This project implements user authentication and authorization using Bearer tokens in a Node.js application with Express.js, Mongoose, and JWT. The application is structured with the MVC pattern and includes API documentation in Postman.
Use the sample login :
{ "email":"krish@gmail.com", "password":"123456789" } for admin login.
{ "email":"alice.johnson@example.com", "password":"123456789" } for user login.
- Features
- Tech Stack
- Setup and Installation
- Environment Variables
- API Endpoints
- Folder Structure
- Deployment
- User Registration: Register new users with hashed passwords.
- User Login: Authenticate users and issue JWTs for authorized access.
- JWT-Based Authorization: Protect routes using Bearer tokens.
- Secure User Info Retrieval: Users can retrieve their information using valid tokens.
- Error Handling and Validation: Proper error messages and input validations.
- API Documentation: Detailed documentation using Postman, with sample requests and responses.
- Node.js: JavaScript runtime for server-side applications.
- Express.js: Minimalist web framework for Node.js.
- Mongoose: MongoDB object modeling for Node.js.
- JWT: JSON Web Token for secure token-based authentication.
- Postman: API testing and documentation.
-
Clone the repository:
git clone https://github.com/yourusername/yourrepository.git cd yourrepository -
Install dependencies:
npm install express npm install bcrypt npm install nodemon --save-dev npm install cookie-parser npm install dotenv npm install jsonwebtoken npm install mongoose
-
Setting up environment variables .
-
Run the Application
npm run dev // In VS Code npm start // In Server Deployment
Both of these values were put under .gitignore concerning security.
- MongoDB Database URL - The URL for the database stored in Atlas
- Secret Key - Which is used in hashing the token in token encryption and decryption phase.
.
├── controllers # Contains controller functions
├── models # Contains Mongoose models
├── routes # Defines routes for the application
├── utils # Middleware for JWT token verification
├── index.js # Basefile (e.g., database connection)
└── README.md # Project documentation
POST /api/v1/auth/registerRegister a User: Send a POST request to/api/v1/auth/registerwith JSON payload containing username, email, and password.POST /api/v1/auth/loginLogin User: Send a POST request to/api/v1/auth/loginwith username and password. You’ll receive a JWT if credentials are valid.GET /api/v1/auth/meAccess Protected Routes - Personal Information: Send requests to protected routes withAuthorization: Bearer <token>headerauthorization headerafter logging in. Here we use a GET request to/api/v1/auth/me. If it is already logged in, we'll receive the details of the users.
Note
In our program, incase of successful login, we return the details of the user.
4.POST api/v1/auth/logout Logout User: Send a POST request to api/v1/auth/logout. It clears the token which is stored in the browser and logged out from the browser. If it is logged out, then we can't use the protected route api/v1/auth/me.
-
GET api/v1/auth/usersAccess Protected Routes - All Informations of the Users : Send a get request toapi/v1/auth/userswithAuthorization: Bearer <token>header after logging in. If it is already logged in withrole:admin, it returns all the informations of the registered users. Else it prevents the users to get all informations. -
GET /api/v1/auth/homeHome URL : It shows basic form to log in and testing the APIs mentioned in the 3rd and 5th APIs. Remaining APIs can be checked using POSTMAN./api/v1/auth/home. -
PUT /api/v1/auth/users/:idUpdate User : To Update the user, we can use their id. Since it is a protected route, we could only access them after admin login. -
DELETE /api/v1/auth/users/:idDelete an User : Using the ID of an user, we can delete the user by admin login.
The application can be deployed to Render for public access.
- Pushed the code to GitHub.
- Deployed the application by connecting our GitHub repository to Render.
- Use the Render URL to access your deployed API.