Implemented a checkAuth api to verify user authentication status and protect routes. The endpoint returns a 401 Unauthorized status and message if no user is authenticated. This aligns with the frontend task to ensure unauthorized users are redirected to the login page when attempting to access protected routes.
Notes
This PR enhances security by aligning backend route protection with frontend expectations.
Ensure testing covers both backend authentication checks and frontend redirection behaviors.
Test Steps
Testing Instructions for Postman
Start the backend server.
First try to access a protected route before being authenticated:
Endpoint: /api/logout
Method: GET
Headers: None
Expected Response: 401 Unauthorized with message "No token provided"
Then login to get authentication
Endpoint: /api/login
Method: POST
Headers: Content-Type: application/json
Body:
{
"email": "user@example.com",
"password": "password123"
}
Expected Response: 200 OK with user data and authentication token
Then try the same protected route after being authenticated
Endpoint: /api/logout
Method: GET
Headers: None
Expected Response: 200 OK with protected data
API Changes (if there are any)
Added checkAuth to verify user authentication status.
Checklist
[x] Pull Request title includes the issue number and a brief description of the change.
[x] All changes should be tested and verified to work correctly.
[x] Code follows backend best practices.
[x] Branch names follow the conventions in the contributing file.
[x] Commit messages follow the naming conventions in the contributing file.
[x] No sensitive data or secrets are included in the codebase.
PR Template Backend
One Line Description
Description
Notes
Test Steps
Start the backend server.
First try to access a protected route before being authenticated:
Then login to get authentication
Then try the same protected route after being authenticated
API Changes (if there are any) Added checkAuth to verify user authentication status.
Checklist