{"id":42071973,"url":"https://github.com/KhaledSaeed18/node-authentication-template","last_synced_at":"2026-02-05T09:01:03.498Z","repository":{"id":283695686,"uuid":"945548964","full_name":"KhaledSaeed18/node-authentication-template","owner":"KhaledSaeed18","description":"šŸ” A Node.js authentication template built with TypeScript, Express and PostgreSQL with Prisma. Includes secure JWT-based authentication, email verification (OTP), password reset, 2FA with QR codes, login history tracking, rate limiting, role-based access control.","archived":false,"fork":false,"pushed_at":"2025-03-21T16:27:20.000Z","size":84,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-21T16:55:43.288Z","etag":null,"topics":["authentication","backend-api","eslint","express","google-gmail-api","jsonwebtoken","nodejs","nodemailer","nodemon","postgresql","prisma-orm","qrcode-generator","rate-limiting","two-factor-authentication","typescript","zod-validation"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/KhaledSaeed18.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-03-09T17:25:17.000Z","updated_at":"2025-03-21T16:27:23.000Z","dependencies_parsed_at":"2025-03-21T16:55:49.698Z","dependency_job_id":"d05d50ca-0530-400c-9eac-87fb9b4c62c7","html_url":"https://github.com/KhaledSaeed18/node-authentication-template","commit_stats":null,"previous_names":["khaledsaeed18/node-authentication-template"],"tags_count":0,"template":true,"template_full_name":null,"purl":"pkg:github/KhaledSaeed18/node-authentication-template","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/KhaledSaeed18%2Fnode-authentication-template","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/KhaledSaeed18%2Fnode-authentication-template/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/KhaledSaeed18%2Fnode-authentication-template/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/KhaledSaeed18%2Fnode-authentication-template/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/KhaledSaeed18","download_url":"https://codeload.github.com/KhaledSaeed18/node-authentication-template/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/KhaledSaeed18%2Fnode-authentication-template/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29117916,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-05T05:31:32.482Z","status":"ssl_error","status_checked_at":"2026-02-05T05:31:29.075Z","response_time":65,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","backend-api","eslint","express","google-gmail-api","jsonwebtoken","nodejs","nodemailer","nodemon","postgresql","prisma-orm","qrcode-generator","rate-limiting","two-factor-authentication","typescript","zod-validation"],"created_at":"2026-01-26T09:00:39.715Z","updated_at":"2026-02-05T09:01:03.492Z","avatar_url":"https://github.com/KhaledSaeed18.png","language":"TypeScript","funding_links":[],"categories":["TypeScript"],"sub_categories":[],"readme":"# šŸ” Node Authentication Template\n\n## Introduction\n\nThe Node Authentication Template is a robust, secure, and feature-rich authentication system built with Node.js and TypeScript. It provides a complete authentication solution with advanced security features including email verification, password reset, two-factor authentication (2FA), rate limiting, and more. This template is designed to be easily integrated into any Node.js project requiring secure user authentication.