A comprehensive user management system implementing modern authentication patterns. Features secure user registration, session management, and role-based access control with protected routesโreplicating the authentication flows that real applications require.
- Complete User Lifecycle: Secure registration, email verification, password management
- Role-Based Access Control: Admin and user roles with dynamic content visibility
- Session Management: Protected routes with intelligent redirects and session handling
- Account Security: Password reset, email change verification, and account recovery flows
- โ User registration with email verification
- โ Secure login/logout with session persistence
- โ Password reset via email with secure token validation
- โ Account recovery when email address is compromised
- โ Role-based content rendering (User vs Admin views)
- โ Profile editing with necessary validation
- โ Email update requiring re-verification
- โ Password change with current password confirmation
- โ Protected routes preventing unauthorized access
- โ Unauthenticated routes redirecting logged-in users
- โ Comprehensive error handling with user-friendly messages
- โ Loading states for all asynchronous operations
- Frontend: React, Next.js (App Router), Styled Components
- Backend Services: Firebase Authentication & Firestore Database
- React Patterns: Context API, Prop Validation, Custom Hooks, Protected Route Components
- Security Features: Protected routes, role-based rendering, secure session handling
- Deployment: Vercel
-
Clone the repository:
git clone https://github.com/falsydev/user-auth.git cd user-auth -
Install dependencies:
npm install
-
Configure environment variables:
- Copy
env.exampleto.env.local - Add your Firebase config values:
NEXT_PUBLIC_FIREBASE_API_KEY="your_api_key" NEXT_PUBLIC_FIREBASE_AUTH_DOMAIN="your_project_id.firebaseapp.com" NEXT_PUBLIC_FIREBASE_PROJECT_ID="your_project_id" NEXT_PUBLIC_FIREBASE_STORAGE_BUCKET="your_project_id.firebasestorage.app" NEXT_PUBLIC_FIREBASE_MESSAGING_SENDER_ID="your_sender_id" NEXT_PUBLIC_FIREBASE_APP_ID="your_app_id"
- Copy
-
Run the development server:
npm run dev
Open http://localhost:3000 to view it in the browser.
user-auth/
โโโ src/
โ โโโ app/ # Next.js App Router pages
โ โ โโโ dashboard/ # Protected dashboard routes
โ โ โ โโโ settings/ # User settings pages
โ โ โ โโโ change-password/
โ โ โ โโโ edit-profile/
โ โ โ โโโ update-email/
โ โ โโโ login/ # Login page
โ โ โโโ signup/ # Registration page
โ โ โโโ verify-user/ # Email verifications
โ โ โโโ layout.js # Root layout
โ โ โโโ page.js # Home page
โ โโโ assets/ # Static assets
โ โโโ components/ # Reusable UI components
โ โโโ context/ # React Context providers
โ โ โโโ AuthContext.js # Authentication state management
โ โโโ custom-hooks/ # Custom React hooks
โ โ โโโ useInterval.js # Interval management
โ โ โโโ useTimeout.js # Timeout management
โ โ โโโ useUpdateState.js # State update utilities
โ โโโ lib/ # Utility libraries
โ โ โโโ firebase.js # Firebase configuration
โ โ โโโ StyledComponentsRegistry.js
โ โโโ styles/ # Styled Components
โ โ โโโ breakpoints.js # Responsive breakpoints
โ โ โโโ global.css # Global styles
โ โโโ utils/ # Utility functions
โ โโโ ActionCodeSettings.js
โ โโโ constants.js # App constants
โ โโโ getErrorMessage.js # Error handling
โ โโโ space.js # Spacing utilities
โ โโโ validateFormFields.js # Form validation
โโโ .env.local # Environment variables (create from .env.example)
โโโ next.config.js # Next.js configuration
โโโ package.json # Dependencies and scripts
-
Create a Firebase project at Firebase Console
-
Enable Authentication:
- Go to Authentication > Sign-in method
- Enable Email/Password provider
- Configure authorized domains
-
