Issue: Contact search should only be accessible to authenticated users
Description
The contact search functionality is currently accessible without verifying whether the user is authenticated. This can expose user data and allow unauthorized access to the user search system.
Contact discovery/search should only be available to users who are properly authenticated.
Expected Behavior
- Only authenticated users should be able to access the contact search feature.
- If an unauthenticated request is made to the contact search endpoint, the request should be rejected.
- The server should return an authentication error (e.g.,
401 Unauthorized).
- Frontend should only render the contact search UI for logged-in users.
Current Behavior
- Contact search can be accessed without authentication checks.
- Unauthorized users may be able to query the user database through the search endpoint.
Steps to Reproduce
- Send a request to the contact search endpoint without authentication.
- The server returns user search results instead of rejecting the request.
Example:
Proposed Solution
Backend
Add authentication middleware to the contact search route.
Example:
router.get("/search", authMiddleware, searchUsers);Responsibilities:
- Verify user authentication (JWT/session/token).
- Reject requests that do not contain valid authentication credentials.
Return response:
if the request is not authenticated.
Frontend
- Ensure the contact search component is only accessible after login.
- Use the authenticated state stored in the Zustand
AuthStore.
Example:
const user = useAuthStore((state) => state.user);
If user is null, the search UI should not be accessible.
Acceptance Criteria
- Contact search endpoint requires authentication.
- Unauthorized requests receive
401 Unauthorized.
- Search UI is only visible to logged-in users.
Environment
Backend: Node.js
Framework: Express
Database: MongoDB
Realtime: Socket.IO
Frontend: React + Zustand + TailwindCSS
Issue: Contact search should only be accessible to authenticated users
Description
The contact search functionality is currently accessible without verifying whether the user is authenticated. This can expose user data and allow unauthorized access to the user search system.
Contact discovery/search should only be available to users who are properly authenticated.
Expected Behavior
401 Unauthorized).Current Behavior
Steps to Reproduce
Example:
Proposed Solution
Backend
Add authentication middleware to the contact search route.
Example:
Responsibilities:
Return response:
if the request is not authenticated.
Frontend
AuthStore.Example:
If
useris null, the search UI should not be accessible.Acceptance Criteria
401 Unauthorized.Environment
Backend: Node.js
Framework: Express
Database: MongoDB
Realtime: Socket.IO
Frontend: React + Zustand + TailwindCSS