A robust and secure authentication service built with Node.js, Express, TypeScript, and MongoDB. This service provides comprehensive user authentication and authorization functionality with enhanced security features.
- User registration and login with email verification
- Password hashing using bcrypt
- JWT-based authentication with refresh tokens
- MongoDB database integration with Mongoose
- TypeScript for type safety and better development experience
- Docker support for containerization
- Comprehensive test suite with Jest
- Rate limiting for API endpoints
- Security headers with Helmet
- Input validation with express-validator
- Cookie-based session management
- Password reset functionality
- Security audit capabilities
- Node.js (v14 or higher)
- MongoDB
- Docker (optional)
- npm or yarn
- Clone the repository:
git clone <repository-url>
cd auth-service-v2- Install dependencies:
npm install- Create a
.envfile in the root directory with the following variables:
MONGODB_URI=your_mongodb_connection_string
JWT_SECRET=your_jwt_secret
JWT_REFRESH_SECRET=your_refresh_token_secret
PORT=3000
NODE_ENV=developmentTo start the development server with hot-reloading:
npm run devTo build the TypeScript project:
npm run buildRun the test suite:
npm testRun security checks:
npm run auditThe project includes Docker support for containerization:
- Build the Docker image:
docker build -t auth-service .- Run using Docker Compose:
docker-compose upsrc/
├── config/ # Configuration files
├── controllers/ # Route controllers
├── middleware/ # Custom middleware
├── models/ # Database models
├── routes/ # API routes
├── types/ # TypeScript type definitions
├── app.ts # Express application setup
└── index.ts # Application entry point
- Express.js - Web framework
- Mongoose - MongoDB ODM
- bcrypt - Password hashing
- jsonwebtoken - JWT implementation
- cors - Cross-origin resource sharing
- dotenv - Environment variable management
- helmet - Security headers
- express-rate-limit - Rate limiting
- express-validator - Input validation
- cookie-parser - Cookie management
- TypeScript
- Jest - Testing framework
- ts-jest - TypeScript testing support
- ts-node-dev - Development server
- MongoDB Memory Server - In-memory MongoDB for testing
- Supertest - HTTP testing
- Various TypeScript type definitions
- POST /api/auth/register - User registration
- POST /api/auth/login - User login
- POST /api/auth/refresh - Refresh access token
- POST /api/auth/logout - User logout
- POST /api/auth/forgot-password - Request password reset
- POST /api/auth/reset-password - Reset password
- GET /api/auth/verify-email - Email verification
- Rate limiting on all endpoints
- Helmet security headers
- Input validation and sanitization
- Secure password hashing
- JWT token rotation
- Cookie security
- CORS protection
- Environment variable protection
ISC
- Fork the repository
- Create your feature branch
- Commit your changes
- Push to the branch
- Create a new Pull Request