Overview
This is a simple Node.js and Express-based REST API that provides user authentication features like user registration, login, and logout. The API is designed to be a scalable foundation for a complete authentication system and will later include support for Google OAuth, fingerprint, and passkey login. Currently, it supports traditional email/password-based authentication with JWT tokens for session management.
- User Registration and Login with secure password hashing using
bcrypt. - JWT-Based Authentication: Secure access with JWT access and refresh tokens.
- Rate Limiting: Protects routes from excessive requests.
- Password Reset: Sends a password reset link via email using
nodemailer. - Cookie Management: Uses HTTP cookies to manage session tokens.
- MongoDB for Data Persistence: Stores user details securely.
- Environment-Based Configuration: Customizable through environment variables.
- Google OAuth: Integration with Google authentication.
- Fingerprint & Passkey Login: Advanced login options for enhanced security.
- Location login and face detection : Face auth system and location system.
- Node.js
- Express
- MongoDB (via Mongoose)
- JWT for access and refresh tokens.
- Nodemailer for sending emails.
- Express Rate Limit for limiting excessive requests.
- bcrypt for secure password hashing.
- cookie-parser for managing cookies.
- cors for handling Cross-Origin Resource Sharing.
- dotenv for environment variable management.
- Clone the repository:
git clone https://github.com/your-repo/user-auth-api.git- Navigate to the project directory:
cd user-auth-api- Install dependencies:
npm install- Rename the .example.env to .env and fill all the value.
- Start the server:
npm startThe server should now be running on http://localhost:3000.
- NOTE: Also if you want to see an starter template with this api check here. Frontend for advance user auth
-
POST:
/api/v1/createuser -
Body:
{ "userName": "user", "userEmail": "user@gmail.com", "password": "user" } -
Description: Creates a new user with the given userName, userEmail, and password.
- POST:
/api/v1/login - Body:
{ "userEmail": "user@gmail.com", "password": "user" } - Description: Authenticates a user and returns JWT tokens.
- POST:
/api/v1/logout - Description: Logs out the user by clearing their session cookies.
- POST:
/api/v1/userupdatetoken - Body:
{ "password": "user" } - Description: Updates the user token and returns a new access token.
- POST:
/api/v1/updateuser - Body:
{ "userName": "newUserName", "userEmail": "newUserEmail", "password": "newPassword" } - Description: Updates the user's information.
- POST:
/api/v1/getuser - Description: Retrieves the current user's details.
- POST:
/api/v1/userhasaccess - Description: Checks if the user is currently authenticated.
- POST:
/api/v1/refreshtoken - Description: Refreshes the access token if the user is still authenticated.
/ POST: /api/v1/requestrtoken
- Body:
{ "userEmail": "user@gmail.com" } - Description: Sends a password reset link to the provided email.
- POST:
/api/v1/resetpassword/:token - Body:
{ "password": "newPassword" } - Description: Resets the user's password using the provided reset token.
You can use tools like Postman or cURL to test the API endpoints locally.
- Fork the repository.
- Create a new branch (
git checkout -b feature-branch). - Commit your changes (
git commit -am 'Add new feature'). - Push to the branch (
git push origin feature-branch). - Create a Pull Request.
- Google OAuth Integration
- Fingerprint & Passkey Login
- Enhanced Rate Limiting and Security
Feel free to contribute or raise issues if you encounter any bugs!
Advance user auth is licensed under the MIT License.
Copyright (c) 2023 Praetorian Security, Inc
Permission is hereby granted, free of charge, to any person obtaining a copy of
this software and associated documentation files (the "Software"), to deal in
the Software without restriction, including without limitation the rights to use,
copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the
Software, and to permit persons to whom the Software is furnished to do so, subject
to the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE
FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
DEALINGS IN THE SOFTWARE.