\n\n[![Node.js](https://img.shields.io/badge/Node.js-43853D?style=for-the-badge\u0026logo=node.js\u0026logoColor=white)](https://nodejs.org/)\n[![TypeScript](https://img.shields.io/badge/TypeScript-007ACC?style=for-the-badge\u0026logo=typescript\u0026logoColor=white)](https://www.typescriptlang.org/)\n[![Express.js](https://img.shields.io/badge/Express.js-404D59?style=for-the-badge\u0026logo=express\u0026logoColor=white)](https://expressjs.com/)\n[![PostgreSQL](https://img.shields.io/badge/PostgreSQL-316192?style=for-the-badge\u0026logo=postgresql\u0026logoColor=white)](https://www.postgresql.org/)\n[![Prisma](https://img.shields.io/badge/Prisma-3982CE?style=for-the-badge\u0026logo=Prisma\u0026logoColor=white)](https://www.prisma.io/)\n[![JWT](https://img.shields.io/badge/JWT-000000?style=for-the-badge\u0026logo=JSON%20web%20tokens\u0026logoColor=white)](https://jwt.io/)\n[![bcrypt](https://img.shields.io/badge/bcrypt-CF1A12?style=for-the-badge\u0026logo=npm\u0026logoColor=white)](https://www.npmjs.com/package/bcryptjs)\n[![2FA](https://img.shields.io/badge/2FA-FFA500?style=for-the-badge\u0026logo=authy\u0026logoColor=white)](https://www.npmjs.com/package/speakeasy)\n[![Nodemailer](https://img.shields.io/badge/Nodemailer-0F9DCE?style=for-the-badge\u0026logo=minutemailer\u0026logoColor=white)](https://nodemailer.com/)\n[![Google APIs](https://img.shields.io/badge/Google_APIs-4285F4?style=for-the-badge\u0026logo=google\u0026logoColor=white)](https://www.npmjs.com/package/googleapis)\n[![Zod](https://img.shields.io/badge/Zod-3068b7?style=for-the-badge\u0026logo=zod\u0026logoColor=white)](https://github.com/colinhacks/zod)\n[![dotenv](https://img.shields.io/badge/dotenv-ECD53F?style=for-the-badge\u0026logo=dotenv\u0026logoColor=black)](https://www.npmjs.com/package/dotenv)\n[![ESLint](https://img.shields.io/badge/ESLint-4B32C3?style=for-the-badge\u0026logo=eslint\u0026logoColor=white)](https://eslint.org/)\n[![Nodemon](https://img.shields.io/badge/Nodemon-76D04B?style=for-the-badge\u0026logo=nodemon\u0026logoColor=white)](https://nodemon.io/)\n\n## Tech Stack \u0026 Dependencies\n\n### Core Technologies\n\n- Node.js\n- TypeScript\n- Express.js\n- PostgreSQL\n- Prisma ORM\n\n### Key Dependencies\n\n**Authentication \u0026 Security:**\n\n- jsonwebtoken: JWT implementation for token-based authentication\n- bcryptjs: Password hashing library\n- speakeasy \u0026 qrcode: TOTP-based two-factor authentication\n- express-rate-limit: API rate limiting to prevent abuse\n- sanitize-html: Input sanitization to prevent XSS attacks\n\n**Email Services:**\n\n- nodemailer: Email sending functionality\n- googleapis: Google OAuth2 integration for email services\n\n**Validation:**\n\n- zod: Schema validation and type checking\n\n**Development Tools:**\n\n- dotenv: Environment variable management\n- eslint: Code linting\n- prisma: ORM and database migration tool\n- nodemon: Automatic server restarts during development\n- ts-node: TypeScript execution environment\n\n## Environment Variables\n\nCreate a .env file in the root directory with the following variables:\n\n``` .env\n# Server Configurations\nPORT=\nAPI_VERSION=\nBASE_URL=\n\n# App Configurations\nSALT_ROUNDS=\n\n# Database Configurations\nDATABASE_URL=\n\n#JWT Configurations\nJWT_SECRET=\nJWT_REFRESH_SECRET=\n\n# Email Configurations\nCLIENT_ID=\nCLIENT_SECRET=\nREFRESH_TOKEN=\nUSER_EMAIL=\nREDIRECT_URI=\n```\n\n## Running the Application\n\n### Setup\n\n1. **Clone the repository**\n\n ```bash\n git clone https://github.com/KhaledSaeed18/node-authentication-template.git\n cd node-authentication-template\n ```\n\n2. **Install dependencies with Yarn**\n\n ```bash\n yarn install\n ```\n\n3. **Set up environment variables**\n - Create a `.env` file in the root directory\n - Add all required environment variables as described in the section above\n\n### Development Mode\n\nRun the server in development mode with hot-reloading:\n\n```bash\nyarn dev\n```\n\n### Production Mode\n\n1. **Build the application**\n\n ```bash\n yarn build\n ```\n\n2. **Start the production server**\n\n ```bash\n yarn start\n ```\n\n### Additional Scripts\n\n- **Apply database migrations**\n\n ```bash\n yarn prisma migrate dev\n ```\n\n- **Generate Prisma client**\n\n ```bash\n yarn prisma generate\n ```\n\n## Project Structure\n\nThe project follows a modular architecture for better organization and maintainability:\n\n``` bash\nā”œā”€ā”€ .gitignore\nā”œā”€ā”€ eslint.config.mjs\nā”œā”€ā”€ package.json\nā”œā”€ā”€ prisma\nā”‚ ā””ā”€ā”€ schema.prisma\nā”œā”€ā”€ src\nā”‚ ā”œā”€ā”€ api\nā”‚ ā”‚ ā””ā”€ā”€ auth\nā”‚ ā”‚ ā”œā”€ā”€ auth.controller.ts\nā”‚ ā”‚ ā”œā”€ā”€ auth.rateLimiting.ts\nā”‚ ā”‚ ā”œā”€ā”€ auth.routes.ts\nā”‚ ā”‚ ā”œā”€ā”€ auth.service.ts\nā”‚ ā”‚ ā””ā”€ā”€ auth.validation.ts\nā”‚ ā”œā”€ā”€ constants\nā”‚ ā”‚ ā”œā”€ā”€ auth.constants.ts\nā”‚ ā”‚ ā””ā”€ā”€ emailTemplates.ts\nā”‚ ā”œā”€ā”€ index.ts\nā”‚ ā”œā”€ā”€ mails\nā”‚ ā”‚ ā”œā”€ā”€ email.ts\nā”‚ ā”‚ ā””ā”€ā”€ nodemailer.config.ts\nā”‚ ā”œā”€ā”€ middlewares\nā”‚ ā”‚ ā”œā”€ā”€ authorization.middleware.ts\nā”‚ ā”‚ ā”œā”€ā”€ error.middleware.ts\nā”‚ ā”‚ ā”œā”€ā”€ sanitizeBody.middleware.ts\nā”‚ ā”‚ ā””ā”€ā”€ securityHeaders.middleware.ts\nā”‚ ā””ā”€ā”€ utils\nā”‚ ā”œā”€ā”€ errorHandler.ts\nā”‚ ā”œā”€ā”€ generateOTP.ts\nā”‚ ā”œā”€ā”€ generateTokens.ts\nā”‚ ā””ā”€ā”€ totp.ts\nā”œā”€ā”€ tsconfig.json\nā””ā”€ā”€ yarn.lock\n```\n\n### Key Components\n\n- **api/auth**: Contains all authentication-related logic\n- **constants**: Application-wide constants and configurations\n- **mails**: Email service implementation\n- **middlewares**: Express middlewares for security and request processing\n- **utils**: Utility functions for common operations\n\n## Features \u0026 Endpoints\n\n### Authentication\n\n#### User Registration \u0026 Verification\n\n- `POST /api/v1/auth/signup`: Register a new user\n - Required fields: firstName, lastName, email, password\n - Creates user and sends verification email\n- `POST /api/v1/auth/verify-email`: Verify email with OTP\n - Required fields: email, code (6-digit)\n- `POST /api/v1/auth/resend-verification`: Resend verification code\n - Required fields: email\n\n#### Login \u0026 Session Management\n\n- `POST /api/v1/auth/signin`: User login\n - Required fields: email, password\n - Returns JWT tokens and user info\n - Handles 2FA if enabled\n- `POST /api/v1/auth/refresh-token`: Refresh access token\n - Required fields: refreshToken\n - Returns new access token\n- `GET /api/v1/auth/login-history`: Get user login history\n - Protected route (requires authorization)\n - Returns list of login attempts with device info\n\n#### Password Management\n\n- `POST /api/v1/auth/forgot-password`: Initiate password reset\n - Required fields: email\n - Sends password reset code via email\n- `POST /api/v1/auth/reset-password`: Reset password with code\n - Required fields: email, code, newPassword\n\n#### Two-Factor Authentication (2FA)\n\n- `POST /api/v1/auth/2fa/setup`: Set up 2FA\n - Protected route\n - Returns QR code and secret for TOTP apps\n- `POST /api/v1/auth/2fa/verify`: Verify and enable 2FA\n - Protected route\n - Required fields: token (6-digit TOTP code)\n- `POST /api/v1/auth/2fa/signin`: Complete login with 2FA\n - Required fields: email, password, token\n- `POST /api/v1/auth/2fa/disable`: Disable 2FA\n - Protected route\n - Required fields: token (6-digit TOTP code)\n\n## Security Features\n\n### Password Security\n\n- Strong password requirements with complexity validation\n- Bcrypt hashing with configurable salt rounds\n- Common password detection and prevention\n\n### Protection Against Attacks\n\n- Rate limiting on all authentication endpoints\n- CORS protection with configurable allowed origins\n- Security headers (CSP, HSTS, XSS Protection, etc.)\n- Input sanitization to prevent XSS attacks\n\n### Session Management\n\n- Short-lived JWT access tokens (20 minutes)\n- Longer-lived refresh tokens (7 days)\n- Login anomaly detection with IP, device tracking\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FKhaledSaeed18%2Fnode-authentication-template","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FKhaledSaeed18%2Fnode-authentication-template","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FKhaledSaeed18%2Fnode-authentication-template/lists"}