Emmanuel Isaac
Back to projects
4 min read
API Auth - Node.js Authentication System

API Auth

A robust Node.js authentication API that provides comprehensive user authentication functionality with JWT tokens, role-based access control, and MongoDB integration. This project serves as a reusable authentication foundation for Node.js applications.

Features

  • User Registration & Login - Complete user authentication flow
  • JWT Token Authentication - Stateless token-based authentication
  • Role-Based Access Control - Admin, instructor, and student roles
  • Password Security - bcrypt hashing for secure password storage
  • MongoDB Integration - Mongoose ODM for database operations
  • Protected Endpoints - Middleware for route protection
  • Error Handling - Comprehensive async error handling
  • Environment Configuration - Flexible environment setup

Tech Stack

  • Runtime: Node.js
  • Framework: Express.js
  • Database: MongoDB with Mongoose ODM
  • Authentication: JWT (JSON Web Tokens)
  • Password Hashing: bcryptjs
  • Environment: dotenv
  • Error Handling: express-async-handler

Core Functionality

User Management

  • User registration with validation
  • Secure login with JWT token generation
  • Profile access with authentication
  • Role-based user system (admin, instructor, student)

Security Features

  • Password hashing with bcrypt
  • JWT token authentication
  • Protected route middleware
  • Input validation and sanitization
  • Error handling and logging

Database Schema

{
  username: String (required),
  email: String (required, unique),
  password: String (required, hashed),
  role: String (enum: ["admin", "instructor", "student"]),
  lastLogin: Date,
  timestamps: true
}

API Endpoints

MethodEndpointDescriptionAuth Required
POST/api/users/registerRegister new userNo
POST/api/users/loginUser loginNo
GET/api/users/profileGet user profileYes

Installation & Setup

  1. Clone the repository:

    git clone https://github.com/1cbyc/api-auth.git
cd api-auth

  2. Install dependencies:

    npm install

  3. Configure environment:

    cp .env.example .env
# Set MongoDB credentials and JWT secret

  4. Start the server:

    node app.js

The server runs on port 8000 by default.

Usage Examples

Register a New User

curl -X POST http://localhost:8000/api/users/register \
  -H "Content-Type: application/json" \
  -d '{
    "username": "john_doe",
    "email": "[email protected]",
    "password": "securepassword123",
    "role": "student"
  }'

User Login

curl -X POST http://localhost:8000/api/users/login \
  -H "Content-Type: application/json" \
  -d '{
    "email": "[email protected]",
    "password": "securepassword123"
  }'

Access Protected Profile

curl -X GET http://localhost:8000/api/users/profile \
  -H "Authorization: Bearer YOUR_JWT_TOKEN"

Project Structure

api-auth/
├── config/          # Database configuration
├── controller/      # Route controllers
├── docs/           # Documentation
├── logs/           # Application logs
├── middlewares/    # Custom middleware
├── model/          # Database models
├── routes/         # API routes
├── utils/          # Utility functions
├── app.js          # Main application file
├── package.json    # Dependencies
└── README.md       # Project documentation

Authentication Flow

  1. Registration: User provides credentials → Validation → Password hashing → User creation
  2. Login: User provides credentials → Validation → Password comparison → JWT generation
  3. Access: User provides JWT → Token validation → Route access → Data retrieval

Security Implementation

  • Password Hashing: bcrypt with salt rounds
  • JWT Tokens: 30-day expiry with secure signing
  • Input Validation: Required field validation
  • Error Handling: Comprehensive error responses
  • Database Security: Mongoose schema validation

Planned Enhancements

  • Password reset functionality
  • Email verification system
  • Refresh token implementation
  • User management endpoints
  • Role-based authorization middleware
  • Comprehensive logging system
  • Environment configuration improvements
  • Input validation enhancements

Use Cases

  • Web Applications: User authentication for web apps
  • Mobile Apps: API authentication for mobile clients
  • Microservices: Authentication service for distributed systems
  • Learning Management: Role-based access for educational platforms
  • Admin Panels: Secure access control for administrative interfaces

This authentication API provides a solid foundation for any Node.js application requiring user authentication and authorization.