feat: Enhance user registration process with transaction support and OTP generation

feat: Implement navigation utility for axios interceptors to improve error handling
refactor: Optimize LeetCode and GFG data updates with change detection
fix: Ensure proper rate limiting for registration requests

Author: codevoid048

client-test/src/App.tsx

@@ -1,5 +1,7 @@
-import { Navigate, BrowserRouter as Router, Routes, Route, useLocation } from 'react-router-dom';
+import { Navigate, BrowserRouter as Router, Routes, Route, useLocation, useNavigate } from 'react-router-dom';
 import { Toaster } from 'react-hot-toast';
+import { useEffect } from 'react';
+import { setNavigateFunction } from './lib/axios';
 import Home from './components/Home';
 import LoginPage from './components/Login';
 import RegisterPage from './components/SignUp';
@@ -107,6 +109,12 @@ function AdminApp() {
 
 function App() {
   const location = useLocation();
+  const navigate = useNavigate();
+
+  // Set up navigation function for axios interceptors
+  useEffect(() => {
+    setNavigateFunction(navigate);
+  }, [navigate]);
 
   // Render AdminApp or UserApp based on path
   return location.pathname.startsWith("/codingclubadmin") ? (

client-test/src/lib/axios.ts

@@ -1,5 +1,22 @@
 import axios, { AxiosError } from 'axios';
 import toast from 'react-hot-toast';
+import { NavigateFunction } from 'react-router-dom';
+
+// Navigation utility for use in interceptors
+let navigateFunction: NavigateFunction | null = null;
+
+export const setNavigateFunction = (navigate: NavigateFunction) => {
+  navigateFunction = navigate;
+};
+
+const navigateTo = (path: string) => {
+  if (navigateFunction) {
+    navigateFunction(path);
+  } else {
+    // Fallback to window.location if navigate function not set
+    window.location.href = path;
+  }
+};
 
 // API Error Response interface
 interface ApiErrorResponse {
@@ -72,7 +89,7 @@ axiosInstance.interceptors.response.use(
             redirectUrl: window.location.pathname
           }));
           if (typeof window !== 'undefined' && window.location.pathname !== '/login') {
-            window.location.href = '/unauthorized';
+            navigateTo('/unauthorized');
           }
           break;
         case 403:
@@ -82,7 +99,7 @@ axiosInstance.interceptors.response.use(
         case 404:
           // For API 404s, show toast unless it's a navigation request
           if (!config?.url?.includes('/api/')) {
-            window.location.href = '/404';
+            navigateTo('/404');
           } else {
             toast.error('The requested resource was not found');
           }
@@ -102,7 +119,7 @@ axiosInstance.interceptors.response.use(
           }));
           toast.error('Server error. Redirecting to error page...');
           setTimeout(() => {
-            window.location.href = '/server-error';
+            navigateTo('/server-error');
           }, 1500);
           break;
         default:
@@ -116,7 +133,7 @@ axiosInstance.interceptors.response.use(
       }));
       toast.error('Network error. Redirecting to error page...');
       setTimeout(() => {
-        window.location.href = '/network-error';
+        navigateTo('/network-error');
       }, 1500);
     } else {
       toast.error('An unexpected error occurred');

server/controllers/authController.js

@@ -83,77 +83,118 @@ export const registerUser = async (req, res) => {
       return res.status(400).json({ error: "Username must start with letters and contain only lowercase letters, numbers, and underscores" });
     }
 
-    // Use single query to check all unique constraints atomically
-    const [existingUser, existingUsername, existingRegNo] = await Promise.all([
-      User.findOne({ email: trimmedEmail }),
-      User.findOne({ username: trimmedUsername }),
-      User.findOne({ RegistrationNumber: trimmedRegNo })
-    ]);
-
-    if (existingUser && existingUser.isVerified) {
-      return res.status(400).json({ error: "Account already exists, please login" });
-    }
+    // Single query to check all unique constraints atomically within transaction
+    const session = await mongoose.startSession();
+    session.startTransaction();
+    
+    try {
+      const [existingUser, existingUsername, existingRegNo] = await Promise.all([
+        User.findOne({ email: trimmedEmail }).session(session),
+        User.findOne({ username: trimmedUsername }).session(session),
+        User.findOne({ RegistrationNumber: trimmedRegNo }).session(session)
+      ]);
+
+      if (existingUser && existingUser.isVerified) {
+        await session.abortTransaction();
+        session.endSession();
+        return res.status(400).json({ error: "Account already exists, please login" });
+      }
 
