Skip to content

fix: add bcrypt hashing and verification for police badge number in user controller #37

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

fix: add bcrypt hashing and verification for police badge number in user controller #37

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
fde31bc
fixec bcryptjs issue
Swapnxll Jun 18, 2025
5005c1b
bcrypt hashing
Swapnxll Jun 20, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
169 changes: 98 additions & 71 deletions backend/controllers/userController.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,103 +1,130 @@
import User from '../models/UserModel.js';
import bcrypt from 'bcryptjs';
import jwt from 'jsonwebtoken';
import User from "../models/UserModel.js";
import bcrypt from "bcryptjs";
import jwt from "jsonwebtoken";

export const registerUser = async (req, res) => {
try {
const { name, phone, badgeNumber, password, role } = req.body;

if (role === 'anonymous') {
return res.status(400).json({ message: 'Anonymous users do not need to register.' });
if (role === "anonymous") {
return res
.status(400)
.json({ message: "Anonymous users do not need to register." });
}

let newUser;

if (role === 'police') {
if (role === "police") {
if (!name || !badgeNumber) {
return res.status(400).json({ message: 'Police must provide name and badge number.' });
return res
.status(400)
.json({ message: "Police must provide name and badge number." });
}
newUser = new User({ name, badgeNumber, role });
}

else if (role === 'citizen') {

// Hash the badgeNumber before storing
const hashedBadgeNumber = await bcrypt.hash(badgeNumber, 10);

newUser = new User({ name, badgeNumber: hashedBadgeNumber, role });
} else if (role === "citizen") {
if (!phone || !name) {
return res.status(400).json({ message: 'Citizen must provide name and phone number.' });
return res
.status(400)
.json({ message: "Citizen must provide name and phone number." });
}

newUser = new User({ name, phone, role });
}

}

await newUser.save();
const token = jwt.sign({ id: newUser._id, role: newUser.role, phone:newUser.phone }, process.env.JWT_SECRET, { expiresIn: '1h' });

// Return token along with success message
res.status(201).json({ message: 'User registered successfully', token });
const token = jwt.sign(
{
id: newUser._id,
role: newUser.role,
phone: newUser.phone,
},
process.env.JWT_SECRET,
{ expiresIn: "1h" }
);

res.status(201).json({ message: "User registered successfully", token });
} catch (error) {
res.status(500).json({ message: 'Registration failed', error });
console.error(error);

res.status(500).json({ message: "Registration failed", error });
}
};

export const loginUser = async (req, res) => {
try {
const { role } = req.body;

if (role === 'anonymous') {
return res.status(403).json({ message: 'Anonymous users do not need login.' });
}

let user;

if (role === 'police') {
const { name, badgeNumber } = req.body;
if (!name || !badgeNumber) return res.status(400).json({ message: 'Name and badge number are required' });

user = await User.findOne({ name, badgeNumber });
}

else if (role === 'citizen') {
const { name, phone } = req.body;
if (!name || !phone) return res.status(400).json({ message: 'Name and phone are required' });

user = await User.findOne({ name, phone });
}



if (!user) {
return res.status(401).json({ message: 'Invalid credentials' });
}

// Generate Token
const token = jwt.sign(
{
id: user._id,
role: user.role,
name: user.name,
phone: user.phone,
badgeNumber: user.badgeNumber
},
process.env.JWT_SECRET,
{ expiresIn: '1h' }
);


console.log("generated token is : ", token);

res.json({ token, user });
} catch (error) {
res.status(500).json({ message: 'Login failed' });
try {
const { role } = req.body;

if (role === "anonymous") {
return res
.status(403)
.json({ message: "Anonymous users do not need login." });
}

let user;

if (role === "police") {
const { name, badgeNumber } = req.body;
if (!name || !badgeNumber)
return res
.status(400)
.json({ message: "Name and badge number are required" });

// Find a user document in the database with the given name
user = await User.findOne({ name });

// If no user is found, return a 401 Unauthorized error
if (!user)
return res.status(401).json({ message: "Invalid credentials" });

// Compare badgeNumber from the request with the hashed one in the database
const isMatch = await bcrypt.compare(badgeNumber, user.badgeNumber);

// If the badgeNumber does not match, return a 401 Unauthorized error
if (!isMatch)
return res.status(401).json({ message: "Invalid credentials" });
} else if (role === "citizen") {
const { name, phone } = req.body;
if (!name || !phone)
return res.status(400).json({ message: "Name and phone are required" });

user = await User.findOne({ name, phone });
}

if (!user) {
return res.status(401).json({ message: "Invalid credentials" });
}

// Generate Token
const token = jwt.sign(
{
id: user._id,
role: user.role,
name: user.name,
phone: user.phone,
badgeNumber: user.badgeNumber,
},
process.env.JWT_SECRET,
{ expiresIn: "1h" }
);

console.log("generated token is : ", token);

res.json({ token, user });
} catch (error) {
res.status(500).json({ message: "Login failed" });
}
};
export const findPoliceOfficers = async(req, res) => {

export const findPoliceOfficers = async (req, res) => {
try {
const officers = await User.find({ role: 'police' });
const officers = await User.find({ role: "police" });
res.status(200).json(officers);
} catch (err) {
console.error("Error fetching police officers:", err);
res.status(500).json({ error: 'Failed to fetch police officers' });
res.status(500).json({ error: "Failed to fetch police officers" });
}
};
2 changes: 2 additions & 0 deletions backend/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,10 +10,12 @@
},
"dependencies": {
"@google/generative-ai": "^0.24.0",
"bcryptjs": "^3.0.2",
"cloudinary": "^1.41.3",
"cors": "^2.8.5",
"dotenv": "^16.4.7",
"express": "^4.21.2",
"jsonwebtoken": "^9.0.2",
"jwt-decode": "^4.0.0",
"mongoose": "^7.8.6",
"multer": "^1.4.5-lts.2",
Expand Down
40 changes: 40 additions & 0 deletions frontend/package-lock.json
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions frontend/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@
"aceternity-ui": "^0.2.2",
"class-variance-authority": "^0.7.1",
"clsx": "^2.1.1",
"framer-motion": "^12.18.1",
"html2pdf.js": "^0.10.3",
"jwt-decode": "^4.0.0",
"leaflet": "^1.9.4",
Expand Down