From a32af6f25afeb3c778d5561843572671a87f7f14 Mon Sep 17 00:00:00 2001
From: Josh <jcoakley@aptivaai.com>
Date: Thu, 10 Jul 2025 12:12:30 +0000
Subject: [PATCH] Fixed the damn SECRET_KEY vs. JWT_SECRET debacle.

---
 aptiva-ar.json     |  0
 backend/server.js  | 10 +++++-----
 backend/server3.js |  4 ++--
 3 files changed, 7 insertions(+), 7 deletions(-)
 create mode 100644 aptiva-ar.json

diff --git a/aptiva-ar.json b/aptiva-ar.json
new file mode 100644
index 0000000..e69de29
diff --git a/backend/server.js b/backend/server.js
index ea67d86..7ddc19c 100755
--- a/backend/server.js
+++ b/backend/server.js
@@ -211,7 +211,7 @@ app.post('/api/register', async (req, res) => {
           // NEW: Now that we have the new user_profile.id (newProfileId),
           // generate a JWT to auto-sign them in.
           // We'll mimic what /api/signin does:
-          const token = jwt.sign({ id: newProfileId }, SECRET_KEY, {
+          const token = jwt.sign({ id: newProfileId }, JWT_SECRET, {
             expiresIn: '2h',
           });
 
@@ -305,7 +305,7 @@ app.post('/api/signin', async (req, res) => {
 
     // IMPORTANT: Use 'row.userProfileId' (from user_profile.id) in the token
     // so your '/api/user-profile' can decode it and do SELECT * FROM user_profile WHERE id=?
-    const token = jwt.sign({ id: row.userProfileId }, SECRET_KEY, {
+    const token = jwt.sign({ id: row.userProfileId }, JWT_SECRET, {
       expiresIn: '2h',
     });
 
@@ -367,7 +367,7 @@ app.post('/api/user-profile', (req, res) => {
 
   let profileId;
   try {
-    const decoded = jwt.verify(token, SECRET_KEY);
+    const decoded = jwt.verify(token, JWT_SECRET);
     profileId = decoded.id; // user_profile.id from sign-in
   } catch (error) {
     console.error('JWT verification failed:', error);
@@ -539,7 +539,7 @@ app.get('/api/user-profile', (req, res) => {
 
   let profileId;
   try {
-    const decoded = jwt.verify(token, SECRET_KEY);
+    const decoded = jwt.verify(token, JWT_SECRET);
     profileId = decoded.id; // user_profile.id
   } catch (error) {
     console.error('Error verifying token:', error.message);
@@ -614,7 +614,7 @@ app.post('/api/activate-premium', (req, res) => {
 
   let profileId;
   try {
-    const decoded = jwt.verify(token, SECRET_KEY);
+    const decoded = jwt.verify(token, JWT_SECRET);
     profileId = decoded.id;
   } catch (error) {
     return res.status(401).json({ error: 'Invalid or expired token' });
diff --git a/backend/server3.js b/backend/server3.js
index 0951442..6e8c503 100644
--- a/backend/server3.js
+++ b/backend/server3.js
@@ -58,8 +58,8 @@ const authenticatePremiumUser = (req, res, next) => {
   }
 
   try {
-    const SECRET_KEY = process.env.SECRET_KEY;
-    const { id } = jwt.verify(token, SECRET_KEY);
+    const JWT_SECRET = process.env.JWT_SECRET;
+    const { id } = jwt.verify(token, JWT_SECRET);
     req.id = id; // store user ID in request
     next();
   } catch (error) {