-    if (existingUsername && existingUsername.isVerified) {
-      return res.status(400).json({ error: "Username already exists, please choose another" });
-    }
+      if (existingUsername && existingUsername.isVerified) {
+        await session.abortTransaction();
+        session.endSession();
+        return res.status(400).json({ error: "Username already exists, please choose another" });
+      }
 
-    if (existingRegNo && existingRegNo.isVerified) {
-      return res.status(400).json({ error: "Registration number already exists" });
-    }
+      if (existingRegNo && existingRegNo.isVerified) {
+        await session.abortTransaction();
+        session.endSession();
+        return res.status(400).json({ error: "Registration number already exists" });
+      }
 
-    const salt = await bcrypt.genSalt(10);
-    const hashedPassword = await bcrypt.hash(password, salt);
+      const salt = await bcrypt.genSalt(10);
+      const hashedPassword = await bcrypt.hash(password, salt);
+
+      // Generate a 6-digit OTP
+      const otp = crypto.randomInt(100000, 999999).toString();
+      const nowIST = new Date(new Date().toLocaleString('en-US', { timeZone: 'Asia/Kolkata' }));
+      const otpExpires = nowIST.getTime() + 5 * 60 * 1000; // OTP expires in 5 minutes
+
+      // Use upsert with atomic operation to prevent race conditions
+      await User.findOneAndUpdate(
+        { email: trimmedEmail },
+        {
+          $set: {
+            email: trimmedEmail,
+            name: trimmedName,
+            username: trimmedUsername,
+            password: hashedPassword,
+            RegistrationNumber: trimmedRegNo,
+            branch: trimmedBranch,
+            collegeName: trimmedCollege,
+            isAffiliate: isAffiliate || false,
+            otp,
+            otpExpires,
+            isVerified: false,
+          }
+        },
+        { 
+          upsert: true, 
+          new: true,
+          setDefaultsOnInsert: true,
+          session
+        }
+      );
 
-    // Generate a 6-digit OTP
-    const otp = crypto.randomInt(100000, 999999).toString();
-    const nowIST = new Date(new Date().toLocaleString('en-US', { timeZone: 'Asia/Kolkata' }));
-    const otpExpires = nowIST.getTime() + 5 * 60 * 1000; // OTP expires in 5 minutes
+      await session.commitTransaction();
+      session.endSession();
 
-    // Use upsert with atomic operation to prevent race conditions
-    await User.findOneAndUpdate(
-      { email: trimmedEmail },
-      {
-        $set: {
-          email: trimmedEmail,
-          name: trimmedName,
-          username: trimmedUsername,
-          password: hashedPassword,
-          RegistrationNumber: trimmedRegNo,
-          branch: trimmedBranch,
-          collegeName: trimmedCollege,
-          isAffiliate: isAffiliate || false,
-          otp,
-          otpExpires,
-          isVerified: false,
-        }
-      },
-      { 
-        upsert: true, 
-        new: true,
-        // Prevent duplicate key errors during concurrent registrations
-        setDefaultsOnInsert: true
-      }
-    );
+      // Send OTP to user's email
+      await sendOTPEmail(trimmedEmail, otp);
 
-    // Send OTP to user's email
-    await sendOTPEmail(trimmedEmail, otp);
+      auditService.authEvent('registration_otp_sent', {
+        requestId: req.auditContext?.requestId,
+        email: trimmedEmail,
+        username: trimmedUsername,
+        collegeName: trimmedCollege,
+        branch: trimmedBranch
+      });
 
-    auditService.authEvent('registration_otp_sent', {
-      requestId: req.auditContext?.requestId,
-      email: trimmedEmail,
-      username: trimmedUsername,
-      collegeName: trimmedCollege,
-      branch: trimmedBranch
-    });
+      audit.complete({ 
+        email: trimmedEmail, 
+        username: trimmedUsername,
+        otpSent: true 
+      });
 
-    audit.complete({ 
-      email: trimmedEmail, 
-      username: trimmedUsername,
-      otpSent: true 
-    });
+      res.status(201).json({ message: "OTP sent to email. Verify to complete registration." });
+      
+    } catch (error) {
+      await session.abortTransaction();
+      session.endSession();
+      
+      if (error.code === 11000) { // MongoDB duplicate key error
+        const field = Object.keys(error.keyPattern || {})[0];
+        const fieldName = field === 'username' ? 'Username' : 
+                         field === 'RegistrationNumber' ? 'Registration number' : 'Email';
+        auditService.authEvent('registration_duplicate_error', {
+          requestId: req.auditContext?.requestId,
+          email: trimmedEmail,
+          duplicateField: field,
+          error: error.message
+        });
+        return res.status(400).json({ error: `${fieldName} already exists` });
+      }
+      
+      auditService.error('Registration failed', error, {
+        requestId: req.auditContext?.requestId,
+        email: req.body.email,
+        username: req.body.username,
+        ip: req.ip
+      });
 
