import { Router } from "express"; import { upsertProfile, login, sendOtp, signup, verifyOtp, socialLogin, deleteAccount, autoLogin, logout, forgotPassword, changePassword, changePasswordUser, } from "../controllers/authController"; import { handleMediaFilesLocal } from "../utils/Mutlipart"; import { checkBearer } from "../middleware/checkBearer"; import { checkAuth } from "../middleware/checkAuth"; const router = Router(); // POST Routes router.post("/signup", checkBearer, signup); router.post("/login", checkBearer, login); router.post("/verify-otp", checkBearer, verifyOtp); router.post("/send-otp", checkBearer, sendOtp); router.post("/forgot-password", checkBearer, forgotPassword); router.post("/change-password", checkAuth, changePassword); /** Mobile reset: { password, confirm_password } + Bearer JWT (after verify-otp). */ router.post("/changePassword", checkAuth, changePasswordUser); router.post("/social-login", checkBearer, socialLogin); router.post("/auto-login", checkAuth, autoLogin); router.post("/logout", checkAuth, logout); router.post("/update-profile", checkAuth, handleMediaFilesLocal.single("file"), upsertProfile); // GET Routes router.get("/delete-account", checkAuth, deleteAccount); export default router; /** * @swagger * tags: * name: Authentication * description: User authentication and profile management */ /** * @swagger * /api/v1/auth/signup: * post: * summary: Register a new user * tags: [Authentication] * requestBody: * required: true * content: * application/json: * schema: * type: object * required: * - email * - password * properties: * email: * type: string * format: email * example: user@example.com * password: * type: string * format: password * minLength: 8 * example: password123 * responses: * 200: * description: User registered successfully, OTP sent * 400: * description: Bad request (validation error or user already exists) * 500: * description: Internal server error */ /** * @swagger * /api/v1/auth/login: * post: * summary: Authenticate user * tags: [Authentication] * requestBody: * required: true * content: * application/json: * schema: * type: object * required: * - email * - password * properties: * email: * type: string * format: email * example: user@example.com * password: * type: string * format: password * example: password123 * responses: * 200: * description: Successfully authenticated * content: * application/json: * schema: * type: object * properties: * user: * $ref: '#/components/schemas/User' * token: * type: string * 400: * description: Invalid credentials or account not verified * 404: * description: User not found * 500: * description: Internal server error */ /** * @swagger * /api/v1/auth/verify-otp: * post: * summary: Verify OTP (signup or password reset) * tags: [Authentication] * requestBody: * required: true * content: * application/json: * schema: * type: object * required: * - userId * - otp * properties: * userId: * type: string * otp: * type: string * responses: * 200: * description: OTP confirmed (token if unverified; otpVerified if already verified — forgot password) * 400: * description: Invalid or expired OTP * 404: * description: User not found */ /** * @swagger * /api/v1/auth/send-otp: * post: * summary: Send OTP to user's email * tags: [Authentication] * requestBody: * required: true * content: * application/json: * schema: * type: object * properties: * email: * type: string * format: email * userId: * type: string * reason: * type: string * enum: [registration, password_reset, forgot_password] * default: registration * responses: * 200: * description: OTP sent * 404: * description: User not found * 500: * description: Internal server error */ /** * @swagger * /api/v1/auth/forgot-password: * post: * summary: Initiate password reset * tags: [Authentication] * requestBody: * required: true * content: * application/json: * schema: * type: object * required: * - email * properties: * email: * type: string * format: email * example: user@example.com * responses: * 200: * description: Password reset OTP sent * 400: * description: Account is banned * 404: * description: User not found * 500: * description: Internal server error */ /** * @swagger * /api/v1/auth/change-password: * post: * summary: Change user password * tags: [Authentication] * security: * - bearerAuth: [] * requestBody: * required: true * content: * application/json: * schema: * type: object * required: * - oldPassword * - newPassword * properties: * oldPassword: * type: string * format: password * example: oldPassword123 * newPassword: * type: string * format: password * minLength: 8 * example: newPassword123 * responses: * 200: * description: Password changed successfully * 400: * description: Old password is incorrect * 404: * description: User not found * 500: * description: Internal server error */ /** * @swagger * /api/v1/auth/social-login: * post: * summary: Authenticate using social providers * tags: [Authentication] * requestBody: * required: true * content: * application/json: * schema: * type: object * required: * - role * - accessToken * - provider * properties: * role: * type: string * enum: [USER, ADMIN] * example: USER * accessToken: * type: string * provider: * type: string * enum: [google, apple] * example: google * deviceToken: * type: string * deviceType: * type: string * enum: [ANDROID, IOS, WEB] * responses: * 200: * description: Successfully authenticated * content: * application/json: * schema: * type: object * properties: * user: * $ref: '#/components/schemas/User' * token: * type: string * 400: * description: Invalid provider or account already exists with different role * 500: * description: Internal server error */ /** * @swagger * /api/v1/auth/upsert-profile: * post: * summary: Create or update user profile * tags: [Authentication] * security: * - bearerAuth: [] * consumes: * - multipart/form-data * parameters: * - in: formData * name: file * type: file * description: The profile image to upload * requestBody: * required: true * content: * multipart/form-data: * schema: * type: object * properties: * fullName: * type: string * dob: * type: string * format: date * address: * type: string * phoneNumber: * type: string * deviceToken: * type: string * location: * type: object * description: GeoJSON Point [longitude, latitude] with optional address and label * properties: * type: * type: string * enum: [Point] * coordinates: * type: array * items: * type: number * minItems: 2 * maxItems: 2 * address: * type: string * label: * type: string * type: * type: string * enum: [create, update] * responses: * 200: * description: Profile created/updated successfully * content: * application/json: * schema: * $ref: '#/components/schemas/User' * 400: * description: Validation error * 404: * description: User not found * 500: * description: Internal server error */ /** * @swagger * /api/v1/auth/auto-login: * post: * summary: Auto-login using existing token * tags: [Authentication] * security: * - bearerAuth: [] * responses: * 200: * description: Successfully authenticated * content: * application/json: * schema: * type: object * properties: * user: * $ref: '#/components/schemas/User' * token: * type: string * 401: * description: Unauthorized * 500: * description: Internal server error */ /** * @swagger * /api/v1/auth/logout: * post: * summary: Logout user * tags: [Authentication] * security: * - bearerAuth: [] * responses: * 200: * description: Successfully logged out * 500: * description: Internal server error */ /** * @swagger * /api/v1/auth/delete-account: * get: * summary: Delete user account * tags: [Authentication] * security: * - bearerAuth: [] * responses: * 200: * description: Account deleted successfully * 404: * description: User not found * 500: * description: Internal server error */ /** * @swagger * components: * schemas: * User: * type: object * properties: * _id: * type: string * email: * type: string * format: email * fullName: * type: string * phone: * type: string * address: * type: string * dob: * type: string * format: date * image: * type: string * isVerified: * type: boolean * isProfileCompleted: * type: boolean * userType: * type: string * enum: [USER, ADMIN] * socialType: * type: string * enum: [google, apple] * location: * type: object * properties: * type: * type: string * enum: ['Point'] * coordinates: * type: array * items: * type: number * securitySchemes: * bearerAuth: * type: http * scheme: bearer * bearerFormat: JWT */