{"id":51403888,"url":"https://github.com/ahmed-rafiullah/node-auth","last_synced_at":"2026-07-04T09:32:30.420Z","repository":{"id":42254293,"uuid":"279589330","full_name":"ahmed-rafiullah/node-auth","owner":"ahmed-rafiullah","description":"A simple nodejs app demoing some basic session and security features","archived":false,"fork":false,"pushed_at":"2023-01-11T03:09:19.000Z","size":1694,"stargazers_count":0,"open_issues_count":19,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2023-07-25T06:18:15.144Z","etag":null,"topics":["authentication","connect-mongo","express-session","mongodb","nodejs"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ahmed-rafiullah.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-07-14T13:14:24.000Z","updated_at":"2023-07-25T06:18:15.145Z","dependencies_parsed_at":"2023-02-09T00:30:57.591Z","dependency_job_id":null,"html_url":"https://github.com/ahmed-rafiullah/node-auth","commit_stats":null,"previous_names":["ahmed-rafiullah/node-auth"],"tags_count":0,"template":null,"template_full_name":null,"purl":"pkg:github/ahmed-rafiullah/node-auth","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ahmed-rafiullah%2Fnode-auth","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ahmed-rafiullah%2Fnode-auth/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ahmed-rafiullah%2Fnode-auth/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ahmed-rafiullah%2Fnode-auth/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ahmed-rafiullah","download_url":"https://codeload.github.com/ahmed-rafiullah/node-auth/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ahmed-rafiullah%2Fnode-auth/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":35117335,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-07-04T02:00:05.987Z","response_time":113,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","connect-mongo","express-session","mongodb","nodejs"],"created_at":"2026-07-04T09:32:29.821Z","updated_at":"2026-07-04T09:32:30.411Z","avatar_url":"https://github.com/ahmed-rafiullah.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"### A simple nodejs app demoing some basic session and security features\n\n[![Generic badge](https://img.shields.io/badge/Looking_for_job-Hire_me-green.svg?style=for-the-badge)](https://shields.io/) ![license](https://img.shields.io/npm/l/m) [![PRs Welcome](https://img.shields.io/badge/PRs-welcome-brightgreen.svg)](http://makeapullrequest.com)\n\nThis project was inspired and based on the project [node-auth](https://github.com/alex996/presentations/blob/master/node-auth.md) by that showcases a way to implement  auth  features.\n\nFor more information on auth processes visit [https://github.com/alex996/presentations/blob/master/auth.md](https://github.com/alex996/presentations/blob/master/auth.md) and watch the accompanying video [Authentication on the Web (Sessions, Cookies, JWT, localStorage, and more)](https://www.youtube.com/watch?v=2PPSXonhIck)\n\n#### Features\n\n- [x] login/logout/register + session expiry\n- [x] email verification (`\"Confirm your email\"`)\n- [x] password reset (`\"Forgot password\"`)\n- [x] password confirmation (`\"Re-enter your password\"`)\n- [x] persistent login (`\"Remember me\"`)\n- [x] account lockout (`\"Too many failed login attempts\"`)\n- [x] rate limiting (`\"Too many requests\"`)\n\n#### Tech\n\n- MySQL as database\n- MongoDB as session storage\n- Both containerized\n- Express as server application\n- And typescript as language of choice\n\n\n\n#### Issues\nIf you find any security related or other issues please do start a pull request\n\n#### Requirements\nInstall `node.js` and `Docker`\n\n\n#### Email\n\nSetup an ethereal account and get the email and password and replace the values in the .env file.\n\nVisit https://ethereal.email/\n\n#### Steps to run\n\n\nBelow is a sample configuration file create a `.env` file in the root of the project and simply copy paste the example below or from the example.env file.\n\n**DO NOT**: leave `SESSION_REMEMBER_ME_MAX_AGE` `SESSION_MAX_AGE` as empty `KEY=` this will still be picked up by dotenv as a null or empty value and will cause cookie code to not work correctly so either provide the complete key value pair or just comment it out. Default values for many env variables are hardcoded in the server config.