Skip to content
/ node-auth-api Public

Lightweight Node.js authentication API demonstrating JWT, refresh tokens, 2FA helpers, and simple file-based data storage.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

yazy7991/node-auth-api

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

42 Commits
controllers
controllers
 
 
middleware
middleware
 
 
models
models
 
 
routes
routes
 
 
utils
utils
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
app.js
app.js
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 
server.js
server.js
 
 

Repository files navigation

Node Auth API

Lightweight Node.js authentication API demonstrating JWT, refresh tokens, 2FA helpers, and simple file-based data storage.

Overview

This project implements authentication primitives (register, login, token refresh, logout) and user management endpoints. It uses Express and a small file-based datastore via nedb-promises. Utility modules provide token helpers, caching, and OTP/QR code support.

Features

  • JWT access tokens and refresh tokens
  • Token invalidation and refresh handling
  • Basic role/authorization middleware
  • OTP (2FA) helper support and QR code generation
  • Simple file-based storage (NeDB)

Tech Stack

  • Node.js + Express
  • JSON Web Tokens (jsonwebtoken)
  • Password hashing (bcryptjs)
  • NeDB (nedb-promises) for lightweight persistence
  • In-memory cache (node-cache)
  • OTP support (otplib) and qrcode
  • Environment config via dotenv

Prerequisites

  • Node.js 18+ recommended

Install

Clone the repo and install dependencies:

git clone <repo-url>
cd node-auth-api
npm install

Environment

Create a .env file in the project root. Common variables used by this project include:

  • PORT — port the server listens on (default: 3000)
  • JWT_SECRET — secret for signing access tokens
  • REFRESH_TOKEN_SECRET — secret for refresh tokens
  • OTP_ISSUER — (optional) issuer name used when generating OTP QR codes

Adjust these as needed for your deployment.

Available NPM scripts

From package.json:

  • npm start — start server with node server.js
  • npm run dev — start server with nodemon for development
  • npm test — placeholder test script

Running the App

Start the server:

npm run dev

By default the app entry is server.js (see main in package.json).

Project Structure

  • server.js, app.js — app/server bootstrap
  • routes/ — route definitions (auth.routes.js, users.routes.js, roles.routes.js)
  • controllers/ — request handlers
  • middleware/authenticate.js, authorize.js
  • models/ — data models (NeDB-backed)
  • utils/token.js — token helpers
  • cache/ — caching utilities

Inspect Endpoints

See the route files in the routes/ folder for available endpoints and required request payloads. Typical endpoints you will find:

  • POST /auth/register
  • POST /auth/login
  • POST /auth/refresh
  • POST /auth/logout
  • GET /users (protected)

Notes

  • This project uses a lightweight file-based datastore; for production, consider switching to a managed DB (Postgres/MongoDB).
  • Secure your secrets and use HTTPS in production.

License

ISC

Where to look next

Open the controllers in controllers/ and routes in routes/ to adapt endpoints. See middleware/ for auth/authorization hooks.

About

Lightweight Node.js authentication API demonstrating JWT, refresh tokens, 2FA helpers, and simple file-based data storage.

Topics

nodejs jwt authentication rest-api expressjs authorization bcrypt nedb qrcode-generator access-token refresh-token nedb-promises roles-permissions 2factor-authentication

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages