small update in codebase

Author: backendwithvishal

backend/src/controllers/AuthController.js

@@ -175,6 +175,98 @@ export class AuthController {
             res.status(400).json({ error: error.message, requestId: req.requestId });
         }
     }
+
+    async requestMagicLink(req, res, next) {
+        try {
+            const { email } = req.body;
+            if (!email) {
+                return res.status(400).json({ error: 'Email is required', requestId: req.requestId });
+            }
+
+            await this.userService.requestMagicLink(email);
+            res.json({
+                requestId: req.requestId,
+                timestamp: new Date().toISOString(),
+                message: 'If the email exists, a magic login link has been generated.'
+            });
+        } catch (error) {
+            next(error);
+        }
+    }
+
+    async loginWithMagicLink(req, res, next) {
+        try {
+            const { token } = req.query;
+            if (!token) {
+                return res.status(400).json({ error: 'Token parameter is required', requestId: req.requestId });
+            }
+
+            const clientIp = req.ip || req.headers['x-forwarded-for'] || req.socket.remoteAddress;
+            const userAgent = req.headers['user-agent'] || 'Unknown';
+
+            const result = await this.userService.loginWithMagicLink(token, clientIp, userAgent);
+
+            res.cookie('token', result.token, {
+                httpOnly: true,
+                secure: process.env.NODE_ENV === 'production',
+                sameSite: 'strict',
+                maxAge: 7 * 24 * 60 * 60 * 1000 // 7 days
+            });
+
+            res.json({
+                requestId: req.requestId,
+                timestamp: new Date().toISOString(),
+                message: 'Magic login successful',
+                token: result.token,
+                user: result.user
+            });
+        } catch (error) {
+            res.status(401).json({ error: error.message, requestId: req.requestId });
+        }
+    }
+
+    async getSessions(req, res, next) {
+        try {
+            const userId = req.user.userId;
+            const sessions = await this.userService.getActiveSessions(userId);
+            res.json({
+                requestId: req.requestId,
+                timestamp: new Date().toISOString(),
+                sessions
+            });
+        } catch (error) {
+            next(error);
+        }
+    }
+
+    async getLoginHistory(req, res, next) {
+        try {
+            const userId = req.user.userId;
+            const history = await this.userService.getLoginHistory(userId);
+            res.json({
+                requestId: req.requestId,
+                timestamp: new Date().toISOString(),
+                history
+            });
+        } catch (error) {
+            next(error);
+        }
+    }
+
+    async revokeSession(req, res, next) {
+        try {
+            const userId = req.user.userId;
+            const { tokenHash } = req.params;
+            await this.userService.revokeSession(userId, tokenHash);
+            res.json({
+                requestId: req.requestId,
+                timestamp: new Date().toISOString(),
+                message: 'Session revoked successfully.'
+            });
+        } catch (error) {
+            res.status(400).json({ error: error.message, requestId: req.requestId });
+        }
+    }
 }
 
 export default AuthController;

backend/src/infrastructure/repositories/UserRepository.js

@@ -177,6 +177,16 @@ export class UserRepository {
         }
     }
 
+    // Find user by magic link token
+    async findByMagicToken(token) {
+        try {
+            return await User.findOne({ 'metadata.magicToken': token });
+        } catch (error) {
+            logger.error('Error finding user by magic token', { error: error.message });
+            throw error;
+        }
+    }
+
     // Find by ID and select specific fields
     async findByIdWithFields(id, fields = []) {
         try {

backend/src/routes/authRoutes.js

@@ -26,6 +26,15 @@ export const createAuthRoutes = (controller) => {
     router.post('/mfa/enable', requireAuth, (req, res, next) => controller.enableMfa(req, res, next));
     router.post('/mfa/disable', requireAuth, (req, res, next) => controller.disableMfa(req, res, next));
 
+    // Magic link login
+    router.post('/magic-link', authRateLimiter, (req, res, next) => controller.requestMagicLink(req, res, next));
+    router.get('/magic-link/callback', (req, res, next) => controller.loginWithMagicLink(req, res, next));
+
+    // Active Sessions & History (requires authentication)
+    router.get('/sessions', requireAuth, (req, res, next) => controller.getSessions(req, res, next));
+    router.get('/sessions/history', requireAuth, (req, res, next) => controller.getLoginHistory(req, res, next));
+    router.delete('/sessions/:tokenHash', requireAuth, (req, res, next) => controller.revokeSession(req, res, next));
+
     return router;
 };
 

backend/src/services/UserService.js

@@ -381,6 +381,109 @@ export class UserService {
             throw error;
         }
     }
+
+    // Generate magic link token and log it
+    async requestMagicLink(email) {
+        try {
+            const user = await this.userRepository.findByEmail(email);
+            if (!user) {
+                throw new Error('User not found');
+            }
+
+            const magicToken = crypto.randomBytes(32).toString('hex');
+            // Store token in user metadata temporarily
+            user.metadata = {
+                ...user.metadata,
+                magicToken,
+                magicTokenExpires: Date.now() + 900000 // 15 mins expiration
+            };
+            await user.save();
+
+            logger.info(`[MAILER MOCK] Magic Login Link for ${email}: http://localhost:5173/login?magic_token=${magicToken}`);
+            return true;
+        } catch (error) {
+            logger.error('Error in requestMagicLink', { email, error: error.message });
+            throw error;
+        }
+    }
+
+    // Login using magic link token
+    async loginWithMagicLink(token, clientIp = '127.0.0.1', device = 'Unknown') {
+        try {
+            const user = await this.userRepository.findByMagicToken(token);
+            if (!user || !user.metadata?.magicTokenExpires || user.metadata.magicTokenExpires < Date.now()) {
+                throw new Error('Invalid or expired magic link token');
+            }
+
+            // Clear magic token
+            const meta = { ...user.metadata };
+            delete meta.magicToken;
+            delete meta.magicTokenExpires;
+            user.metadata = meta;
+
+            // Log history
+            user.loginHistory.push({
+                ipAddress: clientIp,
+                device,
+                timestamp: new Date()
+            });
+            await user.save();
+
+            const userObj = user.toObject();
+            delete userObj.passwordHash;
+
+            // Generate JWT
+            const jwtToken = jwt.sign(
+                {
+                    userId: userObj._id,
+                    email: userObj.email,
+                    subscriptionTier: userObj.subscriptionTier,
+                },
+                config.security.jwtSecret,
+                { expiresIn: config.security.jwtExpiresIn }
+            );
+
+            // Save active session token hash
+            const tokenHash = crypto.createHash('sha256').update(jwtToken).digest('hex');
+            user.activeSessions.push({
+                tokenHash,
+                device,
+                createdAt: new Date()
+            });
+            await user.save();
+
+            return { token: jwtToken, user: userObj };
+        } catch (error) {
+            logger.error('Error in loginWithMagicLink', { error: error.message });
+            throw error;
+        }
+    }
+
+    // Get active sessions
+    async getActiveSessions(userId) {
+        const user = await this.getUser(userId);
+        return user.activeSessions || [];
+    }
+
+    // Get login history
+    async getLoginHistory(userId) {
+        const user = await this.getUser(userId);
+        return user.loginHistory || [];
+    }
+
+    // Revoke an active session token
+    async revokeSession(userId, tokenHash) {
+        try {
+            const user = await this.getUser(userId);
+            user.activeSessions = user.activeSessions.filter(s => s.tokenHash !== tokenHash);
+            await user.save();
+            logger.info('Session revoked successfully', { userId, tokenHash });
+            return true;
+        } catch (error) {
+            logger.error('Error in revokeSession', { userId, tokenHash, error: error.message });
+            throw error;
+        }
+    }
 }
 
 export default UserService;