Complete JWT Token Implementation

shatter-backend/package.json

@@ -16,13 +16,15 @@
     "bcryptjs": "^3.0.3",
     "dotenv": "^17.2.3",
     "express": "^5.1.0",
+    "jsonwebtoken": "^9.0.2",
     "mongoose": "^8.19.2",
     "zod": "^4.1.12"
   },
   "devDependencies": {
     "@eslint/js": "^9.38.0",
     "@types/bcryptjs": "^2.4.6",
     "@types/express": "^5.0.5",
+    "@types/jsonwebtoken": "^9.0.10",
     "@types/node": "^24.9.2",
     "eslint": "^9.38.0",
     "globals": "^16.4.0",

shatter-backend/src/controllers/auth_controller.ts

@@ -1,6 +1,7 @@
 import { Request, Response } from 'express';
 import { User } from '../models/user_model';
 import { hashPassword, comparePassword } from '../utils/password_hash';
+import { generateToken } from '../utils/jwt_utils';
 
 // Email validation regex
 const EMAIL_REGEX = /^[^\s@]+@[^\s@]+\.[^\s@]{2,}$/;
@@ -148,11 +149,14 @@ export const login = async (req: Request, res: Response) => {
 	user.lastLogin = new Date();
 	await user.save(); // save the updated user
 
-	// 9 - return success
+	// 9 - generate JWT token for the user
+	const token = generateToken(user._id.toString());
+
+	// 10 - return success with token
 	res.status(200).json({
 	    message: 'Login successful',
-	    userId: user._id
-	    // TODO: figure out a way to add JWT token here
+	    userId: user._id,
+	    token
 	});
 
     } catch (err: any) {

shatter-backend/src/middleware/auth_middleware.ts

@@ -0,0 +1,97 @@
+/* eslint-disable @typescript-eslint/no-namespace */
+import { Request, Response, NextFunction } from 'express';
+import { verifyToken } from '../utils/jwt_utils';
+
+/**
+ * Extend Express Request type to include user property
+ * This allows us to attach user info to the request object
+ */
+declare global {
+  namespace Express {
+    interface Request {
+      user?: {
+        userId: string;
+      };
+    }
+  }
+}
+
+/**
+ * Authentication Middleware
+ * Verifies JWT token and attaches user info to request
+ *
+ * Usage:
+ *   router.get('/protected', authMiddleware, controller);
+ *
+ * Request must include:
+ *   Authorization: Bearer <token>
+ */
+export const authMiddleware = async (
+    req: Request,
+    res: Response,
+    next: NextFunction
+) => {
+    try {
+	// step 1: Get Authorization header
+	const authHeader = req.headers.authorization;
+
+	if (!authHeader) {
+	    return res.status(401).json({
+		error: 'Authorization header missing',
+	    });
+	}
+
+	// Step 2: extract token from "Bearer <token>" format
+	const parts = authHeader.split(' ');
+
+	if (parts.length !== 2) {
+	    return res.status(401).json({
+		error: 'Invalid authorization format. Use: Bearer <token>',
+	    });
+	}
+
+	if (parts[0] !== 'Bearer') {
+	    return res.status(401).json({
+		error: 'Invalid authorization format. Must start with "Bearer"',
+	    });
+	}
+
+	const token = parts[1];
+
+	if (!token) {
+	    return res.status(401).json({
+		error: 'Token is empty',
+	    });
+	}
+
+	// Step 3: verify token using JWT utility
+	const decoded = verifyToken(token)
+
+	// Step 4: Attach user info to request object
+	req.user = {
+	    userId: decoded.userId,
+	};
+
+	// step 5: Continue to next Middleware/controller
+	next();
+    } catch (error: any) {
+	// Handle specific JWT errors thrown by jwt_utils
+	if(error?.message === 'Token expired') {
+	    return res.status(401).json({
+		error: 'Token expired. Please login again.',
+	    });
+	}
+
+	if (error?.message === 'Invalid token') {
+	    return res.status(401).json({
+		error: 'Invalid token. Please login again.',
+	    });
+	}
+
+	// Generic error
+	console.error('Auth middleware error:', error);
+	return res.status(401).json({
+	    error: 'Authentication failed',
+	});
+    }
+}; 

shatter-backend/src/routes/user_route.ts

@@ -1,9 +1,25 @@
-import { Router } from 'express';
+import { Router, Request, Response } from 'express';
 import { getUsers, createUser } from '../controllers/user_controller';
+import { authMiddleware } from '../middleware/auth_middleware';
+import { User } from '../models/user_model';
 
 const router = Router();
 
-router.get('/', getUsers);    
-router.post('/', createUser); 
+router.get('/', getUsers);
+router.post('/', createUser);
+
+// Protected route example - returns current user's info
+router.get('/me', authMiddleware, async (req: Request, res: Response) => {
+    try {
+	const user = await User.findById(req.user?.userId).select('-passwordHash');
+	if (!user) {
+	    return res.status(404).json({ error: 'User not found' });
+	}
+	res.json(user);
+    } catch (err) {
+	console.error('GET /api/users/me error:', err);
+	res.status(500).json({ error: 'Failed to fetch user' });
+    }
+});
 
 export default router;