A production-ready Authentication & Authorization microservice built with Node.js, Express, MongoDB, and Redis.
- β User registration with email verification
- β Secure login with JWT tokens
- β Refresh token rotation
- β Password reset flow
- β User profile management
- β Account lockout after failed login attempts
- β Rate limiting and security headers
- π OAuth integration (Google, GitHub)
- π Two-factor authentication (TOTP)
- π Role-based access control (RBAC)
- π Session management
- π Enhanced security features
- π Client SDK
- π Admin dashboard API
- π Comprehensive testing
- π Docker containerization
- π CI/CD pipeline
- Runtime: Node.js v18+ (ES Modules)
- Framework: Express.js
- Database: MongoDB with Mongoose
- Cache: Redis (IORedis)
- Authentication: JWT, bcrypt
- Validation: Joi
- Email: Nodemailer
- Logging: Winston
- Security: Helmet, express-rate-limit
- Node.js v18 or higher
- Docker Desktop (for MongoDB and Redis)
- Git
git clone https://github.com/YOUR_USERNAME/authflow.git
cd authflownpm installCopy .env.example to .env and update the values:
cp .env.example .envdocker compose up -dVerify containers are running:
docker psnode test-setup.jsYou should see:
β
MongoDB connected successfully
β
Redis connected successfully
npm run devThe API will be available at http://localhost:5000
authflow/
βββ src/
β βββ config/ # Database and Redis configuration
β βββ models/ # Mongoose schemas
β βββ repositories/ # Database operations
β βββ services/ # Business logic
β βββ controllers/ # Route handlers
β βββ middlewares/ # Auth, validation, error handling
β βββ routes/ # API routes
β βββ validators/ # Request validation schemas
β βββ utils/ # Utility functions
β βββ app.js # Express app setup
β βββ server.js # Server entry point
βββ tests/
β βββ unit/ # Unit tests
β βββ integration/ # Integration tests
βββ logs/ # Application logs
βββ .env # Environment variables (not in git)
βββ .env.example # Environment variables template
βββ docker-compose.yml # Docker services configuration
βββ package.json
POST /api/v1/auth/register - Register new user
POST /api/v1/auth/verify-email - Verify email
POST /api/v1/auth/resend-verification - Resend verification email
POST /api/v1/auth/login - Login user
POST /api/v1/auth/refresh - Refresh access token
POST /api/v1/auth/logout - Logout user
POST /api/v1/auth/forgot-password - Request password reset
POST /api/v1/auth/reset-password - Reset password
GET /api/v1/user/profile - Get user profile
PUT /api/v1/user/profile - Update user profile
PUT /api/v1/user/password - Change password
DELETE /api/v1/user/account - Delete account
# Run all tests
npm test
# Run tests in watch mode
npm run test:watch# Start services
docker compose up -d
# Stop services
docker compose down
# View logs
docker compose logs -f
# Connect to MongoDB shell
docker exec -it authflow_mongodb mongosh -u admin -p password123
# Connect to Redis CLI
docker exec -it authflow_redis redis-cli- Password hashing with bcrypt
- JWT-based authentication
- Refresh token rotation
- Account lockout after failed attempts
- Rate limiting on all endpoints
- Security headers with Helmet
- Input validation with Joi
- Email verification required
- Secure password reset flow
See .env.example for all available configuration options.
This is a learning project. Feel free to fork and experiment!
MIT License - feel free to use this project for learning purposes.
Kshitij Chavan
- GitHub: @KshitijChavan-Stack
- Built as a portfolio project to demonstrate backend development skills
- Inspired by modern authentication best practices
Status: π§ Work in Progress - Phase 1 (Core Authentication) in development
---
## Step 2: Update .gitignore
Make sure your `.gitignore` is complete:
node_modules/ package-lock.json yarn.lock
.env .env.local .env.*.local
logs/ .log npm-debug.log yarn-debug.log* yarn-error.log*
.DSStore .DS_Store? .* .Spotlight-V100 .Trashes
.vscode/ .idea/ _.swp _.swo *~
coverage/ .nyc_output/
dist/ build/
.docker/