Skip to content

Add User Avatar with First Letter in Navbar#24

Open
zaibamachhaliya wants to merge 2 commits into
niharika-mente:mainfrom
zaibamachhaliya:feature/user-avatar
Open

Add User Avatar with First Letter in Navbar#24
zaibamachhaliya wants to merge 2 commits into
niharika-mente:mainfrom
zaibamachhaliya:feature/user-avatar

Conversation

@zaibamachhaliya

Copy link
Copy Markdown
Contributor

📌 Issue

Fixes #11

✨ What I Added

  • User avatar circle showing first letter of name (e.g., "Z" for Zaiba)
  • Beautiful gradient blue avatar
  • Dropdown menu with user info and logout button
  • Click outside closes dropdown
  • Smooth animations

📁 Files Changed

  • frontend/src/components/Navbar.jsx - Added avatar + dropdown

🧪 How to Test

  1. Login to the app
  2. See avatar in top-right corner
  3. Click on avatar
  4. Dropdown shows your name and email
  5. Click Logout to logout

✅ Checklist

  • Avatar shows first letter
  • Dropdown opens on click
  • Click outside closes dropdown
  • Logout works
  • Mobile responsive

closes #11

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR introduces a user avatar + dropdown in the navbar (first letter of the user’s name/email) and, beyond the stated scope in the PR description, also adds a full authentication flow (frontend auth context + protected routing + backend cookie/JWT auth endpoints) to support showing the logged-in user.

Changes:

  • Add navbar avatar + user dropdown with logout behavior.
  • Add frontend auth flow (Login/Signup pages, AuthContext, ProtectedRoute, route redirects).
  • Add backend auth system (User model, register/login/logout/me endpoints, cookie JWT auth, optional Redis integration).

Reviewed changes

Copilot reviewed 22 out of 27 changed files in this pull request and generated 22 comments.

Show a summary per file
File Description
frontend/tailwind.config.js Minor formatting change (leading blank line).
frontend/src/pages/Signup.jsx New signup page using AuthContext registration.
frontend/src/pages/Login.jsx New login page using AuthContext login.
frontend/src/pages/HomePage.jsx Adds auth gating + redirects and updated rate-limit handling.
frontend/src/main.jsx Moves routing/provider responsibilities into App (now needs import cleanup).
frontend/src/lib/utils.js Trailing whitespace change.
frontend/src/lib/axios.js Refactors Axios setup (currently hardcodes localhost).
frontend/src/index.css Minor formatting change (leading blank line / tailwind directive formatting).
frontend/src/context/AuthContext.jsx New AuthContext with /auth/me, login/register/logout helpers.
frontend/src/components/ProtectedRoute.jsx New component to guard routes while auth loads.
frontend/src/components/Navbar.jsx Adds avatar + dropdown UI and logout button.
frontend/src/App.jsx Adds BrowserRouter + AuthProvider and protected routes/redirects.
frontend/package.json Adds deps (react-router-dom, axios bump) and adds mern-thinkboard file dependency.
frontend/package-lock.json Lockfile updates for new deps.
backend/src/Utils/Validetor.js New request validation helper for auth registration.
backend/src/server.js Adds cookie parsing, auth routes, redis connection attempt, and refactors startup.
backend/src/routes/notesRoutes.js Trailing whitespace change.
backend/src/routes/authRoutes.js New auth routing (register/login/logout/me).
backend/src/models/User.js New User model.
backend/src/middleware/rateLimiter.js Skips rate limiting in non-production and refactors formatting.
backend/src/middleware/authMiddleware.js New cookie/JWT authentication middleware.
backend/src/controllers/userAuth.js New auth controller (register/login/logout/me) + redis blacklist attempt.
backend/src/controllers/notesController.js Trailing whitespace change.
backend/src/config/upstash.js Refactors Upstash Redis/ratelimit initialization.
backend/src/config/redis.js New Upstash Redis client + connection helper.
backend/package.json Adds auth-related dependencies and mern-thinkboard file dependency.
backend/package-lock.json Lockfile updates for new deps.
Files not reviewed (2)
  • backend/package-lock.json: Language not supported
  • frontend/package-lock.json: Language not supported

