feat: implement forgot password functionality with email integration

Author: pratyushjha06

client/src/modules/auth/v1/reset-password/index.tsx

@@ -43,32 +43,44 @@ const ResetPassword = () => {
   const [email, setEmail] = useState('');
   const [loading, setLoading] = useState(false);
   const [error, setError] = useState('');
+  const [success, setSuccess] = useState(false);
   const navigate = useNavigate();
 
   const handleSubmit = async (e: React.FormEvent<HTMLFormElement>) => {
     e.preventDefault();
     setLoading(true);
     setError('');
+    setSuccess(false);
 
     try {
-      // TODO: Implement password reset API call here
-      console.log('Reset password for:', email);
-
-      // Simulate API call
-      setTimeout(() => {
-        setLoading(false);
-        alert('Password reset link sent to your email!');
+      const response = await fetch('http://localhost:8000/api/auth/forgot-password', {
+        method: 'POST',
+        headers: {
+          'Content-Type': 'application/json',
+        },
+        body: JSON.stringify({ email }),
+      });
+
+      const data = await response.json();
+
+      if (response.ok) {
+        setSuccess(true);
         setEmail(''); // Clear email after success
-      }, 2000);
+      } else {
+        setError(data.message || 'Failed to send reset link. Please try again.');
+      }
     } catch (err) {
-      setError('Something went wrong. Please try again.');
+      setError('Something went wrong. Please try again later.');
       console.error('Error:', err);
+    } finally {
       setLoading(false);
     }
   };
 
   const handleEmailChange = (e: React.ChangeEvent<HTMLInputElement>) => {
     setEmail(e.target.value);
+    setError(''); // Clear error when user types
+    setSuccess(false); // Clear success when user types
   };
 
   return (
@@ -95,6 +107,23 @@ const ResetPassword = () => {
             Enter your email address to receive a link to reset your password.
           </Typography>
 
+          {success && (
+            <Typography
+              sx={{
+                color: 'success.main',
+                fontSize: '0.9rem',
+                mb: 1,
+                width: '100%',
+                textAlign: 'center',
+                backgroundColor: 'success.light',
+                padding: '8px 12px',
+                borderRadius: '4px',
+              }}
+            >
+              Password reset link sent successfully! Check your email.
+            </Typography>
+          )}
+
           {error && (
             <Typography
               sx={{
@@ -103,6 +132,9 @@ const ResetPassword = () => {
                 mb: 1,
                 width: '100%',
                 textAlign: 'center',
+                backgroundColor: 'error.light',
+                padding: '8px 12px',
+                borderRadius: '4px',
               }}
             >
               {error}

server/.env.example

@@ -27,3 +27,10 @@ CLOUDINARY_API_SECRET=
 # Admin Credentials (for sending emails)
 ADMIN_EMAIL=
 RESEND_API_KEY=
+
+# Email Configuration (for password reset)
+EMAIL_HOST=smtp.gmail.com
+EMAIL_PORT=587
+EMAIL_USER=youremailid
+EMAIL_PASSWORD=your-16-char-app-password-here
+FRONTEND_URL=http://localhost:5173

server/.gitignore

@@ -0,0 +1,3 @@
+"" 
+"# Environment variables" 
+".env" 

server/package-lock.json

@@ -45,7 +45,7 @@
     "morgan": "^1.10.1",
     "multer": "^1.4.5-lts.1",
     "nanoid": "^5.1.2",
-    "nodemailer": "^7.0.5",
+    "nodemailer": "^7.0.13",
     "rate-limiter-flexible": "^7.3.0",
     "resend": "^6.1.2",
     "sanitize-html": "^2.17.0",

server/package.json

@@ -0,0 +1,80 @@
+import { sendResponse } from '../../utils/response.js';
+import nodemailer from 'nodemailer';
+import crypto from 'crypto';
+
+const forgotPassword = async (req, res) => {
+  try {
+    const { email } = req.body;
+
+    // Validate email
+    if (!email) {
+      return sendResponse(res, 400, 'Email is required');
+    }
+
+    // TODO: Check if user exists in database
+    // const user = await User.findOne({ email });
+    // if (!user) {
+    //   return sendResponse(res, 404, 'User not found');
+    // }
+
+    // Generate reset token
+    const resetToken = crypto.randomBytes(32).toString('hex');
+    const resetTokenExpiry = Date.now() + 3600000; // 1 hour
+
+    // TODO: Save token to database
+    // user.passwordResetToken = resetToken;
+    // user.passwordResetExpires = resetTokenExpiry;
+    // await user.save();
+
+    // Create reset URL
+    const resetUrl = `${process.env.FRONTEND_URL || 'http://localhost:5173'}/reset-password/${resetToken}`;
+
+    // Configure email transporter
+    const transporter = nodemailer.createTransport({
+      host: process.env.EMAIL_HOST || 'smtp.gmail.com',
+      port: process.env.EMAIL_PORT || 587,
+      secure: false,
+      auth: {
+        user: process.env.EMAIL_USER,
+        pass: process.env.EMAIL_PASSWORD,
+      },
+    });
+
+    // Email content
+    const mailOptions = {
+      from: `"Code A2Z" <${process.env.EMAIL_USER}>`,
+      to: email,
+      subject: 'Password Reset Request',
+      html: `
+        <div style="font-family: Arial, sans-serif; padding: 20px;">
+          <h2>Password Reset Request</h2>
+          <p>You requested a password reset for your Code A2Z account.</p>
+          <p>Click the link below to reset your password:</p>
+          <a href="${resetUrl}" style="display: inline-block; padding: 10px 20px; background-color: #4CAF50; color: white; text-decoration: none; border-radius: 5px;">Reset Password</a>
+          <p style="margin-top: 20px;">This link will expire in 1 hour.</p>
+          <p>If you didn't request this, please ignore this email.</p>
+        </div>
+      `,
+    };
+
+    // Send email
+    await transporter.sendMail(mailOptions);
+
+    console.log('Password reset email sent to:', email);
+
+    return sendResponse(
+      res,
+      200,
+      'Password reset link sent successfully to your email'
+    );
+  } catch (err) {
+    console.error('Forgot password error:', err);
+    return sendResponse(
+      res,
+      500,
+      err.message || 'Failed to send reset link. Please try again later.'
+    );
+  }
+};
+
+export default forgotPassword;

server/src/controllers/auth/forgot-password.js

@@ -7,6 +7,7 @@ import login from '../../controllers/auth/login.js';
 import changePassword from '../../controllers/auth/change-password.js';
 import refresh from '../../controllers/auth/refresh.js';
 import logout from '../../controllers/auth/logout.js';
+import forgotPassword from '../../controllers/auth/forgot-password.js';
 
 const authRoutes = express.Router();
 
@@ -15,5 +16,6 @@ authRoutes.post('/login', login);
 authRoutes.post('/refresh', refresh);
 authRoutes.post('/logout', logout);
 authRoutes.patch('/change-password', authenticateUser, changePassword);
+authRoutes.post('/forgot-password', forgotPassword);
 
 export default authRoutes;

server/src/routes/api/auth.routes.js

@@ -44,6 +44,14 @@ const USER_SCHEMA = Schema(
           return `https://api.dicebear.com/6.x/${profile_imgs_collections_list[Math.floor(Math.random() * profile_imgs_collections_list.length)]}/svg?seed=${profile_imgs_name_list[Math.floor(Math.random() * profile_imgs_name_list.length)]}`;
         },
       },
+      resetToken: {
+        type: String,
+        default: null,
+      },
+      resetTokenExpiry: {
+        type: Date,
+        default: null,
+      },
     },
     social_links: {
       youtube: {