Skip to content

sagarkemble/Authentication-service

BranchesTags

Repository files navigation

Authentication Service

Express.js MongoDB Mongoose Docker TypeScript Zod JWT Node.js Resend pnpm Commitlint

Auth Backend Service

A complete user authentication REST API built with TypeScript, Express, and MongoDB, implementing JWT authentication, refresh tokens, email verification, and secure cookie-based auth.

Features

  • User registration with email verification
  • Secure login with JWT-based authentication (access + refresh tokens)
  • Refresh token rotation using HTTP-only cookies
  • Runtime Input validation with Zod
  • Forgot password flow with email-based reset link
  • Protected routes with authentication middleware
  • Cookie-based token storage
  • MongoDB with Mongoose ODM
  • Docker support for MongoDB

Prerequisites

  • Node.js (v18 or higher)
  • Docker and Docker Compose
  • pnpm/npm/yarn/bun

Installation

1. Clone the repository

git clone https://github.com/sagarkemble/Authentication-service
cd Authentication-service

2. Install dependencies

pnpm install

3. Set up environment variables

Create a .env file in the root directory and add the variables as shown in the .env.example file

Important: Replace the JWT secrets with strong strings in production.

4. Start MongoDB with Docker

Start the MongoDB container:

npm run db:up

This will start MongoDB on localhost:27017 with:

  • Username: admin
  • Password: password
  • Database: authdb (or whatever you specify in MONGODB_URI)

To stop the database:

npm run db:down

5. Start the development server

npm run dev

The server will start on http://localhost:3000 (or the PORT you specified in .env).

API Endpoints

Authentication Routes

All routes are prefixed with /auth

Register a new user /auth/register

POST /auth/register
Content-Type: application/json

{
  "email": "user@example.com",
  "password": "yourpassword",
  "name": "John Doe"
}

Verify email /auth/verify-mail

POST /auth/verify-mail
Content-Type: application/json

{
  "token": "verification_token_from_email"
}

Login /auth/login

POST /auth/login
Content-Type: application/json

{
  "email": "user@example.com",
  "password": "yourpassword"
}

Refresh access token /auth/refresh-access-token

POST /auth/refresh-access-token
Cookie: refreshToken=<refresh_token>

Get current user (Protected) /auth/getme

GET /auth/getme
Cookie: accessToken=<access_token>

Change Avatar (Protected) /auth/change-avatar

PATCH /auth/change-avatar
Cookie: accessToken=<access_token>
Content-Type: multipart/form-data

Request Body (form-data):

  • avatar (file)
    • Field name must be avatar
    • Max file size: 2MB
    • Allowed formats: image/png, image/jpeg

Logout (Protected) /auth/logout

POST /auth/logout
Cookie: accessToken=<access_token>

Forgot password /auth/forgot-password

POST /auth/forgot-password
Content-Type: application/json

{
  "email": "user@example.com"
}

Reset password /auth/reset-password

POST /auth/reset-password
Content-Type: application/json

{
  "email": "user@example.com"
}

Development

Available Scripts

  • npm run dev - Start development server with hot reload
  • npm run db:up - Start MongoDB Docker container
  • npm run db:down - Stop MongoDB Docker container
  • npm run commit - Commit with Commitizen (conventional commits)

Git Hooks

This project uses Husky for git hooks:

  • Pre-commit: Runs linting/formatting checks
  • Commit-msg: Validates commit message format (conventional commits)

About

A complete user authentication REST API built with TypeScript, Express, and MongoDB.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors 1

Languages