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread frontend/src/main.jsx
Comment on lines +1 to +4
import { StrictMode } from 'react';
import { createRoot } from 'react-dom/client';
import { BrowserRouter } from 'react-router-dom';
import { Toaster } from 'react-hot-toast';
Comment thread frontend/src/lib/axios.js
Comment on lines +3 to +7
const API_URL = "http://localhost:5001/api";

const api = axios.create({
baseURL: BASE_URL,
baseURL: API_URL,
headers: {
Comment thread frontend/src/pages/Login.jsx Outdated
Comment on lines +82 to +86
<input
type="email"
autoComplete="off"
placeholder="you@example.com"
autoComplete="off"
Comment on lines +101 to +105
type={showPassword ? "text" : "password"}
placeholder="Enter your password"
autoComplete="current-password"
value={password}
autoComplete="new-password"
Comment thread frontend/src/pages/Login.jsx Outdated
Comment on lines +45 to +49
setError(" Invalid email or password. Please try again.");
} else if (statusCode === 404) {
setError(" Account not found. Please sign up first.");
} else if (statusCode === 500) {
setError(" Server error. Please try again later.");
Comment on lines +76 to +80
res.cookie("token", token, {
maxAge: 60 * 60 * 1000,
httpOnly: true,
path: "/",
});
Comment on lines +99 to +109
const token = req.cookies?.token;

if (token) {
const decoded = jwt.decode(token);
if (decoded && decoded.exp) {
const ttl = decoded.exp - Math.floor(Date.now() / 1000);
if (ttl > 0) {
await redisClient.setex(`blacklist:${token}`, ttl, "blocked");
}
}
}
Comment on lines +111 to +116
res.clearCookie("token", {
httpOnly: true,
secure: false,
sameSite: "lax",
path: "/",
});
Comment on lines +15 to +19
const user = await User.create({
name,
email,
password: hashedPassword,
});
Comment on lines +91 to +93
} catch (err) {
res.status(401).json({ error: err.message });
}
@SparshM8

SparshM8 commented Jun 8, 2026

Copy link
Copy Markdown
Collaborator

Hey @zaibamachhaliya, thank you so much for putting this together! The PR description mentions adding a user avatar, but I see you've actually gone above and beyond to implement a full JWT authentication flow, Redis integration, and protected routing. That is a massive undertaking, and the structure looks great!

@SparshM8

SparshM8 commented Jun 8, 2026

Copy link
Copy Markdown
Collaborator

Before we can merge this in, there are a few merge conflicts to resolve, along with some critical bugs caught by the Copilot review that need addressing:

  1. Scope Clarification
    Since this PR introduces a complete authentication system rather than just a UI avatar, could you please update the PR title and description to reflect the auth features? This helps keep our git history accurate.

  2. Merge Conflicts
    Please pull the latest changes from main and resolve the conflicts in frontend/src/components/Navbar.jsx and frontend/tailwind.config.js.

  3. Production Blockers (Please check inline Copilot comments)

Hardcoded API URL: In frontend/src/lib/axios.js, the base URL is hardcoded to http://localhost:5001/api, which will break production builds. Let's swap that to use an environment variable.

Package.json Bug: There's an accidental local file dependency ("mern-thinkboard": "file:..") in the package.json files that will cause deployment to fail.

Cookie Security: The logout function in userAuth.js hardcodes secure: false when clearing the cookie, which can fail in HTTPS production environments.

  1. Logic & Error Handling

Redis Crash: The logoutUser controller attempts to write to Redis without checking if Upstash is actually configured. If it isn't, this will throw a 500 error and prevent users from logging out.

Duplicate Emails: The register controller doesn't check for existing users. If someone signs up with an already-used email, MongoDB will throw a duplicate-key crash instead of returning a friendly error to the frontend.

