Skip to content

ayushcode191/Auth-App

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
src
src
 
 
.gitignore
.gitignore
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 
readme.md
readme.md
 
 
server.js
server.js
 
 

Repository files navigation

Secure Authentication Management System

A secure backend authentication system built using Node.js, Express.js, MongoDB, and JWT.
The system implements OTP-based email verification, Access Token & Refresh Token authentication, and multi-device session management to ensure secure user authentication.

Features

  • User registration with OTP-based email verification
  • Account verification required before login
  • Password hashing for secure credential storage
  • JWT-based authentication
  • Access Token & Refresh Token implementation
  • Secure session management
  • Logout from current device
  • Logout from all devices
  • RESTful authentication APIs

Tech Stack

  • Backend: Node.js, Express.js
  • Database: MongoDB
  • Authentication: JSON Web Token (JWT)
  • Email Service: Nodemailer

Authentication Flow

1. User Registration

  • User registers using email and password
  • Password is hashed before storing
  • User account is created with verification status set to false
  • An OTP is sent to the user's email

2. OTP Verification

  • User submits the OTP
  • If OTP is valid:
    • Account verification status becomes true
    • User account is activated

3. Login

Login is only allowed if the account is verified.

After successful login:

  • Access Token is generated (short-lived)
  • Refresh Token is generated (long-lived)

4. Token Refresh

When the Access Token expires, the client can request a new access token using the Refresh Token.

5. Logout

Two logout mechanisms are supported:

  • Logout current device → removes current refresh token
  • Logout from all devices → invalidates all refresh tokens

API Endpoints

Authentication APIs

Method Endpoint Description
POST /api/auth/register Register a new user and send email verification OTP
POST /api/auth/login Login user (only if email is verified)
GET /api/auth/get-me Get currently authenticated user details
GET /api/auth/refresh-token Generate a new access token using refresh token
GET /api/auth/logout Logout from current device
GET /api/auth/logout-all Logout from all devices
GET /api/auth/verify-email Verify user email using OTP/token

Installation

Clone the repository:

git clone https://github.com/ayushcode191/Auth-App.git
cd Auth-App
npm install

Environment Variables

Create a .env file in the root directory and add:

PORT=5000
MONGODB_URI=your_mongodb_connection_string
ACCESS_TOKEN_SECRET=your_access_secret
REFRESH_TOKEN_SECRET=your_refresh_secret
EMAIL_USER=your_email
EMAIL_PASS=your_email_password

Run the Server

npm start

Server will run on:

http://localhost:5000

Security Practices Implemented

  • Password hashing
  • JWT token authentication
  • OTP email verification
  • Refresh token based session management
  • Account verification before login
  • Multi-device logout capability

Author

Ayush Bansal
B.Tech IT | Backend Developer

GitHub:
https://github.com/ayushcode191

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages