[CRITICAL] Implement Authentication & Authorization Middleware for Protected APIs

[ash1shkumar]

🚀 Description

Currently, several backend API routes are publicly accessible without authentication or authorization checks. Sensitive operations like task deletion, task updates, analytics access, and chat actions can be performed by any user.

This creates a serious backend security vulnerability.

---

📍Affected Files

• backend/routes/tasks.routes.js
• backend/routes/chat.routes.js
• backend/routes/feed.routes.js
• backend/routes/analytics.routes.js

---

❌ Current Problem

Routes are exposed directly without middleware protection.

Example:

router.delete("/:id", deleteTask);

No authentication middleware is used before accessing protected routes.

---

✅ Expected Solution

• Add authentication middleware
• Validate logged-in users before route access
• Protect sensitive CRUD operations
• Add authorization checks where necessary

---

🎯 Expected Outcome

• Secured backend APIs
• Restricted access control
• Safer multi-user environment

---

🏷️ Expected Labels

level3 NSoC'26

[github-actions]

👋 Hey @ash1shkumar!

Thanks for opening this issue! 🚀

📌 NSoC'26 Contribution Guidelines

⚠️ Please follow these rules carefully:

• Do NOT create a PR until this issue is assigned to you
• Include NSoC'26 tag
• Include screenshots if it's UI-related
• Follow all contribution guidelines properly

🧑‍💻 A mentor will review and assign this issue soon.

---

🙏 Thank you for raising this issue!
We’ll review it as soon as possible. We truly appreciate your contribution ✨

📖 Meanwhile, please make sure you have checked:

• README.md
• CONTRIBUTING.md
• CODE_OF_CONDUCT.md

🚫 Reminder: Do NOT create a PR until this issue has been assigned.

Happy coding! 💻🔥

[ash1shkumar]

Hi @Shriii19 , I’d like to work on this issue. The fix involves securing protected backend routes with proper authentication middleware. Please assign this under level3 and NSoC'26.

[Shriii19]

@ash1shkumar go 4 it.