🔐 Backend Feature Request: Implement Authentication System

[Soumipal56]

Currently, the backend does not include any authentication or authorization system. Users cannot securely register, log in, or access protected resources. This creates security limitations and prevents implementation of user-specific functionalities in the future.

A proper backend authentication system should be added to improve security, scalability, and overall backend architecture.

🚀 Proposed Features
👤 User Authentication APIs

Implement the following APIs:

Register / Signup API

1. Login API
2. Logout API

🛡️ Security Enhancements
Authentication should follow secure backend practices:

1. Password hashing using bcrypt
2. JWT-based authentication
3. Secure environment variables for secrets
4. Proper validation and error handling

🔑 Authorization & Protected Routes
Add middleware and route protection for:

1. Private APIs
2. Authenticated user access
3. Unauthorized access handling

🗄️ Database Integration
Create proper user management structure:

1. User schema/model
2. Secure credential storage
3. Duplicate email/user validation
4. Login credential verification

⚙️ Additional Features
Optional but recommended improvements:

1. Forgot Password functionality
2. Reset Password support
3. Input sanitization and validation

🎯 Expected Outcome
After implementation, the backend should:

1. Securely handle user authentication
2. Protect restricted APIs and routes
3. Improve overall application security
4. Provide a scalable authentication structure
5. Follow industry-standard backend practices

✨ Benefits

1. Better backend security
2. Improved scalability
3. Foundation for future user-based features
4. Cleaner backend architecture
5. Professional authentication workflow

[streakop]

Hi! I'd love to work on this issue. This looks like a great addition to the backend.

I've taken a look at the current stack (Fastify + Prisma + Zod), and here is my proposed implementation plan to get this done:

1. Database Schema Update (prisma/schema.prisma)

• Add an optional password_hash field to the User model.
• Make the existing provider and provider_id fields optional or give them default values like "local", so that we can support standard email/password registration without breaking the structure for future/existing OAuth integrations.

2. Dependencies

• Install bcrypt (or bcryptjs) for secure password hashing.
• I noticed @fastify/jwt is already in the package.json, so we can utilize that for the token generation and verification.

3. Authentication Module (/api/auth)

• POST /register: Validate the incoming body (email, username, password) using Zod. Hash the password with bcrypt, and insert the new user into the database via Prisma.
• POST /login: Validate credentials. Retrieve the user by email, compare the bcrypt hash, and sign a JWT using @fastify/jwt using a secure JWT_SECRET from the environment.
• POST /logout: We can manage this by clearing an HTTP-only cookie (if we choose to issue tokens via cookies) or instructing the client to drop the token.

4. Route Protection Middleware

• Create a Fastify hook/plugin (request.jwtVerify()) to protect private APIs and handle unauthorized access automatically.

Let me know if this approach looks good to you! If so, could you please assign this issue to me so I can get started?

[Harxhit]

Hi, @Soumipal56

Thanks for creating this issue and for the detailed proposal!

I’ve checked the current codebase and it already have a JWT-based authentication system in place:

• @fastify/jwt is registered
• There’s an authenticate decorator
• Protected routes (like /me, profile updates, etc.) already use app.addHook('preHandler', app.authenticate) or manual request.jwtVerify()

The foundation for authentication is already there.