Fix session cookies with proper CORS and credentialed auth requests

Dockerfile.prod

@@ -7,12 +7,12 @@ WORKDIR /app
 # Copy package.json
 COPY package.json .
 
-# Install production dependencies using Yarn
-RUN npm install --production
+# Install dependencies (dev deps needed for the build step)
+RUN npm install
 # Copy the rest of the application files
 COPY . .
 
-# Build the frontend using Yarn
+# Build the frontend
 RUN npm run build
 
 # Stage 2: Serve the application with Nginx

backend/routes/auth.js

@@ -9,15 +9,21 @@ router.post("/signup", async (req, res) => {
     const { username,  email, password } = req.body;
 
     try {
-        const existingUser = await User.findOne( {email} );
+        const existingUser = await User.findOne({
+            $or: [{ email }, { username }],
+        });
 
         if (existingUser)
-            return res.status(400).json( {message: 'User already exists'} );
+            return res.status(400).json({ message: 'User already exists' });
 
-        const newUser = new User( {username, email, password} );
+        const newUser = new User({ username, email, password });
         await newUser.save();
-        res.status(201).json( {message: 'User created successfully'} );
+        res.status(201).json({ message: 'User created successfully' });
     } catch (err) {
+        if (err && err.code === 11000) {
+            return res.status(400).json({ message: 'User already exists' });
+        }
+
         res.status(500).json({ message: 'Error creating user', error: err.message });
     }
 });

backend/server.js

@@ -12,7 +12,15 @@ require('./config/passportConfig');
 const app = express();
 
 // CORS configuration
-app.use(cors('*'));
+const allowedOrigins = (process.env.FRONTEND_URL || 'http://localhost:5173')
+    .split(',')
+    .map((origin) => origin.trim())
+    .filter(Boolean);
+
+app.use(cors({
+    origin: allowedOrigins,
+    credentials: true,
+}));
 
 // Middleware
 app.use(bodyParser.json());

spec/auth.routes.spec.cjs

@@ -57,6 +57,15 @@ describe('Auth Routes', () => {
     expect(res.body.message).toBe('User already exists');
   });
 
+  it('should not sign up a user with existing username', async () => {
+    await new User({ username: 'testuser', email: 'test@example.com', password: 'password123' }).save();
+    const res = await request(app)
+      .post('/auth/signup')
+      .send({ username: 'testuser', email: 'test2@example.com', password: 'password456' });
+    expect(res.status).toBe(400);
+    expect(res.body.message).toBe('User already exists');
+  });
+
   it('should login a user with correct credentials', async () => {
     await request(app)
       .post('/auth/signup')

src/pages/Login/Login.tsx

@@ -30,7 +30,11 @@ const Login: React.FC = () => {
     setIsLoading(true);
 
     try {
-      const response = await axios.post(`${backendUrl}/api/auth/login`, formData);
+      const response = await axios.post(
+        `${backendUrl}/api/auth/login`,
+        formData,
+        { withCredentials: true }
+      );
       setMessage(response.data.message);
 
       if (response.data.message === 'Login successful') {

src/pages/Signup/Signup.tsx

@@ -25,8 +25,10 @@ const navigate = useNavigate();
   const handleSubmit = async (e: React.FormEvent) => {
     e.preventDefault();
     try {
-      const response = await axios.post(`${backendUrl}/api/auth/signup`,
-        formData // Include cookies for session
+      const response = await axios.post(
+        `${backendUrl}/api/auth/signup`,
+        formData,
+        { withCredentials: true }
       );
       setMessage(response.data.message); // Show success message from backend