Lock uses REST APIs to protect endpoints by using two techniques: tokens and sessions.
The session is connected to the Redis and Mongo databases.
The token is linked to MongoDB.
Every technique is self-contained; for example, I used two branches, but in real world, you will only use one.
Feature : Although users have an address book
To run this project, you will need to add the following environment variables to your .env file
PORT
: port where you application build on it
REFRESH_JWT_SECRET
: refresh token secret
ACCESS_JWT_SECRET
: string, access token secret
MONGODB_URI
: string, mongo database uri
SESSION_SECRET
:
SERVER_URL
: {host}:{port}
Install my-project with npm
npm install
npm run dev #if your are a developer
npm run start
Import this JSON file into Postman Collection, and you will be able to use all REST APIs.
If you don't know how to do it, watch this video.
you can also use swagger-ui by access /api-docs/
POST /session/register
Request Body | Type | Description |
---|---|---|
email |
string |
Required .user's email |
password |
string |
Required .user's password |
Post /session/login
Request Body | Type | Description |
---|---|---|
email |
string |
Required .user's email |
password |
string |
Required .user's password |
get /session/home
Constraints | Type | Description |
---|---|---|
isAuthenticated |
middleware |
Required you must be logged in to get to home endpoint |
get /session/logout
POST /token/register
Request Body | Type | Description |
---|---|---|
email |
string |
Required .user's email |
password |
string |
Required .user's password |
Post /token/login
Request Body | Type | Description |
---|---|---|
email |
string |
Required .user's email |
password |
string |
Required .user's password |
get /token/home
Constraints | Type | Description |
---|---|---|
isAuthenticated |
middleware |
Required you must be logged in to get to home endpoint |
get /token/logout
Constraints | Type | Description |
---|---|---|
isAuthenticated |
middleware |
Required you must be logged in to access Address Book endpoint |
GET /addressBook/
POST /addressBook/
Request Body | Type | Description |
---|---|---|
name.firstName |
string |
Required .user's first Name |
name.lastName |
string |
Required .user's last Name |
contactNumber |
string |
Required .user's phone number |
address.country |
string |
Required .user's country |
address.city |
string |
Required .user's city |
address.street |
string |
Required .user's street |
address.postalCode |
number |
Required .user's address postal code |
PUT /addressBook/
Request Body | Type | Description |
---|---|---|
name.firstName |
string |
user's first Name |
name.lastName |
string |
user's last Name |
contactNumber |
string |
user's phone number |
address.country |
string |
user's country |
address.city |
string |
user's city |
address.street |
string |
user's street |
address.postalCode |
number |
user's address postal code |
DELETE /addressBook
- Build a strong authentication using both session and token
- How to connect Redis Database with session
- How to use both access and refresh token for authentication process
- There is always something new to learn 👨💻.