSIONS, // give all possible permissions initially
+      permissions: PERMISSIONS,
       addedBy: null,
     });
 
     await admin.save();
-
     res.status(201).json({ message: 'Initial admin created', email: admin.email });
   } catch (err) {
+    console.error("DEV REGISTER ERROR:", err);
     res.status(500).json({ message: 'Failed to create admin', error: err.message });
   }
 };
-// 🚨 Only for initial setup — REMOVE after first use

app/logs/auth.log

@@ -0,0 +1,22 @@
+{"level":"error","message":"Login failed secretOrPrivateKey must have a value","stack":"Error: secretOrPrivateKey must have a value\n    at module.exports [as sign] (C:\\Users\\DELL\\Desktop\\VisualIndex Backend\\app\\node_modules\\jsonwebtoken\\sign.js:111:20)\n    at generateTokens (file:///C:/Users/DELL/Desktop/VisualIndex%20Backend/app/controllers/authController.js:27:27)\n    at login (file:///C:/Users/DELL/Desktop/VisualIndex%20Backend/app/controllers/authController.js:84:43)"}
+{"level":"info","message":"User logout attempt"}
+{"level":"error","message":"Login failed secretOrPrivateKey must have a value","stack":"Error: secretOrPrivateKey must have a value\n    at module.exports [as sign] (C:\\Users\\DELL\\Desktop\\VisualIndex Backend\\app\\node_modules\\jsonwebtoken\\sign.js:111:20)\n    at generateTokens (file:///C:/Users/DELL/Desktop/VisualIndex%20Backend/app/controllers/authController.js:27:27)\n    at login (file:///C:/Users/DELL/Desktop/VisualIndex%20Backend/app/controllers/authController.js:84:43)"}
+{"level":"error","message":"Login failed secretOrPrivateKey must have a value","stack":"Error: secretOrPrivateKey must have a value\n    at module.exports [as sign] (C:\\Users\\DELL\\Desktop\\VisualIndex Backend\\app\\node_modules\\jsonwebtoken\\sign.js:111:20)\n    at generateTokens (file:///C:/Users/DELL/Desktop/VisualIndex%20Backend/app/controllers/authController.js:27:27)\n    at login (file:///C:/Users/DELL/Desktop/VisualIndex%20Backend/app/controllers/authController.js:84:43)"}
+{"level":"error","message":"Login failed secretOrPrivateKey must have a value","stack":"Error: secretOrPrivateKey must have a value\n    at module.exports [as sign] (C:\\Users\\DELL\\Desktop\\VisualIndex Backend\\app\\node_modules\\jsonwebtoken\\sign.js:111:20)\n    at generateTokens (file:///C:/Users/DELL/Desktop/VisualIndex%20Backend/app/controllers/authController.js:27:27)\n    at login (file:///C:/Users/DELL/Desktop/VisualIndex%20Backend/app/controllers/authController.js:84:43)"}
+{"level":"error","message":"Login failed secretOrPrivateKey must have a value","stack":"Error: secretOrPrivateKey must have a value\n    at module.exports [as sign] (C:\\Users\\DELL\\Desktop\\VisualIndex Backend\\app\\node_modules\\jsonwebtoken\\sign.js:111:20)\n    at generateTokens (file:///C:/Users/DELL/Desktop/VisualIndex%20Backend/app/controllers/authController.js:27:27)\n    at login (file:///C:/Users/DELL/Desktop/VisualIndex%20Backend/app/controllers/authController.js:84:43)"}
+{"level":"error","message":"Login failed accessToken is not defined","stack":"ReferenceError: accessToken is not defined\n    at generateTokens (file:///C:/Users/DELL/Desktop/VisualIndex%20Backend/app/controllers/authController.js:29:12)\n    at login (file:///C:/Users/DELL/Desktop/VisualIndex%20Backend/app/controllers/authController.js:86:43)"}
+{"level":"error","message":"Login failed accessToken is not defined","stack":"ReferenceError: accessToken is not defined\n    at generateTokens (file:///C:/Users/DELL/Desktop/VisualIndex%20Backend/app/controllers/authController.js:32:12)\n    at login (file:///C:/Users/DELL/Desktop/VisualIndex%20Backend/app/controllers/authController.js:89:43)"}
+{"level":"info","message":"User registered: viewer@test.com by 689530bbc1d8d5095e3b47f5"}
+{"level":"info","message":"User logout attempt"}
+{"level":"info","message":"✅ User login: sabbbas.a30@gmail.com"}
+{"level":"info","message":"✅ User login: viewer@test.com"}
+{"level":"info","message":"User logout attempt"}
+{"level":"info","message":"✅ User login: sabbbas.a30@gmail.com"}
+{"level":"info","message":"✅ User registered: viewer@test.com by 68954bf93b3dcab949394620"}
+{"level":"info","message":"✅ User login: viewer@test.com"}
+{"level":"info","message":"User logout attempt"}
+{"level":"info","message":"✅ User login: sabbbas.a30@gmail.com"}
+{"level":"info","message":"✅ User login: sabbbas.a30@gmail.com"}
+{"level":"info","message":"✅ User registered: viewer_1754615267686@test.com by 68954de468228c1b5a79ecaa"}
+{"level":"info","message":"✅ User login: viewer_1754615267686@test.com"}
+{"level":"info","message":"User logout attempt"}

app/package.json

@@ -2,13 +2,13 @@
   "name": "vision-index",
   "version": "1.0.0",
   "main": "server.js",
+  "type": "module",
   "scripts": {
     "start": "node server.js",
     "dev": "nodemon server.js",
     "lint": "eslint . --ext .js",
-    "test": "echo \"Error: no test specified\" && exit 1"
+    "test": "mocha \"tests/**/*.js\" --timeout 10000"
   },
-  "type": "module",
   "keywords": [
     "visionindex",
     "facial recognition",
@@ -43,6 +43,7 @@
   "description": "Backend for VisionIndex – a post-event facial recognition system that analyzes CCTV recordings to track and log individual presence across institutional zones for attendance and security auditing.",
   "dependencies": {
     "bcrypt": "^6.0.0",
+    "chai-http": "^5.1.2",
     "cors": "^2.8.5",
     "dotenv": "^17.2.1",
     "express": "^5.1.0",
@@ -53,9 +54,12 @@
   },
   "devDependencies": {
     "@eslint/js": "^9.32.0",
+    "chai": "^5.2.1",
     "eslint": "^9.32.0",
     "eslint-config-prettier": "^10.1.8",
     "globals": "^16.3.0",
-    "prettier": "^3.6.2"
+    "mocha": "^11.7.1",
+    "prettier": "^3.6.2",
+    "supertest": "^7.1.4"
   }
 }

app/server.js

@@ -37,3 +37,4 @@ const port = process.env.PORT || 3000;
 app.listen(port, () => {
   console.log(`Server is running on port ${port}`);
 });
+export default app; // 👈 Add this line