auth_nodejs
v1.0.0
Published
A secure Node.js authentication system using JSON Web Tokens (JWT). This project provides a robust backend foundation for user authentication, featuring easy integration with Express.js applications and customizable middleware for token verification. It a
Downloads
3
Readme
Node Authentication
A secure Node.js authentication system using JSON Web Tokens (JWT). This project provides a robust backend foundation for user authentication, featuring easy integration with Express.js applications and customizable middleware for token verification. It also includes email verification, password reset functionality, and best practices for security.
Features
User authentication using JWT: Securely authenticate users and manage sessions with JWT tokens.
Middleware for token verification: Easily protect routes by verifying tokens with custom middleware.
Password hashing with bcrypt: Safely store user passwords using bcrypt for secure password hashing.
Email verification: Ensure users validate their email addresses before accessing the system.
Password reset functionality: Allow users to securely reset their passwords via email.
Secure HTTP headers with Helmet.js: Improve security by setting various HTTP headers using Helmet.js.
MongoDB for persistent storage: Store user data, token info, and other authentication-related data in MongoDB.
Installation
Clone the repository:
git clone https://github.com/mannye3/nodeAuthP.git
Install the dependencies:
npm install
Set up environment variables: Create a
.env
file in the root directory and add the following:# JWT Configuration JWT_SECRET=your_jwt_secret_here JWT_EXPIRATION=1h # Database Configuration MONGO_URI=your_mongo_connection_string_here # Server Configuration PORT=3000 NODE_ENV=development # Email Configuration (for password reset and email verification) EMAIL=your_email_here EMAIL_PASSWORD=your_email_password_or_app_specific_password_here
Ensure MongoDB is running either locally or on a service like MongoDB Atlas.
Usage
- Start the server:
npm start
- The server will run on
http://localhost:3000
(or the port specified in your.env
file). - Use API endpoints to handle authentication-related tasks such as user registration, login, email verification, and password resets.
API Endpoints
Authentication
- POST
/api/auth/register
: Register a new user. Requiresname
,email
, andpassword
in the request body. - POST
/api/auth/login
: Login a user and receive a JWT token. Requiresemail
andpassword
. - POST
/api/auth/logout
: Log out the user and invalidate the current JWT token. - GET
/api/auth/verify-email
: Verifies a user's email using the verification token sent via email. - POST
/api/auth/forgot-password
: Request a password reset by providing the user's email. - POST
/api/auth/reset-password
: Reset the password using a token sent to the user's email.
Protected Routes
- GET
/api/check-auth
: An example of a protected route that requires valid JWT authentication.- This route demonstrates how to protect certain parts of your application by requiring JWT in the headers.
Example Usage with cURL
Registration:
curl -X POST http://localhost:3000/api/auth/register -H "Content-Type: application/json" -d '{"name":"John Doe", "email":"[email protected]", "password":"yourpassword"}'
Login:
curl -X POST http://localhost:3000/api/auth/login -H "Content-Type: application/json" -d '{"email":"[email protected]", "password":"yourpassword"}'
Verify Email:
curl -X GET http://localhost:3000/api/auth/verify-email?token=your-verification-token
Security Features
- JWT-based Authentication: Secure stateless user sessions using JSON Web Tokens (JWT), stored in HTTP headers.
- Password Hashing: All passwords are hashed using bcrypt to ensure user credentials are stored securely.
Technologies Used
- Node.js: JavaScript runtime environment.
- Express.js: Web framework for Node.js.
- MongoDB: NoSQL database for persisting user and token data.
- JSON Web Tokens (jsonwebtoken): For issuing and verifying secure tokens.
- bcrypt: Password hashing library for securing user passwords.
- nodemailer: Email sending library for account verification and password resets.
Contributing
Contributions are welcome! Please follow these steps to contribute to the project:
- Fork the repository.
- Create a new branch for your feature or bug fix.
- Make your changes and ensure all tests pass.
- Submit a pull request explaining your changes.
License
This project is licensed under the MIT License. Feel free to use, modify, and distribute the project as long as the license terms are met.
Contact
For any questions or feedback, please feel free to reach out to:
Emmanuel Aboajah
- Email: [email protected]
- GitHub: mannye3