Create Firestore Database:
- Go to Firestore Database
- Create database in production mode
- Set up security rules:
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /users/{userId} {
allow read, write: if request.auth != null && request.auth.uid == userId;
}
}
}- Configure Authentication Settings:
- Set up email templates for verification and password reset
- Configure action URLs to point to your application
Create a .env.local file with your Firebase configuration:
# Firebase Configuration
NEXT_PUBLIC_FIREBASE_API_KEY="your_api_key"
NEXT_PUBLIC_FIREBASE_AUTH_DOMAIN="your_project_id.firebaseapp.com"
NEXT_PUBLIC_FIREBASE_PROJECT_ID="your_project_id"
NEXT_PUBLIC_FIREBASE_STORAGE_BUCKET="your_project_id.firebasestorage.app"
NEXT_PUBLIC_FIREBASE_MESSAGING_SENDER_ID="your_sender_id"
NEXT_PUBLIC_FIREBASE_APP_ID="your_app_id"# Development
npm run dev # Start development server
npm run build # Build for production
npm run start # Start production server
# Code Quality
npm run lint # Run ESLint
npm run lint:fix # Fix ESLint issues
# Deployment
npm run deploy # Deploy to Vercel- Password Requirements: Minimum 6 characters (Add your complexity on validatePassword() in validateFormFields.js file)
- Email Verification: Required for account activation
- Session Management: Secure JWT tokens with automatic refresh
- Rate Limiting: Built-in Firebase protection against brute force attacks
- Firestore Security Rules: Server-side data validation and access control
- Role-Based Access: Dynamic content rendering based on user roles
- Input Validation: Client and server-side validation for all forms
- XSS Protection: Sanitized inputs and secure rendering
-
Connect your repository to Vercel:
- Go to vercel.com and sign up/login
- Click "New Project" and import your GitHub repository
- Configure environment variables in Vercel dashboard
-
Set environment variables:
# In Vercel Dashboard > Project Settings > Environment Variables NEXT_PUBLIC_FIREBASE_API_KEY="your_api_key" NEXT_PUBLIC_FIREBASE_AUTH_DOMAIN="your_project_id.firebaseapp.com" NEXT_PUBLIC_FIREBASE_PROJECT_ID="your_project_id" NEXT_PUBLIC_FIREBASE_STORAGE_BUCKET="your_project_id.firebasestorage.app" NEXT_PUBLIC_FIREBASE_MESSAGING_SENDER_ID="your_sender_id" NEXT_PUBLIC_FIREBASE_APP_ID="your_app_id"
-
Deploy:
- Vercel will automatically deploy on every push to main branch
- Or manually deploy:
vercel --prod
- Netlify: Connect repository for automatic deployments
- Cloudflare Workers: Deploy using Wrangler CLI for edge computing
- Traditional Hosting: Build with
npm run buildand deploy static files
- OAuth Integration: Google, GitHub, and Microsoft sign-in options
- Two-Factor Authentication: Enhanced security with 2FA implementation
- PWA Features: Offline functionality and mobile app experience
- Admin Dashboard: User management with analytics and bulk operations
- Performance Optimization: Code splitting, lazy loading, and caching strategies
We welcome contributions! Please follow these steps:
- Fork the repository
- Create a feature branch:
git checkout -b feature/amazing-feature - Commit your changes:
git commit -m 'Add amazing feature' - Push to the branch:
git push origin feature/amazing-feature - Open a Pull Request
- Follow existing code style and conventions
- Write tests for new features
- Update documentation for API changes
- Ensure all tests pass before submitting PR
This project is licensed under the MIT License - see the LICENSE file for details.
- Firebase Team for providing robust authentication services
- Next.js Team for the excellent React framework
- React Community for continuous inspiration and best practices
- Open Source Contributors who make projects like this possible
- Email: hello@saravanan.dev
Built with โค๏ธ by Saravanan