A Node.js backend application that provides user authentication and authorization functionalities with JWT tokens and role-based access control.
This project implements a secure user authentication and authorization system using:
- Express.js - Web framework
- JWT (JSON Web Tokens) - Secure token-based authentication
- Bcrypt - Password hashing and comparison
- MongoDB - Database for user data storage
- Middleware - Custom authentication and admin authorization layers
- User Registration - Create new user accounts with hashed passwords
- User Login - Authenticate users and generate JWT tokens
- JWT Authentication - Verify and validate user tokens
- Role-Based Access Control - Admin middleware for admin-only operations
- Password Security - Bcrypt hashing with salt rounds for secure password storage
- CORS Support - Cross-Origin Resource Sharing enabled
- Environment Configuration - Secure environment variable management
- Node.js (v14 or higher)
- MongoDB (local or cloud instance)
- npm or yarn package manager
-
Clone the repository
git clone <repository-url> cd Authentication\ and\ Authorization
-
Install dependencies
npm install
-
Configure environment variables Create a
.envfile in the root directory:PORT=5000 MONGODB_URI=mongodb://localhost:27017/auth-db SECRET_KEY=your_secret_key_here -
Start the server
npm start # Production mode npm run dev # Development mode with nodemon
The server will start on the configured PORT (default: 5000).
http://localhost:5000/api/authentication
Endpoint: POST /registerUser
Description: Create a new user account
Request Body:
{
"username": "john_doe",
"email": "john@example.com",
"password": "securePassword123"
}Response (Success - 200):
{
"message": "The user is register successfully",
"data": {
"_id": "507f1f77bcf86cd799439011",
"username": "john_doe",
"email": "john@example.com",
"password": "hashed_password"
}
}Response (Error - 503):
{
"message": "Cannot register the user, error in registering the user"
}Endpoint: POST /loginUser
Description: Authenticate user and receive JWT token
Request Body:
{
"email": "john@example.com",
"password": "securePassword123"
}Response (Success - 200):
{
"message": "The user logged in successfully",
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}Response (Error - 403):
{
"message": "Cannot find the user"
}or
{
"message": "Invalid password"
}Endpoint: GET /getAll
Description: Retrieve all users (Admin only - requires authentication and admin role)
Headers:
Authorization: Bearer <token>
Response (Success - 200):
{
"message": "Admin User",
"data": [
{
"_id": "507f1f77bcf86cd799439011",
"username": "john_doe",
"email": "john@example.com",
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}
]
}Authentication and Authorization/
βββ Controllers/
β βββ UserControllers.js # Business logic for user operations
βββ Database/
β βββ db.config.js # MongoDB connection configuration
βββ Middlewares/
β βββ AuthMiddleware.js # JWT token verification
β βββ AdminMiddleware.js # Admin role authorization
βββ Model/
β βββ userSchema.js # User schema definition
βββ Routers/
β βββ userRouter.js # Route definitions
βββ server.js # Main application entry point
βββ package.json # Dependencies and scripts
βββ Readme.md # Project documentation
registerUser- Handle user registration with password hashingloginUser- Authenticate user and generate JWT tokengetAllUser- Retrieve all users (admin only)
AuthMiddleware.js- Verify JWT token and authenticate userAdminMiddleware.js- Check if user has admin privileges
db.config.js- MongoDB connection setup using Mongoose
userSchema.js- Define user document structure with fields: username, email, password, token
- Password Hashing - Bcrypt with 10 salt rounds
- JWT Tokens - Secure token-based authentication
- Admin Middleware - Role-based access control
- CORS - Cross-origin request handling
- Environment Variables - Sensitive data protection
curl -X POST http://localhost:5000/api/authentication/registerUser \
-H "Content-Type: application/json" \
-d '{
"username": "alice",
"email": "alice@example.com",
"password": "password123"
}'curl -X POST http://localhost:5000/api/authentication/loginUser \
-H "Content-Type: application/json" \
-d '{
"email": "alice@example.com",
"password": "password123"
}'curl -X GET http://localhost:5000/api/authentication/getAll \
-H "Authorization: Bearer <your_jwt_token>"npm start- Start the server in production modenpm run dev- Start the server with auto-reload (nodemon)
| Package | Version | Purpose |
|---|---|---|
| express | ^5.2.1 | Web framework |
| mongoose | ^9.0.0 | MongoDB object modeling |
| jsonwebtoken | ^9.0.2 | JWT token creation and verification |
| bcrypt | ^6.0.0 | Password hashing |
| cors | ^2.8.5 | Cross-Origin Resource Sharing |
| dotenv | ^17.2.3 | Environment variable management |
| nodemon | ^3.1.11 | Auto-restart during development |
PORT=5000 # Server port
MONGODB_URI=mongodb://localhost:27017/auth # MongoDB connection string
SECRET_KEY=your_secret_jwt_key # Secret key for JWT signing
This project is part of the Guvi Learning path. Feel free to enhance it with additional features such as:
- Email verification
- Password reset functionality
- Rate limiting
- User profile management
- Refresh tokens
Naveen - Initial Project Setup
ISC
- Ensure MongoDB service is running
- Verify MONGODB_URI in .env file
- Check network connectivity
- Verify SECRET_KEY is set in .env
- Ensure token is passed in Authorization header
- Check token expiration
- Change PORT in .env file
- Or kill the process using the current port
For issues or questions, please review the project structure and ensure all environment variables are correctly configured.
Last Updated: December 2025 Documentation Link: https://documenter.getpostman.com/view/50350220/2sB3dPSAao .