AuthEase
Let's discover AuthEase in 5 mins.
Getting Started
The AuthEase API provides a set of endpoints to handle user authentication and management. It uses JSON Web Tokens (JWTs) for authentication and MongoDB for data storage. It is dockerized and can be deployed anywhere. It uses docker-compose to run the application. Built with Node.js, Express, and MongoDB.
Features
- This API uses TypeScript and zod for type checking and validation.
- It uses JWTs for authentication and authorization.
- It uses MongoDB for data storage.
- It uses Docker and docker-compose for containerization and deployment.
- Typegoose is used for MongoDB object modeling.
- argon2 is used for password hashing.
- nodemailer is used for sending emails.
What you'll need to add
- You need to add your own MongoDB database URL add it in .env file.
- Add your own custom secret add it in .env file.
Register a new user
Creates a new user with the provided email, password, and username.
Endpoint: POST /api/users
Request body:
| Field | Type | Required |
|---|---|---|
| firstName | string | yes |
| lastName | string | yes |
| string | yes | |
| password | string | yes |
| passwordConfirmation | string | yes |
{
"firstName": "test",
"lastName": "user",
"email": "test@user.com",
"password": "test@1234",
"passwordConfirmation": "test@1234"
}
Response:
200 OKon successful registration
User Created Successfully
400 Bad Requestif password & passwordConfirmation do not match
[
{
"code": "custom",
"message": "Passwords do not match",
"path": [
"body",
"passwordConfirmation"
]
}
]
400 Bad Requestif all fields in body are not provided
[
{
"code": "invalid_type",
"expected": "string",
"received": "undefined",
"path": [
"body",
"passwordConfirmation"
],
"message": "Password confirmation is required"
}
]
409 Conflictif a user with the provided email already exists
User Already Exists
After successful registration, a verification email will be sent to the user's email address. The user will need to click on the link in the email to verify their account.
The verification link will contain a verification code and unique user id. This verification code will be used to verify the user. It will be used as path variable in the verify user endpoint to verify the user.
Verify a user
Verifies a registered user with the provided verification code and user id. Without verifying the user, the user will not be able to login.
Endpoint: GET /api/users/verify/:id/:verificationCode
Path parameters:
| Field | Type | Description |
|---|---|---|
| id | string | ID of the user to verify |
| verificationCode | string | Verification code of the user |
Response: 200 OK on successful verification
User Verified Successfully
Login a verified user or Create session for a verified user
Logs in an existing verified user with the provided email and password.
Endpoint: POST /api/sessions
Request body:
| Field | Type | Required |
|---|---|---|
| string | yes | |
| password | string | yes |
{
"email": "test@user.com",
"password": "test@1234"
}
Response:
200 OKon successful login
{
"accessToken": "",
"refreshToken": ""
}
200 Okif the email or password is missing or or either of them is wrong
Invalid email or password
Refresh access token
Used to refresh the access token of the user based on the refresh token provided.
Endpoint: POST /api/sessions/refresh
Headers: Headers should contain the refresh token with the name x-refresh
| Field | Type | Required |
|---|---|---|
| x-refresh | string | yes |
Response:
200 Okwith an array of user objects on success.
{
"accessToken": ""
}
401 Unauthorizedwhen the request to end point comes without refresh token in header
Could not refresh access token
Get User or Get me
Returns the details of the currently logged in user.
Endpoint: GET /api/users/me
Headers: Headers should contain bearer token with the name Authorization it should be in the format Bearer <token>
Response:
200 Okwith user details on success.
{
"_id": "",
"email": "",
"firstName": "",
"lastName": "",
"createdAt": "",
"updatedAt": "",
"iat": ,
"exp":
}
403 Forbiddenif the access token is missing or invalid
Request password reset
Sends a password reset email to the user with the provided email address.
Endpoint: POST /api/users/forgotpassword
Request body:
| Field | Type | Required |
|---|---|---|
| string | yes |
{
"email": ""
}
Response: 200 OK on successful request
If an account with that email exists, we sent you an email to reset your password.
A password reset link will be sent to the user's email address. The user will need to click on the link in the email to reset their password. The password reset link will contain a reset code and unique user id. This reset code will be used to reset the user's password. It will be used as path variable in the reset password endpoint to reset the user's password.
Reset password
Resets the password of the user with the provided reset code and user id.
Endpoint: POST /api/users/resetpassword/:id/:passwordResetCode
Path parameters:
| Field | Type | Description |
|---|---|---|
| id | string | ID of the user to reset |
| passwordResetCode | string | Password reset code of the user |
Request body:
| Field | Type | Required |
|---|---|---|
| string | yes | |
| password | string | yes |
| passwordConfirmation | string | yes |
{
"email": "",
"password": "",
"passwordConfirmation": ""
}
Response:
200 OKon successful reset
Successfully updated password
400 Bad Requestif password & passwordConfirmation do not match or if reset code is invalid.
Contribute to AuthEase
This project is open to contributions. Feel free to open a pull request or submit an issue. You can find the source code here: https://github.com/Adi-ty/AuthEase. If you have any questions, you can reach out to me on my Email.