{"id":27320125,"url":"https://github.com/bhargav-parashar/auth-hr","last_synced_at":"2026-04-12T06:34:50.172Z","repository":{"id":281904271,"uuid":"946198970","full_name":"bhargav-parashar/auth-HR","owner":"bhargav-parashar","description":"Full-stack, RBAC, JWT Authentication HRM application. Video Walkthrough - https://youtu.be/VHpn7cg2_lQ ","archived":false,"fork":false,"pushed_at":"2025-06-25T18:00:47.000Z","size":36847,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-08-21T05:54:07.425Z","etag":null,"topics":["controllers","custom-hooks","dashboard","debouncing","express","joi-validation","jwt-authentication","lazy-loading","middlewares","mongo","mongodb-aggregation-pipelines","mongoose","nodejs","parcel-bundler","react-router","reactjs","responsive-web-design","role-based-access-control","routers","services"],"latest_commit_sha":null,"homepage":"https://auth-hr.vercel.app","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bhargav-parashar.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-03-10T19:09:27.000Z","updated_at":"2025-06-25T18:00:51.000Z","dependencies_parsed_at":"2025-08-21T05:47:20.537Z","dependency_job_id":null,"html_url":"https://github.com/bhargav-parashar/auth-HR","commit_stats":null,"previous_names":["bhargav-parashar/auth-hr"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/bhargav-parashar/auth-HR","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bhargav-parashar%2Fauth-HR","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bhargav-parashar%2Fauth-HR/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bhargav-parashar%2Fauth-HR/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bhargav-parashar%2Fauth-HR/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bhargav-parashar","download_url":"https://codeload.github.com/bhargav-parashar/auth-HR/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bhargav-parashar%2Fauth-HR/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31706765,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-12T06:22:27.080Z","status":"ssl_error","status_checked_at":"2026-04-12T06:21:52.710Z","response_time":58,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["controllers","custom-hooks","dashboard","debouncing","express","joi-validation","jwt-authentication","lazy-loading","middlewares","mongo","mongodb-aggregation-pipelines","mongoose","nodejs","parcel-bundler","react-router","reactjs","responsive-web-design","role-based-access-control","routers","services"],"created_at":"2025-04-12T09:12:58.891Z","updated_at":"2026-04-12T06:34:50.139Z","avatar_url":"https://github.com/bhargav-parashar.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# AuthHR\nInspired by real-world workplace challenges, this full-stack Human Resource Management (HRM) application is built to close the communication gap between HR teams and employees. Prioritizing usability, security, and workflow efficiency, the platform streamlines processes such as leave applications, relocation requests, and resignation submissions and approvals.\n\n\u003cimg src=\"./frontend/src/assets/authHRFlow.png\" alt=\"Dashboard\" width=\"100%\"/\u003e\n\n## Table of Contents\n- [Tech Stack](#tech-stack)\n- [Feature Overview](#feature-overview)\n- [Design Pattern](#design-pattern)\n- [Security](#security)\n- [API endpoints / Routes](#api-endpoints--routes)\n- [Middlewares](#middlewares)\n- [Controllers](#controllers)\n- [Services](#services)\n- [Deployment](#deployment)\n\n\n## Tech Stack\n\n### Frontend \n- React \n- Material UI\n- React Router\n- JavaScript\n\n### Backend \n- Node.js\n- Express.js\n- MongoDB\n- Mongoose\n- JOI\n\n## Feature Overview\n\n### 1.Role-based access control  \nAccess is precisely tailored for employees and HR personnel based on their assigned roles. A middleware layer enforces these permissions by verifying whether the logged-in user's role is authorized to perform the requested action on the specified subject. It does so by querying the role-permission mappings: first retrieving the user's role, then fetching the associated permissions, and finally checking if the current request matches any allowed action-subject pair. Only if the permission is verified does the request proceed from the router to the controller; otherwise, access is denied.\n\n### 2.Authentication and Authorization\nSecure login and registration system using JWT tokens to protect user data and restrict access.\n\n### 3.Secure Password Hashing\nUser passwords are protected using industry-standard bcrypt hashing. This ensures that raw passwords are never stored in the database, enhancing security against data breaches. By incorporating salting and multiple hashing rounds, bcrypt makes it computationally expensive for attackers to reverse-engineer passwords, safeguarding user credentials even if the database is compromised.\n\n### 4.User Session Management\nPersistent login sessions using HTTP-only cookies for a seamless user experience.