feat: move /me route logic into getMe controller function

[jikrana1]

📋 Pull Request — Move /me Route Logic into authController.js (getMe Controller)

🔗 Related Issue

Closes #236 — Move /me route logic from authRoutes.js into authController.js (getMe controller)

---

📝 Summary

The /me (get current user) route had its entire business logic — DB query, active-user check, response formatting, and error handling — written directly as an inline anonymous async function inside authRoutes.js. This violates separation of concerns. This PR extracts that logic into a dedicated getMe controller function in authController.js, keeping the route file clean and focused only on routing.

---

🐛 Root Cause

#	Problem	Fix Applied
1	/me route had inline DB query + business logic in authRoutes.js	Extracted into getMe function in authController.js
2	Route file contained async (req, res) => { ... } with full DB and response logic	Replaced with clean one-liner: router.get("/me", authMiddleware, getMe)
3	getMe was not exported from controller	Added getMe to module.exports in authController.js

---

✅ Changes Made

Modified Files

File	What Changed
controllers/authController.js	Added getMe async function with DB query, active-user check, response formatting, and error handling; exported from module.exports
routes/authRoutes.js	Imported getMe from controller; replaced inline anonymous async function with router.get("/me", authMiddleware, getMe)

---

🎨 Code Quality Improvements

• Route file now only defines endpoints and wires middleware/controllers — no business logic
• getMe is independently testable as a controller function
• Consistent with MVC pattern already applied to signup, login, forgotPassword, etc. in the same project
• Cleaner, more readable authRoutes.js

---

🧪 Testing Checklist

• GET /api/auth/me returns correct id, name, email, role for authenticated user
• Returns 404 when user not found in DB
• Returns 403 when user account is deactivated (is_active === 0)
• Returns 500 on server/DB error
• authMiddleware still correctly guards the route (returns 401 without valid token)
• No regression on other auth routes (/login, /signup, /logout, etc.)
• No console errors on server startup

---

💻 How to Test Locally

# Start server
npm run dev

# Test /me endpoint with valid token
curl -X GET http://localhost:5000/api/auth/me \
  -H "Authorization: Bearer <your_access_token>"

---

📌 Coding Standards Followed

• MVC pattern — routes only wire middleware and controllers, no inline business logic
• No new dependencies added
• No change to DB schema or existing controller functions
• Error handling consistent with other controller functions in the project

[vercel]

Someone is attempting to deploy a commit to the Bhuvansh's projects Team on Vercel.

A member of the Team first needs to authorize it.

[BHUVANSH855]

The /me controller extraction looks good, but this PR also removes the rate limiter middleware imports and usages from multiple auth routes (signup, verify-signup, login, forgot-password, reset-password, and refresh-token).

This issue is only about moving the /me route logic into authController.js. Removing the existing rate limiters changes application behavior and weakens endpoint protection.

Please restore the existing rate limiter middleware and keep the PR focused on the /me refactor only.

[jikrana1]

Thanks for the review! You're right. The rate limiter middleware was restored in another PR that got merged after I had already created this branch, so those changes are missing here.

I can sync my branch with the latest main branch and resolve the conflicts to restore the existing rate limiters while keeping this PR focused only on the /me controller extraction.

If there are any specific conflicts or concerns, please let me know and I'll fix them accordingly.

[BHUVANSH855]

Thanks for the review! You're right. The rate limiter middleware was restored in another PR that got merged after I had already created this branch, so those changes are missing here.

I can sync my branch with the latest main branch and resolve the conflicts to restore the existing rate limiters while keeping this PR focused only on the /me controller extraction.

If there are any specific conflicts or concerns, please let me know and I'll fix them accordingly.

Thanks for the clarification. There are no additional concerns from my side.

Please sync/rebase with the latest main branch and restore the existing rate limiter imports and middleware usages so the PR remains focused solely on the /me controller extraction requested in #236.

Once those unrelated changes are removed and the rate limiters are restored, I'll re-review the PR.