This project is meant to be used as a starting point for APIs that require user Authentication (registration and sign in). All sign in sessions are directed to protected routes that pass through an authentication middleware.
The project uses ;
- Mongoose for data modelling.
- Express.js for server setup.
- randomtoken node.js module as authentication token
- bcrypt to hash passwords before storing in database
It API includes;
- User registration
- Login
- Password Reset
- User Account verification
- Account activation and deactivation by admin
- Unit tests for API routes, run
npm test - API documentation
./API doc
- Clone repo
- From server folder
npm install
- Add MongoDB URI and email credentials to .env file
npm start
- Test endpoints
- User registers account. Password is hashed and salted with bcrypt before being stored in the database.
- User enters login credentials for login, server validates the credentials, if it's valid, it generates a JWT token. this token will be used along side every request post-login.
- Token is sent in a json format after server response.
- On every request post-login, client attaches the access token in the request header.
- Request sent to protected endpoints go through an authentication middleware, which validates the accesstoken received.
- User sends password reset request
- API issues a reset token and sends to user's email address (token expires after 2mins).
- API creates a JWT access token, will be required to authenticate the user when completing the password reset process
- User sends request with new password and reset-token and access token (access token will be used in the Authorization header as Bearer token).
- API confirms token then updates user's password in DB.
- Can activate and deactivate user account
The email client requires an email address and password, not the password to the email, but a secondary password to access email function with google.
Feedback and PR's are welcomed. Contact me on Richie Moluno molunorichie@gmail.com