\n\n### 5.Responsive Mobile first frontend\nResponsive, mobile first approcah of development taken. Your dashboard adapts to the device you are on and gives you smooth, seamless experience.\nThe frontend is built with a mobile-first approach, ensuring the dashboard adapts seamlessly to any device. Whether on a phone or desktop, users enjoy a smooth and consistent experience tailored to their screen size.\n\n### 6.Approval Workflow\nHR dashboard to review, approve, or reject requests made by employees efficiently.\n\n## DESIGN PATTERN \n\n\u003cimg src=\"./frontend/src/assets/flowDiagram.png\" alt=\"Dashboard\" width=\"100%\"/\u003e\n\n### 1.Layered Architecture\nThe backend is structured using a clean and modular layered architecture, promoting a clear separation of concerns. Each layer has a distinct responsibility—controllers handle incoming requests and responses, routers manage endpoint definitions, middlewares provide cross-cutting functionality such as authentication, services encapsulate business logic, and database modules manage data access and persistence. This approach enhances code readability, testability, scalability, and maintainability.\n\n### 2.Lazy Loading\nTo optimize performance and reduce initial load time, the application implements lazy loading for various sections using React’s built-in lazy() function. Instead of bundling all components into the main JavaScript file, feature-specific components are loaded on demand—only when they are needed based on user interaction or route activation.\n\nThis approach not only improves initial page load speed but also reduces the app's memory footprint. By breaking down the code into smaller chunks, the app delivers a faster, more responsive experience—especially beneficial in large-scale applications with multiple feature modules.\n\nReact’s lazy() is paired with Suspense to handle the loading state gracefully, displaying fallback UI - Shimmer UI while the component is being fetched.\n\n### 3.Custom Hooks\nThe application leverages custom React hooks to encapsulate and reuse logic related to API calls and data transformations—particularly for the HR analytics section. These hooks abstract away repetitive logic such as fetching, and error handling, making the components cleaner and easier to maintain. Additionally, data processing tasks—like aggregating metrics, or filtering datasets—are handled within these hooks, ensuring a clear separation between business logic and UI.\n\n## SECURITY \n\n### 1. Password Hashing\nUser passwords are securely hashed using bcrypt, a strong hashing algorithm, ensuring that passwords are never stored in plain text. This enhances security by making it computationally infeasible for attackers to recover the original passwords, even in the event of a data breach.\n\n### 2. JWT Authentication\nThe application employs JSON Web Tokens (JWT) for secure, stateless authentication, ensuring that user credentials are safely transmitted and validated. This mechanism guarantees that sensitive data remains protected during the authentication process.\n\n\u003cimg src=\"./frontend/src/assets/jwtFlow.png\" alt=\"Dashboard\" width=\"100%\"/\u003e\n\n## API endpoints / Routes\n37 API Endpoints built to seamlessly connect client to the backend. These endpoints are divided into three routes - auth, hr and user. \n\n### 1. auth.routes.js \n/register [register new user] \u003cbr\u003e\n/login [login registered user] \u003cbr\u003e\n/logout [logout or clear http cookie of logged in user] \u003cbr\u003e\n/loginstatus [returns user’s status] \u003cbr\u003e\n\n### 2. hr.routes.js\n/all-user-details [returns all available users ]\u003cbr\u003e\n/pending-leaves [return all pending leave requests]\u003cbr\u003e\n/pending-relocations [return all pending relocation requests]\u003cbr\u003e\n/pending-resignations [return all pending resignation requests]\u003cbr\u003e\n/current-month-resignations [returns current month resignation for analytics purpose]\u003cbr\u003e\n/create-announcement [create new announcement]\u003cbr\u003e\n/announcements [get all announcement]\u003cbr\u003e\n/update-announcement [edit/update existing announcement]\u003cbr\u003e\n/delete-announcement [delete existing announcement]\u003cbr\u003e\n/update-leave-bal [updates available leave balance count]\u003cbr\u003e\n/update-leave-status [review leave request]\u003cbr\u003e\n/update-relocation-status [review relocation request]\u003cbr\u003e\n/update-resignation-status [review resignation request]\u003cbr\u003e\n/update-user-location [update user’s location]\u003cbr\u003e\n/update-user-details [update user’s details]\u003cbr\u003e\n/delete-all-user-data/:userId [delete user and user’s details]\u003cbr\u003e\n\n### 3. user.route.js\n/details [returns logged in user details]\u003cbr\u003e\n/request-history [return logged in user’s request history]\u003cbr\u003e \n/leaveBal [returns logged in user’s leave balance]\u003cbr\u003e\n/updateLeaveBal [updates logged in user’s