The node-express-auth API provided basic endpoints to register users, log in users and get a JWT token.
It also provide authentication middleware to handle authorization for routes.
- NodeJS
- Express
- Passport
- Passport JWT
- Mongoose
- Configure your server
Create a config_local.js file or enter your settings directly in config/config.js
- Port: port where api should be served
- secret: secret key used to encrypt/decrypt JWT Token
- db: url of mongodb database
const cfg = {
port: 3000,
secret: 'y0urSup3erS3cretKey',
db: 'mongodb://localhost:27017/database_name'
};- Install dependencies
Install project's dependencies. You can use NPM or Yarn.
$ npm installOR
$ yarn install- Run server
At this point you should launch your server. We included nodemon to handle auto-refresh.
$ npm run start| functionality | method | endpoint |
|---|---|---|
| Register | POST | /api/v1/register |
| Log in and Authenticate | POST | /api/v1/login |
| Forgot password | POST | /api/v1/forgot-password |
| Reset password | POST | /api/v1/reset-password/:reset_token |
| functionality | method | endpoint |
|---|---|---|
| Current user information | GET | /api/v1/user |
| Modify current user | PUT | /api/v1/user |
| Change password | PUT | /api/v1/user/change-password |
POST /api/v1/register
Allow user to create an account with an email and password. The user could also provide an username but the connexion is with email.
Input
POST /api/vi/register
{
"email" : "[email protected]",
"password" : "mysecretpassword",
}Output
{
"success" : true,
"message" : "Successfully created new user.",
}POST /api/v1/login
Allow user to log in with email and password and get a JWT token that he should provide for all protected routes.
Input
POST /api/vi/login
{
"email" : "[email protected]",
"password" : "mysecretpassword",
}Output
{
"success" : true,
"token" : "JWT sOme.JwT.t0k3n",
}POST /api/v1/forgot-password
Allow user to reset his password. With this endpoint the server generate an unique hash that should be provided in /api/v1/reset-password endpoint.
The hash link is only valid 1 hour. After that, the user should re-ask the server to reset his password.
Input
POST /api/v1/forgot-password
{
"email" : "[email protected]",
}Output
{
"success" : true,
"resetPasswordToken" : "random_hash",
}POST /api/v1/reset-password/:reset_token
Allow user to reset his password and provide a new one.
Input
POST /api/v1/reset-password/:reset_token
{
"password" : "newPassword",
"confirmPassword" : "newPassword",
}Output
{
"success" : true,
"message" : "Password successfully update",
}GET /api/v1/user
Get information of user connected by JWT token
Output
{
"_id" : "random id generated by mongo",
"email" : "[email protected]",
"username" : "Username",
}PUT /api/v1/user
Modify all field of user connected by JWT token expected password.
Input
PUT /api/v1/user
{
"email" : "[email protected]",
"username" : "newUSername",
}Output
{
"success" : true,
"user" : {"email": "[email protected]", "username": "newUsername"},
}PUT /api/v1/user/change-password
Allow connected user to change his password.
Input
PUT /api/v1/user
{
"password" : "newPassword",
"confirmPassword" : "newPassword",
}Output
{
"success" : true,
"message" : "Password successfully update",
}Just run the following command
$ npm run testWe included apidoc to generate documentation for our API. Just run the following command and open index.html in apidoc folder.
$ npm run apidocadd unique constraint to user- send email after registration
- add config for email parameters
- add config to enable/disable email sending
- add errors response to documentation