-    res.status(201).json({ message: "OTP sent to email. Verify to complete registration." });
+      audit.error(error);
+      res.status(500).json({ error: error.message });
+    }
   } catch (error) {
     auditService.error('Registration failed', error, {
       requestId: req.auditContext?.requestId,

server/controllers/platformsController.js

@@ -49,24 +49,29 @@ export const leetcodeData = async (req, res) => {
     const rank = responseData?.matchedUser?.profile?.ranking || user.leetCode.rank || 0;
     const stats = responseData?.matchedUser?.submitStats?.acSubmissionNum || [];
     const totalSolved = stats.find(s => s.difficulty === "All")?.count || user.leetCode.solved || 0;
+    // Check if data actually changed before updating
+    const hasChanged = 
+      user.leetCode.rating !== rating || 
+      user.leetCode.rank !== rank || 
+      user.leetCode.solved !== totalSolved;
+
+    if (!hasChanged) {
+      return res.json({ 
+        success: true, 
+        message: "LeetCode data is already up to date",
+        modified: false
+      });
+    }
+
     // Use atomic update with user ID instead of username lookup to prevent race conditions
     const updateResult = await User.updateOne(
-      { 
-        _id: user._id,
-        // Only update if the data has actually changed to prevent unnecessary writes
-        $or: [
-          { 'leetCode.rating': { $ne: rating } },
-          { 'leetCode.rank': { $ne: rank } },
-          { 'leetCode.solved': { $ne: totalSolved } }
-        ]
-      }, 
+      { _id: user._id }, 
       { 
         $set: { 
           'leetCode.username': username, 
           'leetCode.rating': rating, 
           'leetCode.rank': rank, 
           'leetCode.solved': totalSolved,
-          'leetCode.lastUpdated': new Date()
         } 
       }
     );
@@ -99,23 +104,29 @@ export const geeksforgeeksData = async (req, res) => {
     const instituteRank = response.institute_rank || 0;
     const rating = response.rating || 0;
 
+    // Check if data actually changed before updating
+    const hasChanged = 
+      user.gfg.solved !== totalSolved || 
+      user.gfg.rank !== instituteRank || 
+      user.gfg.rating !== rating;
+
+    if (!hasChanged) {
+      return res.json({ 
+        success: true, 
+        message: "GFG data is already up to date",
+        modified: false
+      });
+    }
+
     // Use atomic update with change detection
     const updateResult = await User.updateOne(
-      { 
-        _id: user._id,
-        $or: [
-          { 'gfg.solved': { $ne: totalSolved } },
-          { 'gfg.rank': { $ne: instituteRank } },
-          { 'gfg.rating': { $ne: rating } }
-        ]
-      },
+      { _id: user._id },
       {
         $set: {
           'gfg.username': username,
           'gfg.solved': totalSolved,
           'gfg.rank': instituteRank,
           'gfg.rating': rating,
-          'gfg.lastUpdated': new Date()
         }
       }
     );

server/lib/db.js

@@ -1,4 +1,5 @@
 import mongoose from "mongoose"
+import auditService from "../services/auditService.js";
 const { default: cacheService } = await import("../services/cacheService.js");
 const { warmupLeaderboardCache } = await import("../utils/leaderBoardCache.js");
 
@@ -30,7 +31,8 @@ const connectDB = async () => {
                     console.error('Failed to warmup leaderboard cache:', error.message);
                 }
             } else if (attempt < maxAttempts) {
-                setTimeout(() => waitForRedisAndWarmup(attempt + 1), delay);
+                await new Promise(resolve => setTimeout(resolve, delay));
+                return waitForRedisAndWarmup(attempt + 1);
             } else {
                 console.error('Redis was not ready after maximum attempts. Skipping leaderboard cache warmup.');
             }

server/middleware/rateLimiter.js

@@ -126,4 +126,4 @@ export const rateLimitMiddleware = (maxRequests = MAX_REQUESTS_PER_WINDOW, windo
 // Specific rate limiters for different operations
 export const challengeUpdateRateLimit = rateLimitMiddleware(5, 60000); // 5 requests per minute for challenge updates
 export const platformUpdateRateLimit = rateLimitMiddleware(3, 120000); // 3 requests per 2 minutes for platform updates
-export const registrationRateLimit = rateLimitMiddleware(3, 60000); // 5 registrations per minute (per IP/user) - prevents spam but allows legitimate usage
+export const registrationRateLimit = rateLimitMiddleware(3, 60000); // 3 registrations per minute (per IP/user) - prevents spam but allows legitimate usage