{"id":17093916,"url":"https://github.com/apurva313/rest-api-auth","last_synced_at":"2025-03-23T16:44:07.339Z","repository":{"id":256786281,"uuid":"856179903","full_name":"apurva313/Rest-API-Auth","owner":"apurva313","description":"This project is a REST API for authentication and authorization, including support for two-factor authentication (2FA).","archived":false,"fork":false,"pushed_at":"2024-09-12T15:50:06.000Z","size":42,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-01-28T22:48:57.524Z","etag":null,"topics":["auth","authenticated","authentication","authentication-backend","authentication-middleware","authenticator","authorization","express-middleware","expressjs","nodejs"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/apurva313.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-09-12T06:09:08.000Z","updated_at":"2024-09-12T17:16:02.000Z","dependencies_parsed_at":"2024-09-13T03:38:01.651Z","dependency_job_id":null,"html_url":"https://github.com/apurva313/Rest-API-Auth","commit_stats":null,"previous_names":["apurva313/rest-api-auth"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apurva313%2FRest-API-Auth","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apurva313%2FRest-API-Auth/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apurva313%2FRest-API-Auth/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apurva313%2FRest-API-Auth/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/apurva313","download_url":"https://codeload.github.com/apurva313/Rest-API-Auth/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245136348,"owners_count":20566586,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["auth","authenticated","authentication","authentication-backend","authentication-middleware","authenticator","authorization","express-middleware","expressjs","nodejs"],"created_at":"2024-10-14T14:09:42.269Z","updated_at":"2025-03-23T16:44:07.316Z","avatar_url":"https://github.com/apurva313.png","language":"JavaScript","readme":"# Rest API - Authentication and Authorization\r\n\r\nThis project is a REST API for authentication and authorization, including support for two-factor authentication (2FA). It is designed to provide a secure and scalable solution for managing user authentication and access control in web applications. The API supports various authentication methods, including traditional username and password, as well as modern techniques like OAuth and JWT (JSON Web Tokens). Additionally, it includes features for account recovery, password reset, and user role management, making it a comprehensive solution for handling user authentication and authorization needs.\r\n\r\n![Rest-API-Auth](https://github.com/user-attachments/assets/765a89d0-ae72-4349-aa1a-0f5ebe6fb596)\r\n\r\n\r\n## 🚀 About Me\r\n\r\n[![github](https://img.shields.io/badge/github-181717?style=for-the-badge\u0026logo=github\u0026logoColor=white)](https://github.com/apurva313)\r\n[![linkedin](https://img.shields.io/badge/linkedin-0A66C2?style=for-the-badge\u0026logo=linkedin\u0026logoColor=white)](https://www.linkedin.com/apurva313)\r\n\r\n\r\n## Getting Started\r\n\r\n### Prerequisites\r\n\r\n- Node.js\r\n- npm (Node Package Manager)\r\n\r\n### Installation\r\n\r\n1. Clone the repository:\r\n ```sh\r\n git clone https://github.com/your-repo/rest-api-auth.git\r\n cd rest-api-auth\r\n ```\r\n\r\n2. Install dependencies:\r\n ```sh\r\n npm install\r\n ```\r\n\r\n3. Create a `.env` file in the root directory and add the following environment variables:\r\n ```env\r\n PORT=3000\r\n ACCESS_TOKEN_SECRET=your_access_token_secret\r\n REFRESH_TOKEN_SECRET=your_refresh_token_secret\r\n ACCESS_TOKEN_EXPIRES_IN=15m\r\n REFRESH_TOKEN_EXPIRES_IN=7d\r\n CACHE_TEMPORARY_TOKEN_PREFIX=tempToken_\r\n ```\r\n\r\n4. Start the server:\r\n ```sh\r\n npm start\r\n ```\r\n\r\n## Dependencies\r\n\r\n- `express`: Fast, unopinionated, minimalist web framework for Node.js\r\n- `bcryptjs`: Library to help you hash passwords\r\n- `jsonwebtoken`: JSON Web Token implementation (JWT)\r\n- `otplib`: One Time Password (OTP) library\r\n- `qrcode`: QR code generator\r\n- `crypto`: Node.js built-in module for cryptographic functionality\r\n- `node-cache`: Simple and fast Node.js internal caching\r\n- `nedb-promises`: A persistent database for Node.js, with MongoDB-like API\r\n\r\n## API Endpoints\r\n\r\n### Authentication Routes\r\n\r\n#### Register\r\n- **URL:** `POST /api/auth/register`\r\n- **Request Body:**\r\n ```json\r\n {\r\n \"name\": \"Apurva Kumar\",\r\n \"email\": \"apurvakumar2@gmail.com\",\r\n \"password\": \"12345\",\r\n \"role\": \"moderator\"\r\n }\r\n ```\r\n- **Description:** Registers a new user.\r\n\r\n#### Login\r\n- **URL:** `POST /api/auth/login`\r\n- **Request Body:**\r\n ```json\r\n {\r\n \"email\": \"apurvakumar313@gmail.com\",\r\n \"password\": \"123345\"\r\n }\r\n ```\r\n- **Description:** Logs in a user and returns access and refresh tokens.\r\n\r\n#### Login 2FA\r\n- **URL:** `POST /api/auth/login/2fa`\r\n- **Request Body:**\r\n ```json\r\n {\r\n \"tempToken\": \"PYTDWXCMI4GQWYAI\",\r\n \"otp\": \"489647\"\r\n }\r\n ```\r\n- **Description:** Verifies the 2FA token and returns access and refresh tokens.\r\n\r\n#### Refresh Token\r\n- **URL:** `POST /api/auth/refresh-token`\r\n- **Request Body:**\r\n ```json\r\n {\r\n \"refreshToken\": \"your_refresh_token\"\r\n }\r\n ```\r\n- **Description:** Refreshes the access token using the refresh token.\r\n\r\n#### Logout\r\n- **URL:** `GET /api/auth/logout`\r\n- **Headers:**\r\n ```json\r\n {\r\n \"Authorization\": \"Bearer your_access_token\"\r\n }\r\n ```\r\n- **Description:** Logs out the user by invalidating the access and refresh tokens.\r\n\r\n### User Routes\r\n\r\n#### Get Current User\r\n- **URL:** `GET /api/users/current`\r\n- **Headers:**\r\n ```json\r\n {\r\n \"Authorization\": \"Bearer your_access_token\"\r\n }\r\n ```\r\n- **Description:** Retrieves the current authenticated user's information.\r\n\r\n#### Admin Route\r\n- **URL:** `GET /api/admin`\r\n- **Headers:**\r\n ```json\r\n {\r\n \"Authorization\": \"Bearer your_access_token\"\r\n }\r\n ```\r\n- **Description:** Access restricted to admin users.\r\n\r\n#### Moderator Route\r\n- **URL:** `GET /api/moderator`\r\n- **Headers:**\r\n ```json\r\n {\r\n \"Authorization\": \"Bearer your_access_token\"\r\n }\r\n ```\r\n- **Description:** Access restricted to admin and moderator users.\r\n\r\n### 2FA Routes\r\n\r\n#### Generate QRCode\r\n- **URL:** `GET /api/auth/2fa/generate`\r\n- **Headers:**\r\n ```json\r\n {\r\n \"Authorization\": \"Bearer your_access_token\"\r\n }\r\n ```\r\n- **Description:** Generates a QR code for setting up 2FA.\r\n\r\n#### Validate/Enable 2FA\r\n- **URL:** `POST /api/auth/2fa/validate`\r\n- **Headers:**\r\n ```json\r\n {\r\n \"Authorization\": \"Bearer your_access_token\"\r\n }\r\n ```\r\n- **Request Body:**\r\n ```json\r\n {\r\n \"totp\": \"827420\"\r\n }\r\n ```\r\n- **Description:** Validates the 2FA token and enables 2FA for the user.\r\n\r\n## Enabling 2FA\r\n\r\nTo enable two-factor authentication (2FA), you need to install an authenticator application on your mobile device. Some popular options include:\r\n\r\n- [Google Authenticator](https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2\u0026hl=en\u0026gl=US)\r\n- [Microsoft Authenticator](https://play.google.com/store/apps/details?id=com.azure.authenticator\u0026hl=en\u0026gl=US)\r\n- [Authy](https://play.google.com/store/apps/details?id=com.authy.authy\u0026hl=en\u0026gl=US)\r\n\r\nAfter installing the authenticator app, use the `/api/auth/2fa/generate` endpoint to generate a QR code. Scan the QR code with your authenticator app to set up 2FA.\r\n\r\n## Postman Collection\r\n\r\nYou can import the provided Postman collection to test the API endpoints. [Download Postman Collection](https://api.postman.com/collections/32225191-6470fe88-d866-4d52-99f8-35b1241df921?access_key=PMAT-01J7KE03RRMV152QZV5NS6W5X8)\r\n\r\n## Contributing\r\n\r\nContributions are welcome! Please follow these steps to contribute:\r\n\r\n1. Fork the repository.\r\n2. Create a new branch (`git checkout -b feature-branch`).\r\n3. Make your changes.\r\n4. Commit your changes (`git commit -m 'Add some feature'`).\r\n5. Push to the branch (`git push origin feature-branch`).\r\n6. Open a pull request.\r\n\r\n## License\r\n\r\nThis project is licensed under the MIT License.\r\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fapurva313%2Frest-api-auth","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fapurva313%2Frest-api-auth","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fapurva313%2Frest-api-auth/lists"}