GitMetricsLab · nishanthkj · Oct 28, 2025 · Oct 28, 2025 · Oct 28, 2025 · Dec 10, 2025
diff --git a/backend/package.json b/backend/package.json
@@ -18,6 +18,7 @@
     "dotenv": "^16.4.5",
     "express": "^4.21.1",
     "express-session": "^1.18.1",
+    "jsonwebtoken": "^9.0.2",
     "mongoose": "^8.8.2",
     "passport": "^0.7.0",
     "passport-local": "^1.0.0"

diff --git a/backend/routes/auth.js b/backend/routes/auth.js
@@ -2,6 +2,7 @@ const express = require("express");
 const passport = require("passport");
 const User = require("../models/User");
 const router = express.Router();
+const jwt = require("jsonwebtoken");
 
 // Signup route
 router.post("/signup", async (req, res) => {
@@ -23,9 +24,16 @@ router.post("/signup", async (req, res) => {
 });
 
 // Login route
-router.post("/login", passport.authenticate('local'), (req, res) => {
-    res.status(200).json( { message: 'Login successful', user: req.user } );
-});
+router.post("/login", passport.authenticate("local", { session: false }), (req, res) => {
+    try {
+        const user = req.user;
+        const token = jwt.sign({ id: user.id }, process.env.SESSION_SECRET, { expiresIn: "1d" });
+        res.status(200).json({ message: "Login successful", token, user });
+    } catch (error) {
+        res.status(500).json({ message: "Login failed", error: error.message });
+    }
+}
+);
 
 // Logout route
 router.get("/logout", (req, res) => {
@@ -39,4 +47,62 @@ router.get("/logout", (req, res) => {
     });
 });
 
+// ---------------- AUTH MIDDLEWARE ----------------
+function requireAuth(req, res, next) {
+    const authHeader = req.headers.authorization;
+    if (!authHeader || !authHeader.startsWith("Bearer ")) {
+        return res.status(401).json({ message: "Missing or invalid token" });
+    }
+
+    const token = authHeader.split(" ")[1];
+    try {
+        const decoded = jwt.verify(token, process.env.SESSION_SECRET);
+        req.userId = decoded.id;
+        next();
+    } catch (err) {
+        return res.status(401).json({ message: "Invalid or expired token" });
+    }
+}
+
+// ---------------- GET PROFILE ----------------
+router.get("/profile", requireAuth, async (req, res) => {
+    try {
+        const user = await User.findById(req.userId).select("-password");
+        if (!user) return res.status(404).json({ message: "User not found" });
+        res.status(200).json({ user });
+    } catch (err) {
+        res.status(500).json({ message: "Error fetching profile", error: err.message });
+    }
+});
+
+// ---------------- EDIT PROFILE ----------------
+router.put("/profile", requireAuth, async (req, res) => {
+    try {
+        const updates = {};
+        const { username, email, bio, avatar, newPassword } = req.body;
+
+        if (username !== undefined) updates.username = username;
+        if (email !== undefined) updates.email = email;
+        if (bio !== undefined) updates.bio = bio;
+        if (avatar !== undefined) updates.avatar = avatar;
+
+        // Handle password update if newPassword is provided
+        if (newPassword !== undefined && newPassword.trim().length > 0) {
+            // Password will be hashed by the User model's pre-save hook
+            updates.password = newPassword;
+        }
+
+        const user = await User.findByIdAndUpdate(req.userId, updates, {
+            new: true,
+            runValidators: true,
+            select: "-password",
+        });
+
+        if (!user) return res.status(404).json({ message: "User not found" });
+
+        res.status(200).json({ message: "Profile updated successfully", user });
+    } catch (err) {
+        res.status(500).json({ message: "Error updating profile", error: err.message });
+    }
+});
 module.exports = router;
diff --git a/lib/api.ts b/lib/api.ts
@@ -0,0 +1,25 @@
+/// <reference types="vite/client" />
+// src/services/api.ts
+import axios from "axios";
+
+// Backend base URL from .env
+const backendUrl = import.meta.env.VITE_BACKEND_URL;
+
+const api = axios.create({
+  baseURL: backendUrl,
+  headers: { "Content-Type": "application/json" },
+});
+
+//  Interceptor to attach token from localStorage
+api.interceptors.request.use(
+  (config) => {
+    const token = localStorage.getItem("token");
+    if (token) {
+      config.headers.Authorization = `Bearer ${token}`;
+    }
+    return config;
+  },
+  (error) => Promise.reject(error)
+);
+
+export default api;
diff --git a/public/profile.svg b/public/profile.svg
diff --git a/src/Routes/Router.tsx b/src/Routes/Router.tsx
@@ -1,4 +1,5 @@
-import { Routes, Route } from "react-router-dom";
+import { Routes, Route, useNavigate } from "react-router-dom";
+import { useEffect, useState } from "react";
 import Tracker from "../pages/Tracker/Tracker.tsx";
 import About from "../pages/About/About";
 import Contact from "../pages/Contact/Contact";
@@ -7,8 +8,23 @@ import Signup from "../pages/Signup/Signup.tsx";
 import Login from "../pages/Login/Login.tsx";
 import ContributorProfile from "../pages/ContributorProfile/ContributorProfile.tsx";
 import Home from "../pages/Home/Home.tsx";
+import Profile from "../pages/Profile/Profile.tsx";
+import ProtectedRoute from "../components/ProtectedRoute.tsx";
+import EditProfile from "../pages/Editprofile/EditProfile.tsx";
 
