Skip to content

🔒🛡️ Lock uses REST APIs to protect endpoints with tokens and sessions. Each technique is self-contained, with the option to use either one. Includes address book feature.🚪🔑 .

Notifications You must be signed in to change notification settings

ahmedeid6842/auth_session-token_

Repository files navigation

Logo

Lock

Lock uses REST APIs to protect endpoints by using two techniques: tokens and sessions.

The session is connected to the Redis and Mongo databases.

The token is linked to MongoDB.

Every technique is self-contained; for example, I used two branches, but in real world, you will only use one. 

Feature : Although users have an address book

Requirements

Environment Variables

To run this project, you will need to add the following environment variables to your .env file

PORT : port where you application build on it

REFRESH_JWT_SECRET : refresh token secret

ACCESS_JWT_SECRET : string, access token secret

MONGODB_URI : string, mongo database uri

SESSION_SECRET :

SERVER_URL : {host}:{port}

Installation

Install my-project with npm

  npm install
  npm run dev #if your are a developer 
  npm run start

Usage

Import this JSON file into Postman Collection, and you will be able to use all REST APIs.

If you don't know how to do it, watch this video.

you can also use swagger-ui by access /api-docs/ swagger

API Reference

1. Session Based

• Register

  POST /session/register
Request Body Type Description
email string Required .user's email
password string Required .user's password

• Login

  Post /session/login
Request Body Type Description
email string Required .user's email
password string Required .user's password

• Home

  get /session/home
Constraints Type Description
isAuthenticated middleware Required you must be logged in to get to home endpoint

• Logout

  get /session/logout

2. Token Based

• Register

  POST /token/register
Request Body Type Description
email string Required .user's email
password string Required .user's password

• Login

  Post /token/login
Request Body Type Description
email string Required .user's email
password string Required .user's password

• Home

  get /token/home
Constraints Type Description
isAuthenticated middleware Required you must be logged in to get to home endpoint

• Logout

  get /token/logout

3. Address Book

Constraints Type Description
isAuthenticated middleware Required you must be logged in to access Address Book endpoint

• Get Your Address

  GET /addressBook/

• Add Your Address

  POST /addressBook/
Request Body Type Description
name.firstName string Required .user's first Name
name.lastName string Required .user's last Name
contactNumber string Required .user's phone number
address.country string Required .user's country
address.city string Required .user's city
address.street string Required .user's street
address.postalCode number Required .user's address postal code

• Update your Address

  PUT /addressBook/
Request Body Type Description
name.firstName string user's first Name
name.lastName string user's last Name
contactNumber string user's phone number
address.country string user's country
address.city string user's city
address.street string user's street
address.postalCode number user's address postal code

• Delete Your Address

  DELETE /addressBook

Contributing

Always feel free to break the lock 😅.

Authors

Lessons Learned

  • Build a strong authentication using both session and token
  • How to connect Redis Database with session
  • How to use both access and refresh token for authentication process
  • There is always something new to learn 👨‍💻.

About

🔒🛡️ Lock uses REST APIs to protect endpoints with tokens and sessions. Each technique is self-contained, with the option to use either one. Includes address book feature.🚪🔑 .

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published