Once the conflicts are resolved and these Copilot suggestions are applied, we should be good to go. Let me know if you need any help working through these!

@coderabbitai

coderabbitai Bot commented Jun 19, 2026

Copy link
Copy Markdown

Warning

Review limit reached

@zaibamachhaliya, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 18 minutes and 7 seconds. Learn how PR review limits work.

Your organization has used up its prepaid credits, and credit purchases are no longer available. Enable the review add-on in the billing tab to keep reviews running — you're only billed for reviews past your plan's rate limits ($0.25/file).

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based credits.

🚦 How do rate limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan refill rate.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, the refill rate gradually slows as usage increases. The highest same-day bursts are limited more strictly.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 68a87d72-ba12-4894-8dbc-5eb68c14e7cd

📥 Commits

Reviewing files that changed from the base of the PR and between b13fd53 and 617bfdf.

📒 Files selected for processing (5)
  • backend/src/controllers/userAuth.js
  • backend/src/routes/authRoutes.js
  • frontend/src/components/Navbar.jsx
  • frontend/src/context/AuthContext.jsx
  • frontend/tailwind.config.js
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@zaibamachhaliya

Copy link
Copy Markdown
Contributor Author

Hi @SparshM8,

I've resolved all merge conflicts and addressed the requested changes mentioned in the review. The branch has been updated successfully.

Could you please review the PR again and let me know if any further changes are needed?

Thank you!

@SparshM8

Copy link
Copy Markdown
Collaborator

Hey @zaibamachhaliya, thanks for taking the time to resolve those merge conflicts!

I’ve taken another look at the latest commits. While the conflicts are technically resolved, the critical logic bugs Copilot caught in the previous review are unfortunately still present in the backend. Additionally, I noticed some significant frontend changes that fall outside the scope of this PR and break our existing UI framework.

We absolutely need these fixed before we can safely merge this into main:

Frontend & UI Blockers

Massive Scope Creep (Navbar.jsx): A full Dark Mode/Theme toggle (useTheme, Sun/Moon icons) has been added. This PR is meant to be for the User Avatar. Please remove the theme toggle logic so we can keep PRs focused and manageable.

Breaking DaisyUI Theming (Navbar.jsx): We use DaisyUI semantic classes (like bg-base-100) to handle theming app-wide. The new commits strip these out and hardcode explicit Tailwind classes (e.g., bg-white dark:bg-gray-900). This breaks consistency with the rest of the application. Please revert the navbar styling back to our DaisyUI standards.

Merge Conflict Artifacts: There are some unintended spacing changes left over from resolving conflicts (like changing ml-5 to ml-1 on the avatar wrapper). Please double-check the diff to ensure original layout spacing isn't accidentally modified.

Backend & Production Blockers

Duplicate User Crash (userAuth.js): The register function still calls User.create directly without checking if the email is already in the database. Please add a check to return a 400/409 error if the user exists so MongoDB doesn't throw an unhandled duplicate-key crash.

Cookie Security is Hardcoded (userAuth.js): In logoutUser, res.clearCookie() still has secure: false hardcoded. This will fail to clear the cookie in our HTTPS production environment. Please make this conditional based on the environment (e.g., secure: process.env.NODE_ENV === "production"), and ensure register and login follow the exact same standard.

Redis Crash Risk (userAuth.js): The logoutUser controller is still trying to write to the blacklist (redisClient.setex) without checking if the Upstash Redis environment variables are configured, and it isn't wrapped in a try/catch. If Redis isn't connected, this will throw a 500 error and break the logout flow completely.

Documentation

PR Scope/Title: Once the theme toggle is removed, please update the PR title and description to reflect that this introduces a full JWT authentication flow, Redis integration, and the avatar, rather than just the avatar alone.

Let me know once you've pushed these specific fixes—especially restoring the DaisyUI classes and patching those backend crashes—and I'll be happy to give it a final review!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

✨ Add User Avatar with First Letter in Navbar

3 participants