🍏 Apple-Inspired Secure Auth System

A professional, full-stack authentication system featuring a high-end, minimalist design inspired by Apple's design language. This project implements a complete user lifecycle, from registration and secure login to profile management and a restricted administrative control panel.

✨ Features

User Experience

• Secure Authentication: Login and Registration with bcrypt password hashing.
• Remember Me: Persistent sessions using secure cookies (30-day expiry).
• User Profiles: Ability for users to customize their displayName and bio.
• Password Recovery: Simulated email-based password reset flow with secure, time-limited tokens.
• Device Detection: Automatic detection of the user's platform (iOS, Android, Windows, Mac, Linux).
• Modern UI/UX:
  • Apple Design System: Dark theme with "Glassmorphism" (blur effects) and deep layering.
  • Fluid Animations: Entrance animations, staggered loading, and 3D lift effects.
  • Loading States: Professional spinners and button states to prevent double-submissions.
  • Toast Notifications: Elegant, non-blocking feedback for errors and success messages.
  • Responsive Design: Fully optimized for Mobile, Tablet, and Desktop.

Administrative Control

• Isolated Admin Panel: Runs on a separate port (5555) to isolate management traffic.
• Host-Only Access: Strict IP-filtering middleware that restricts access to localhost/127.0.0.1.
• User Management: Full CRUD capabilities (Create, Read, Update, Delete) for all users.
• Password Overrides: Ability for admins to force-reset any user's password.

🛠️ Tech Stack

• Backend: Node.js, Express.js
• Database: SQLite (via better-sqlite3)
• Security: bcrypt (hashing), express-validator (input sanitization), express-session (session management)
• Frontend: HTML5, CSS3 (Modern Flexbox/Grid), Vanilla JavaScript
• Configuration: dotenv for environment variable management

🚀 Getting Started

Prerequisites

• Node.js (v16 or higher recommended)
• npm (Node Package Manager)

Installation

1. Clone the repository.
2. Install dependencies:

   npm install

3. Configure environment variables: Create a .env file in the root directory:

   PORT=4000
   SESSION_SECRET=your_random_secret_key_here

Running the Application

This project requires two servers to be running simultaneously.

1. Start the User Server:

node server.js

Access at: http://localhost:4000

2. Start the Admin Server:

node admin_server.js

Access at: http://localhost:5555

📁 Project Structure

.
├── database.js          # SQLite connection and table initialization
├── database.db          # SQLite database file (generated)
├── server.js            # Main user-facing server & API
├── admin_server.js      # Restricted Admin server
├── .env                 # Environment secrets
├── package.json         # Project dependencies
├── public/              # User frontend
│   ├── index.html       # Login page
│   ├── register.html    # Sign-up page
│   ├── dashboard.html   # Protected user area
│   ├── profile.html     # Profile management
│   ├── forgot-password.html
│   ├── reset-password.html
│   └── style.css        # Apple-inspired global styles
└── public_admin/        # Admin frontend
    ├── index.html       # User management dashboard
    └── style.css        # Admin-specific styles

🔒 Security Implementation

• Password Security: Passwords are never stored in plain text; they are salted and hashed using bcrypt.
• Input Validation: All user inputs are trimmed and validated for length and type using express-validator to prevent common attacks.
• Session Management: Uses express-session with a configurable secret and secure cookie settings.
• Admin Isolation: The admin panel is protected by an IP-whitelist middleware, ensuring that only the local host can access the management tools.
• Token-Based Reset: Password resets use cryptographically strong random tokens with a 1-hour expiration window.