leave balance]\u003cbr\u003e\n /leave [submit leave request]\u003cbr\u003e\n/leave-applications [returns logged in user’s leave application history]\u003cbr\u003e\n/pending-leave-applications [returns logged in user’s pending leave applications]\u003cbr\u003e\n/relocate [submit relocation request]\u003cbr\u003e\n/relocationquestionnaire [get relocation questionnaire]\u003cbr\u003e\n/relocationresponses [submit relocation responses for relocation questionnaire]\u003cbr\u003e\n/relocation [returns logged in user’s relocation requests history]\u003cbr\u003e\n/pending-relocation [returns logged in user’s pending requests]\u003cbr\u003e\n/resign [ submit resignation]\u003cbr\u003e\n/questionnaire [get resignation questionnaire]\u003cbr\u003e\n/responses [submit resignation responses for relocation questionnaire]\u003cbr\u003e\n/resignation [returns logged in user’s resignation requests history]\u003cbr\u003e\n/pending-resignation [returns logged in user’s pending resignation request]\u003cbr\u003e\n\n## Middlewares\n4 essential middleware functions have been developed and reused across critical parts of the application\n\n### 1. authorizeJwt(req, res, next)\nVerifies the user's JWT by extracting the token from cookies and attaches the authenticated user object to the request.\n\n### 2. dateValidation(req, res, next)\nEnsures that the requested date is not a national holiday or a weekend.\n\n### 3. validateSchema(req, res, next) \nValidates incoming request data against predefined Joi schemas.\n\n### 4. validateRolePermission(req, res, next)\nEnforces role-based access control by verifying if the user has permission to perform the requested action.\n\n## Controllers\n37 Controller Functions are built for handling incoming requests and sending responses back to the client. These functions are divided into 3 Controller JS files -\n\n### 1. auth.controller.js \nregister() [register new user] \u003cbr\u003e\nlogin() [login registered user]\u003cbr\u003e\nlogout() [clear cookie, logout user]\u003cbr\u003e\nloginstatus() [return user details if jwt token still valid]\u003cbr\u003e\n\n### 2. hr.controller.js\ngetAllUsers() [gets all available users]\u003cbr\u003e\ngetPendingLeaves() [gets all pending leave requests]\u003cbr\u003e\ngetPendingRelocations() [gets all pending relocation requests]\u003cbr\u003e\ngetPendingResignations() [gets all pending relocation resignations]\u003cbr\u003e\ngetCurrMonthResignations() [gets current month resignations for analytics ]\u003cbr\u003e\ncreateAnnouncement() [creates announcement]\u003cbr\u003e\ngetAnnouncements() [gets all announcements]\u003cbr\u003e\nupdateAnnouncement() [updates announcement]\u003cbr\u003e\ndeleteAnnouncement() [deletes announcement]\u003cbr\u003e\nupdateLeaveBal() [updates leave balance count]\u003cbr\u003e\nupdateLeaveStatus() [updates leave status – approved/rejected]\u003cbr\u003e\nupdateRelocationStatus() [updates relocation status – approved/rejected]\u003cbr\u003e\nupdateUserLocation() [updates user location]\u003cbr\u003e\nupdateResignationStatus() [updates resignation status – approved/rejected]\u003cbr\u003e\nupdateUser() [updates user details]\u003cbr\u003e\ndeleteAllUserData() [removes user and associated data in a single mongoose transaction]\u003cbr\u003e\n\n### 3.user.controller.js\nuserDetails() [gets user details by user id]\u003cbr\u003e\ngetRequestHistoryByUserId() [gets user’s request history by user id]\u003cbr\u003e\ngetLeaveBalByUserId() [gets leave balance by user id]\u003cbr\u003e\nleave() [submits leave request]\u003cbr\u003e\nupdateLeaveBal() [updates user’s leave balance]\u003cbr\u003e\ngetLeavesByUserId() [gets leave request history by user id]\u003cbr\u003e\ngetPendingLeavesByUserId() [gets pending leaves by user id]\u003cbr\u003e\nrelocate() [submits relocation request]\u003cbr\u003e\nrelocationQuestionnaire() [gets relocation questionnaire]\u003cbr\u003e\nsubmitRelocationResponse() [submit response to relocation questionnaire]\u003cbr\u003e\ngetRelocationByUserId() [get relocation request history by user id]\u003cbr\u003e\ngetPendingRelocationByUserId() [get pending relocation requests by user id]\u003cbr\u003e\nresign() [submit resignation request]\u003cbr\u003e\nquestionnaire() [gets resignation questionnaire]\u003cbr\u003e\nsubmitResponse() [submit response to resignation questionnaire]\u003cbr\u003e\ngetResignationByUserId() [get relocation request history by user id]\u003cbr\u003e\ngetPendingResignationByUserId() [get pending resignation requests by user id]\u003cbr\u003e\n\n## SERVICES\n48 Services built to seamlessly carry out business logic, connect to MongoDB and return requested data back to the controller and sub-sequently to the client. These services are divided into 3 Services JS files - \n\n### 1. auth.service.js \ngeneratePasswordHash() [generates hashed password from plain text input using bcrypt]\u003cbr\u003e\ncomparePasswordHash() [compares input password and hashed