# Authentication System

The Agriculture Robot Control System includes a comprehensive authentication system that ensures each farmer can only access and control their own robots.

## Features

- **Farmer Registration**: New farmers can create accounts with their farm information
- **Secure Login**: JWT-based authentication with password hashing
- **User Privacy**: Each farmer's data is isolated and protected
- **Session Management**: Persistent login with token storage
- **Protected Routes**: All API endpoints require authentication

## User Flow

### Registration
1. Farmer visits the signup page
2. Enters personal and farm information:
   - First Name, Last Name
   - Email Address
   - Farm Name
   - Password (minimum 6 characters)
   - Optional: Phone, Address
3. Account is created and farmer is automatically logged in

### Login
1. Farmer visits the login page
2. Enters email and password
3. Receives JWT token for authenticated requests
4. Redirected to dashboard

### Protected Access
- All robot control features require authentication
- Each farmer only sees their own robots and data
- Token is automatically included in API requests
- Session persists across page refreshes

## API Endpoints

### Public Endpoints
- `POST /api/auth/signup` - Register new farmer
- `POST /api/auth/login` - Login farmer
- `POST /api/auth/verify` - Verify token validity

### Protected Endpoints (Require Authentication)
All other endpoints require a valid JWT token in the Authorization header:
```
Authorization: Bearer <token>
```

- `GET /api/auth/me` - Get current user info
- `PUT /api/auth/profile` - Update user profile
- All robot, sensor, field, hardware, and diagnostics endpoints

## Frontend Implementation

### Authentication Context
The `AuthContext` provides:
- `user`: Current logged-in user information
- `token`: JWT token for API requests
- `login()`: Login function
- `signup()`: Registration function
- `logout()`: Logout function
- `isAuthenticated`: Boolean flag

### Protected Routes
Routes are automatically protected using the `ProtectedRoute` component:
- Unauthenticated users are redirected to login
- Authenticated users can access all features

### API Calls
All API calls automatically include the authentication token:
```typescript
import { apiCall } from '../utils/api';
import { useAuth } from '../contexts/AuthContext';

const { token } = useAuth();
const response = await apiCall('http://localhost:3001/api/endpoint', {}, token);
```

## Security Features

1. **Password Hashing**: Passwords are hashed using bcrypt before storage
2. **JWT Tokens**: Secure token-based authentication
3. **Token Expiration**: Tokens expire after 7 days
4. **Route Protection**: Backend middleware protects all sensitive routes
5. **Data Isolation**: Each farmer's data is separate

## User Information Display

The farmer's information is displayed in the header:
- Farmer's full name
- Farm name
- Logout button

## Future Enhancements

- Password reset functionality
- Email verification
- Two-factor authentication
- Role-based access control (admin, farmer, viewer)
- Account management page
- Profile editing

## Environment Variables

For production, set these environment variables:
```env
JWT_SECRET=your-very-secure-secret-key-here
```

## Database Integration

Currently uses in-memory storage. For production, integrate with:
- PostgreSQL
- MongoDB
- MySQL
- Or any other database

Update the `AuthService` to use database queries instead of in-memory maps.