 const Router = () => {
+  const [isAuthenticated, setIsAuthenticated] = useState(
+    !!localStorage.getItem("token")
+  );
+  useEffect(() => {
+    const syncAuth = () => setIsAuthenticated(!!localStorage.getItem("token"));
+    window.addEventListener("authChange", syncAuth);
+    window.addEventListener("storage", syncAuth);
+    return () => {
+      window.removeEventListener("authChange", syncAuth);
+      window.removeEventListener("storage", syncAuth);
+    };
+  }, []);
   return (
     <Routes>
       <Route path="/" element={<Home />} />
@@ -19,6 +35,23 @@ const Router = () => {
       <Route path="/contact" element={<Contact />} />
       <Route path="/contributors" element={<Contributors />} />
       <Route path="/contributor/:username" element={<ContributorProfile />} />
+      {/*  Protected route */}
+      <Route
+        path="/profile"
+        element={
+          <ProtectedRoute isAuthenticated={isAuthenticated}>
+            <Profile />
+          </ProtectedRoute>
+        }
+      />
+      <Route
+        path="/profile/edit"
+        element={
+          <ProtectedRoute isAuthenticated={isAuthenticated}>
+            <EditProfile />
+          </ProtectedRoute>
+        }
+      />
     </Routes>
   );
 };

diff --git a/src/components/Navbar.tsx b/src/components/Navbar.tsx
@@ -1,11 +1,57 @@
-import { Link } from "react-router-dom";
-import { useState, useContext } from "react";
+import { Link, useNavigate, useLocation } from "react-router-dom";
+import { useState, useContext, useEffect } from "react";
 import { ThemeContext } from "../context/ThemeContext";
-import { Moon, Sun } from 'lucide-react';
-
+import { Moon, Sun } from "lucide-react";
+import { useRef } from "react";
 
 const Navbar: React.FC = () => {
+  const navigate = useNavigate();
+  const location = useLocation();
+
+  const [menuOpen, setMenuOpen] = useState(false);
+  const menuRef = useRef<HTMLDivElement>(null);
+
+  useEffect(() => {
+    const onClick = (e: MouseEvent) => {
+      if (menuRef.current && !menuRef.current.contains(e.target as Node))
+        setMenuOpen(false);
+    };
+
+    const onStorage = (e: StorageEvent) => {
+      if (e.key === "token") setIsAuthed(!!e.newValue);
+    };
+
+    const onAuthChange = () => {
+      setIsAuthed(!!localStorage.getItem("token"));
+    };
+
+    window.addEventListener("storage", onStorage);
+    window.addEventListener("authChange", onAuthChange);
+    window.addEventListener("click", onClick);
+    return () => {
+      window.removeEventListener("storage", onStorage);
+      window.removeEventListener("authChange", onAuthChange);
+      window.removeEventListener("click", onClick);
+    };
+  }, []);
+
+  useEffect(() => {
+    setIsOpen(false); // close mobile menu on navigation
+  }, [location.pathname]);
+
+  const handleLogout = () => {
+    localStorage.removeItem("token");
+    localStorage.removeItem("user");
+    setIsAuthed(false);
+    setUser(null);
+    // notify same-tab listeners
+    window.dispatchEvent(new Event("authChange"));
+    navigate("/login");
+  };
 
+  const [isAuthed, setIsAuthed] = useState<boolean>(
+    !!localStorage.getItem("token")
+  );
   const [isOpen, setIsOpen] = useState<boolean>(false);
   const themeContext = useContext(ThemeContext);
 
