Skip to content

ticklemycode/seed-JWT-auth-server

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
controllers
controllers
 
 
models
models
 
 
services
services
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
_config.yml
_config.yml
 
 
index.js
index.js
 
 
package.json
package.json
 
 
router.js
router.js
 
 
yarn.lock
yarn.lock
 
 

Repository files navigation

Simple Node Authentication Server using JWT

Starter authentication server that utilizes JWT or local passport strategies for protected resources.

Requirements

Stack

  • mongoose - elegant mongodb object modeling for node.js
  • expressjs - Fast, unopinionated, minimalist web framework for Node.js
  • passport - Simple, unobtrusive authentication for Node.js
  • JWT - JSON Web Tokens are an open, industry standard RFC 7519 method for representing claims securely between two parties.

Features

  • user model
  • encryption of passwords

Add your own config.js in the root directory of your project.

You will see errors when trying to start the app if you don't provide these properties.

// config.js

module.exports = {
    // Secret key for JWT signing and encryption
    'secret': 'super secret passphrase',
    // Database connection information
    'database': 'mongodb://localhost:auth/auth',
    // Setting port for server
    'port': process.env.PORT || 3090
}

Signup and Signin routes will return JWT to be used for subsequent request

Signup route will require email and password to be sent and will check if email provided is already in use.

app.post('/signup', Authentication.signup);

Signin route will also require email and password to be sent and server will validate credentials provided.

app.post('/signin', requireSignin, Authentication.signin);

Defining protect routes

Sample route that requires JWT authentication.

app.get('/', requireAuth, (req, res, next) => {
    res.send({ access: 'granted' });
});

Sample request

POST Request for '/signup'

curl -X POST \
  http://localhost:3090/signup \
  -d '{
	"email":"me@me.com",
	"password": "test"
    }'

Response returns error or JWT depending if email is already in use

{
    "error": "Email is in use."
}

or

{
    "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI1OWYzODQxYTY5MjFhYjI3ZWJlODY0NDciLCJpYXQiOjE1MDkxMzEyOTAzMzgsImVtYWlsIjoibWVAbWUyLmNvbSJ9.sLG8rCopHvDsFD_3eHeJ7Lja9vKYWNj1py4DrukBv8g"
}

GET request for protected resource on path '/'

curl -X GET \
  http://localhost:3090/ \
  -H 'authorization: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI1OWYzNmQwNzg5ZTYwNTFlN2FkZjY2ZTkiLCJpYXQiOjE1MDkxMjUzODMyMTQsImVtYWlsIjoiYnV0dHRlcjJAZXh4YW1wbGUuY29tIn0.sWrBHQ85ErGQF1lZ18qB8LGfKutAOgXifbb8yX9b0Ds' \
  -H 'content-type: application/json' \

Response returns 'Unauthorized' or the protect resource depending on if the JWT sent was valid or not

{
    "access": "granted"
}

POST Request for '/signin'

curl -X POST \
  http://localhost:3090/signin \
  -H 'content-type: application/json' \
  -d '{
	"email":"me@me.com",
	"password": "test"
    }'

Response returns 'Unauthorized' or JWT

{
    "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI1OWYzNzNlMjA1MWY0NzIyNTc0YWY1ZTkiLCJpYXQiOjE1MDkxMjg0MjczNTcsImVtYWlsIjoibWVAbWUuY29tIn0.XPFY88mQZUPSibLV6COdGeHtZf6ZoYp2NKV-cX0llw4"
}

Reference: http://blog.slatepeak.com/refactoring-a-basic-authenticated-api-with-node-express-and-mongo/

About

Seed Project - Authentication Server using JWT

Topics

nodejs jwt express seed passport protected-resources

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages