Merge branch 'main' into feat/navbar-profile

Author: mehul-m-prajapati

README.md

@@ -43,7 +43,7 @@ Welcome to **GitHub Tracker**, a web app designed to help you monitor and analyz
 ## 🚀 Setup Guide
 1. Clone the repository to your local machine:
 ```bash
-$ git clone https://github.com/yourusername/github-tracker.git
+$ git clone https://github.com/GitMetricsLab/github_tracker.git
 ```
 
 2. Navigate to the project directory:
@@ -63,6 +63,16 @@ $ npm i
 $ npm start
 ```
 
+### Backend Environment Variables
+
+Create `backend/.env` for local backend runs:
+
+| Variable | Required | Purpose |
+| --- | --- | --- |
+| `MONGO_URI` | Yes | MongoDB connection string used by Mongoose and the persistent session store |
+| `SESSION_SECRET` | Yes | Secret used to sign Express session cookies |
+| `NODE_ENV` | No | Set to `production` to send session cookies only over HTTPS |
+
 ## 🧪 Backend Unit & Integration Testing with Jasmine
 
 This project uses the Jasmine framework for backend unit and integration tests. The tests cover:

backend/config/passportConfig.js

@@ -9,12 +9,12 @@ passport.use(
             try {
                 const user = await User.findOne( {email} );
                 if (!user) {
-                    return done(null, false, { message: 'Email is invalid '});
+                    return done(null, false, { message: 'Invalid email or password' });
                 }
 
                 const isMatch = await user.comparePassword(password);
                 if (!isMatch) {
-                    return done(null, false, { message: 'Invalid password' });
+                    return done(null, false, { message: 'Invalid email or password' });
                 }
 
                 return done(null, {
@@ -35,9 +35,13 @@ passport.serializeUser((user, done) => {
 });
 
 // Deserialize user (retrieve user from session)
+// .select('-password -__v') excludes the bcrypt hash from req.user so it
+// cannot be accidentally serialized into an API response.
+// .lean() returns a plain object instead of a Mongoose document, preventing
+// model methods from being accessible on req.user.
 passport.deserializeUser(async (id, done) => {
     try {
-        const user = await User.findById(id);
+        const user = await User.findById(id).select('-password -__v').lean();
         done(null, user);
     } catch (err) {
         done(err, null);

backend/config/session.js

@@ -0,0 +1,32 @@
+const MongoStore = require('connect-mongo');
+
+const SESSION_TTL_SECONDS = 14 * 24 * 60 * 60;
+
+function createSessionConfig({
+  mongoUrl = process.env.MONGO_URI,
+  sessionSecret = process.env.SESSION_SECRET,
+  nodeEnv = process.env.NODE_ENV,
+  storeFactory = MongoStore,
+} = {}) {
+  if (!mongoUrl) {
+    throw new Error('MONGO_URI is required to configure the session store');
+  }
+
+  return {
+    secret: sessionSecret,
+    resave: false,
+    saveUninitialized: false,
+    store: storeFactory.create({
+      mongoUrl,
+      ttl: SESSION_TTL_SECONDS,
+    }),
+    cookie: {
+      secure: nodeEnv === 'production',
+    },
+  };
+}
+
+module.exports = {
+  SESSION_TTL_SECONDS,
+  createSessionConfig,
+};

backend/data/discussions.json

@@ -0,0 +1,30 @@
+{
+  "discussions": [
+    {
+      "id": "b3808b42-91e4-4d81-991a-07a96d7a549f",
+      "title": "Test discussion from shell",
+      "body": "This is a sufficiently long discussion body to pass validation and save.",
+      "category": "Help",
+      "tags": [
+        "test",
+        "api"
+      ],
+      "authorId": "8d706914-51d9-40ca-981c-ac9dcb6a1881",
+      "authorName": "Guest",
+      "likes": [
+        "00000000-0000-0000-0000-000000000000"
+      ],
+      "comments": [
+        {
+          "id": "d1b1bcad-6989-49ff-a587-667f8426198e",
+          "text": "Yes",
+          "authorId": "00000000-0000-0000-0000-000000000000",
+          "authorName": "demo-user",
+          "createdAt": "2026-05-27T12:56:14.816Z"
+        }
+      ],
+      "createdAt": "2026-05-27T11:55:11.307Z",
+      "updatedAt": "2026-05-27T13:00:24.816Z"
+    }
+  ]
+}

backend/data/users.json

@@ -0,0 +1,10 @@
+{
+  "users": [
+    {
+      "id": "00000000-0000-0000-0000-000000000000",
+      "username": "demo-user",
+      "email": "user@example.com",
+      "password": "$2a$10$00000000000000000000000000000000000000000000000000000"
+    }
+  ]
+}

backend/models/Discussion.js

@@ -0,0 +1,81 @@
+const mongoose = require('mongoose');
+
+const CommentSchema = new mongoose.Schema(
+  {
+    text: {
+      type: String,
+      required: true,
+      trim: true,
+      maxlength: 1000,
+    },
+    authorId: {
+      type: String,
+      required: true,
+    },
+    authorName: {
+      type: String,
+      required: true,
+      trim: true,
+    },
+  },
+  { timestamps: true }
+);
+
+const DiscussionSchema = new mongoose.Schema(
+  {
+    title: {
+      type: String,
+      required: true,
+      trim: true,
+      minlength: 4,
+      maxlength: 140,
+    },
+    body: {
+      type: String,
+      required: true,
+      trim: true,
+      minlength: 20,
+      maxlength: 4000,
+    },
+    category: {
+      type: String,
+      required: true,
+      trim: true,
+      maxlength: 60,
+    },
+    tags: {
+      type: [
+        {
+          type: String,
+          trim: true,
+          maxlength: 30,
+        },
+      ],
+      default: [],
+    },
+    authorId: {
+      type: String,
+      required: true,
+    },
+    authorName: {
+      type: String,
+      required: true,
+      trim: true,
+    },
+    likes: {
+      type: [
+        {
+          type: String,
+        },
+      ],
+      default: [],
+    },
+    comments: {
+      type: [CommentSchema],
+      default: [],
+    },
+  },
+  { timestamps: true }
+);
+
+module.exports = mongoose.model('Discussion', DiscussionSchema);

backend/package.json

@@ -14,6 +14,7 @@
   "dependencies": {
     "bcryptjs": "^2.4.3",
     "body-parser": "^1.20.3",
+    "connect-mongo": "^5.1.0",
     "cors": "^2.8.5",
     "dotenv": "^16.4.5",
     "express": "^4.21.1",