@@ -46,12 +92,97 @@ const Navbar: React.FC = () => {
           >
             Contributors
           </Link>
-          <Link
-            to="/login"
-            className="text-lg font-medium hover:text-gray-300 transition-all px-2 py-1 border border-transparent hover:border-gray-400 rounded"
-          >
-            Login
-          </Link>
+          {/* replace your auth block with this */}
-          {/* replace your auth block with this */}
+          {isAuthed ? (
-          {/* replace your auth block with this */}
+          {isAuthed ? (
+          {isAuthed ? (
+            <div className="relative" ref={menuRef}>
+              <button
+                onClick={() => setMenuOpen((v) => !v)}
+                className="flex items-center gap-2 px-2 py-1 rounded hover:bg-gray-100 dark:hover:bg-gray-800 transition"
+                aria-haspopup="menu"
+                aria-expanded={menuOpen}
+              >
+                {/* Avatar Icon */}
+                <img
+                  src={
+                    JSON.parse(localStorage.getItem("user") || "{}")
+                      ?.avatarUrl || "/profile.svg"
+                  }
+                  alt="avatar"
+                  className="h-8 w-8 rounded-full object-cover border border-gray-300 dark:border-gray-600"
+                />
+
+                {/* Username beside icon */}
+                {/* <span className="text-sm font-medium">
+                  {JSON.parse(localStorage.getItem("user") || "{}")?.username ||
+                    "Me"}
+                </span> */}
+
+                {/* Chevron icon */}
+                <svg
+                  className={`h-4 w-4 transition-transform ${
+                    menuOpen ? "rotate-180" : ""
+                  }`}
+                  viewBox="0 0 20 20"
+                  fill="currentColor"
+                >
+                  <path d="M5.25 7.5L10 12.25L14.75 7.5H5.25Z" />
+                </svg>
+              </button>
+
+              {/* Dropdown Menu */}
+              {menuOpen && (
+                <div
+                  role="menu"
+                  className="absolute right-0 mt-2 w-56 rounded-lg border border-gray-200 dark:border-gray-700 bg-white dark:bg-gray-800 shadow-lg p-2"
+                >
+                  {/* User Info */}
+                  <div className="px-3 py-2 border-b border-gray-100 dark:border-gray-700">
+                    <p className="text-sm font-semibold text-gray-900 dark:text-gray-100">
+                      {JSON.parse(localStorage.getItem("user") || "{}")
+                        ?.username || "User"}
+                    </p>
+                    <p className="text-xs text-gray-500 dark:text-gray-400 truncate">
+                      {JSON.parse(localStorage.getItem("user") || "{}")
+                        ?.email || "email@example.com"}
+                    </p>
+                  </div>
+
+                  {/* Menu Links */}
+                  <Link
+                    to="/profile"
+                    className="block px-3 py-2 text-sm rounded hover:bg-gray-100 dark:hover:bg-gray-700"
+                    onClick={() => setMenuOpen(false)}
+                  >
+                    View Profile
+                  </Link>
+                  <Link
+                    to="/profile/edit"
+                    className="block px-3 py-2 text-sm rounded hover:bg-gray-100 dark:hover:bg-gray-700"
+                    onClick={() => setMenuOpen(false)}
+                  >
+                    Edit Profile
+                  </Link>
+                  <button
+                    onClick={() => {
+                      setMenuOpen(false);
+                      handleLogout();
+                    }}
+                    className="block w-full text-left px-3 py-2 text-sm rounded hover:bg-gray-100 dark:hover:bg-gray-700"
+                  >
+                    Logout
+                  </button>
+                </div>
+              )}
+            </div>
+          ) : (
+            <Link
+              to="/login"
+              className="text-lg font-medium hover:text-gray-300 transition-all px-2 py-1 border border-transparent hover:border-gray-400 rounded"
+            >
+              Login
+            </Link>
+          )}
+
           <button
             onClick={toggleTheme}
             className="text-sm font-semibold px-3 py-1 rounded border border-gray-500 hover:text-gray-300 hover:border-gray-300 transition duration-200"
@@ -117,13 +248,33 @@ const Navbar: React.FC = () => {
             >
               Contributors
             </Link>
-            <Link
-              to="/login"
-              className="block text-lg font-medium hover:text-gray-300 transition-all px-2 py-1 border border-transparent hover:border-gray-400 rounded"
-              onClick={() => setIsOpen(false)}
-            >
-              Login
-            </Link>
+            {isAuthed ? (
+              <>
+                <Link
+                  to="/profile"
+                  className="block text-lg font-medium hover:text-gray-300 transition-all px-2 py-1 border border-transparent hover:border-gray-400 rounded"
+                  onClick={() => setIsOpen(false)}
+                >
+                  Profile
+                </Link>
+                <button
+                  onClick={() => {
+                    handleLogout();
+                  }}
+                  className="block text-left text-lg font-medium px-2 py-1 border border-transparent hover:border-gray-400 rounded w-full"
+                >
+                  Logout
+                </button>
+              </>
+            ) : (
+              <Link
+                to="/login"
+                className="block text-lg font-medium hover:text-gray-300 transition-all px-2 py-1 border border-transparent hover:border-gray-400 rounded"
+                onClick={() => setIsOpen(false)}
+              >
+                Login
+              </Link>
+            )}
             <button
               onClick={() => {
                 toggleTheme();