This project is an Authentication API built with Express.js, MySQL, JWT, and bcrypt.
It supports user signup, login, logout (token revocation), and a protected /profile route.
- Clone & install
git clone https://github.com/your-username/lab-auth-api.git cd lab-auth-api npm install
-
Create .env Create a .env file (see .env.example).
-
Create DB & tables Run in MySQL: CREATE DATABASE lab_auth; USE lab_auth;
CREATE TABLE users ( id INT AUTO_INCREMENT PRIMARY KEY, email VARCHAR(100) NOT NULL UNIQUE, password_hash VARCHAR(255) NOT NULL, full_name VARCHAR(120), role VARCHAR(30) DEFAULT 'student', created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP );
CREATE TABLE revoked_tokens ( id INT AUTO_INCREMENT PRIMARY KEY, jti VARCHAR(64) NOT NULL UNIQUE, expires_at DATETIME NOT NULL, revoked_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP );
- Run server npm run dev
📡 Endpoints Public
- POST /auth/signup → register a new user
- POST /auth/login → login, receive JWT
- Protected (requires Authorization: Bearer )
- GET /profile → get current user info
- POST /auth/logout → revoke token
🔑 Testing (Postman)
- Signup → create a user
- Login → copy JWT token
- Profile → call /profile with Authorization: Bearer
- Logout → revoke token
- Retry /profile → should return 401 token revoked
🚨 Notes
- Keep .env private (never commit).
- Use .env.example as a template.
- Replace JWT_SECRET with a long random string.