\n\n\n    ################################## server variables ##################################\n\n    # optional default value is '3000' in server config\n    APP_PORT=3000\n\n    # optional default value is 'development' in server config\n    NODE_ENV=development\n\n    # optional default value is 'localhost' in server config\n    APP_HOSTNAME=localhost\n\n    # optional default value is 'http' in server config\n    APP_PROTOCOL=http\n\n    ################################## security related variables ##################################\n\n    # optional default value is 12 in server config\n    SALT_ROUNDS=12\n\n    # optional default value is 'example' in server config\n    COOKIE_SECRET=example\n\n    # optional  default value is 'okgr8' in server config\n    APP_SECRET=okgr8\n\n    # optional default value is 30 minutes converted to milliseconds in server config\n    # the maximum age of a session for a user\n    # unit is always milliseconds\n    # SESSION_MAX_AGE=\n\n    # optional default value is one week converted to milliseconds in server config\n    # the maximum age of a session when a user ticks the remember me checkbox\n    # unit is always milliseconds\n    # SESSION_REMEMBER_ME_MAX_AGE=\n\n    # optional default value is 'sid' in server config\n    SESSION_NAME=sid\n\n    # optional  default value is '5 minutes' converted to milliseconds in server config\n    # the maximum age of a password reset link\n    # unit is always milliseconds\n    # PASSWORD_RESET_TIMEOUT=\n\n    # optional default value is '1 minute' converted to milliseconds in server config\n    # the maximum time after which on protected routes the app will ask a user for their password to contnue\n    # used for sensitive account settings etc.\n    # unit is always milliseconds\n    # CONFIRM_PASSWORD_TIME=\n\n    ################################## mailer related variables ##################################\n\n    # you change the variables here according to the mailer service you choose\n\n    # optional default value is smtp.ethereal.email in server config\n    SMTP_HOST=smtp.ethereal.email\n\n    # optional default value is smtp.ethereal.email in server config\n    SMTP_PORT=587\n\n    # required there is no default in server config\n    # get your mail and password from ehtereal mail\n    SMTP_USER=\u003cADD YOUR EMAIL HERE\u003e\n\n    # required there is no default in server config\n    SMTP_PASSWORD=\u003cADD YOUR EMAIL PASSWORD HERE\u003e\n\n    # optional default value is 5m in server config\n    # the amount of time after which the email verficiation link will be invalid\n    # expressed in seconds or a string describing a time span zeit/ms. Eg: 60, \"2 days\", \"10h\", \"7d\"\n    # https://github.com/vercel/ms\n    EMAIL_VERIFICATION_EXPIRY_TIME=5m\n\n    ################################### mysql db variables ###################################\n\n    # optional default value is 'simple' in compose file and server config\n    DATABASE_NAME=simple\n\n    # optional default value is 'localhost' in server config\n    DATABASE_HOST=localhost\n\n    # optional default value is 'example' in compose file and server config\n    DATABASE_PASSWORD=example\n\n    # optional default value is 'root' in compose file and server config\n    DATABASE_USER=root\n\n    # optional default value is '4050' in compose file and server config\n    DATABASE_PORT=4050\n\n    ################################### mongo variables ###################################\n\n    # optional default value is 'session-cache'  in compose file and server config\n    MONGO_DB_NAME=mongo-cache\n\n    # optional default value is 27017  in compose file and server config\n    MONGO_PORT=27017\n\n    # optional default value is 0.5 gb  in compose file and server config\n    MONGO_CACHE_SIZE=0.5\n\n    # optional default value is localhost in  server config\n    MONGO_HOST=localhost\n\n    # optional default value is 'root'  in compose file and server config\n    MONGO_INITDB_ROOT_USERNAME=root\n\n    # optional default value is 'example'  in compose file and server config\n    MONGO_INITDB_ROOT_PASSWORD=example\n\nThen run `npm install` in the root of project\n\nNext (assuming docker is installed and running) run `npm run up`\n\nAfter the containers are running run `npm run dev` or `npm run dev`\n\nProvided is a sample postman api for testing\n\n[![Run in Postman](https://run.pstmn.io/button.svg)](https://app.getpostman.com/run-collection/5f611bc35c38a38629f0)\n\n**SIDE NOTE :** for passwords a schemavalidator is set such that `password must contain at least one upper case letter, one lower case letter, one digit, one special character from _ or -, and have min length 8 and any ascii letter`\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fahmed-rafiullah%2Fnode-auth","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fahmed-rafiullah%2Fnode-auth","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fahmed-rafiullah%2Fnode-auth/lists"}