password]\u003cbr\u003e\ngenerateJwt() [creates Jwt using Jwt.sign()]\u003cbr\u003e\nverifyJwt() [verifies jwt using Jwt.verify()] \u003cbr\u003e\n\n### 2. hr.service.js\ngetAllUsers() [gets all documents from users collection]\u003cbr\u003e\ngetPendingLeaves() [gets all pending leave documents from leaves collection]\u003cbr\u003e\ngetPendingRelocations() [gets all pending relocation documents from relocations collection]\u003cbr\u003e\ngetPendingResignations() [gets all pending resignation documents from resignations collection]\u003cbr\u003e\ngetCurrMonthResignations() [gets current month’s resignations from resignations collection]\u003cbr\u003e\ncreateAnnouncement() [creates a new announcement document in the announcements collection]\u003cbr\u003e\ngetAnnouncements() [gets all announcement documents from announcements collection]\u003cbr\u003e\nupdateAnnouncement() [updates a document in the announcements collection]\u003cbr\u003e\ndeleteAnnouncement() [deletes a document from the announcements collection]\u003cbr\u003e\nupdateLeaveBal() [updates leave balance in a document in the users collection]\u003cbr\u003e\nupdateLeaveStatus() [updates leave status in a document in the leaves collection]\u003cbr\u003e\nupdateRelocationStatus() [updates relocation status in a document in the relocations collection]\u003cbr\u003e\nupdateUserLocation() [updates location in a document in the users collection]\u003cbr\u003e\nupdateResignationStatus() [updates resignation status in a document in the resignations collection]\u003cbr\u003e\nupdateUser() [updates  multiple fields in a document in the users collection]\u003cbr\u003e\ndeleteUserById() [deletes a document in the users collection]\u003cbr\u003e\ndeleteUserRolesByUserId() [deletes a document in the userroles collection]\u003cbr\u003e\ndeleteLeavesByUserId() [deletes a document in the leaves collection]\u003cbr\u003e\ndeleteRelocationsByUserId() [deletes a document in the relocations collection]\u003cbr\u003e\ndeleteRelocationRespByUserId() [deletes a document in the relocationresponses collection]\u003cbr\u003e\ndeleteResignationsByUserId() [deletes a document in the resignations collection]\u003cbr\u003e\ndeleteResignationRespByUserId() [deletes a document in the userresponses collection]\u003cbr\u003e\ngetRolePermissions() [gets documents from rolepermissions collection by role Id]\u003cbr\u003e\ngetPermissions() [gets documents from persmissions collection by permission ids]\u003cbr\u003e\n\n### 3. user.service.js\ncreate() [creates a document in the users collection]\u003cbr\u003e\ncreateUserRole() [creates a document in the userroles collection]\u003cbr\u003e\ngetUserRoleMapping() [get documents from userroles collection by user id]\u003cbr\u003e\nfindByUsername() [get documents from users collection by user name]\u003cbr\u003e\nfindByUserId() [get documents from users collection by user id]\u003cbr\u003e\ngetRole() [get documents from roles table by role id]\u003cbr\u003e\nresign() [creates a document in the resignations collection]\u003cbr\u003e\nsubmitResponse() [creates a document in the userresponses collection]\u003cbr\u003e\ngetQuestions() [gets documents from questionnaire collection]\u003cbr\u003e\ngetResignationByUserId() [aggregates and returns data from resignations, users and userresponses collections]\u003cbr\u003e\ngetPendingResignationByUserId() () [aggregates and returns data from resignations, users and userresponses collections]\u003cbr\u003e\nrelocate() [creates a document in the relocations collection]\u003cbr\u003e\nsubmitRelocationResponse() [creates a document in the relocationresponses collection]\u003cbr\u003e\ngetRelocationQuestions() [gets documents from relocationquestionnaire collection]\u003cbr\u003e\ngetRelocationByUserId() [aggregates and returns data from relocations, users and relocationresponses collections]\u003cbr\u003e\ngetPendingRelocationByUserId() [aggregates and returns data from relocations, users and relocationresponses collections]\u003cbr\u003e\nleave() [creates a document in the leaves collection]\u003cbr\u003e\nupdateLeaveBal() [updates leave balance in a document in the users collection]\u003cbr\u003e\ngetleavesByUserId() [aggregates and returns data from leaves and users collections]\u003cbr\u003e\ngetPendingleavesByUserId() [aggregates and returns data from leaves and users collections]\u003cbr\u003e\n\n\n## DEPLOYMENT\n\n### Backend\nThe application's backend is hosted on Render, providing a reliable and scalable cloud platform for deployment. A Node.js server powers the backend, efficiently handling API requests and responses.\n\n### Frontend\nThe frontend is deployed on Vercel, a fast and developer-friendly platform optimized for frontend frameworks like React. Vercel enables seamless CI/CD workflows, automatic deployments on code push, and delivers a globally distributed, high-performance user experience.\n\n\n\n\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbhargav-parashar%2Fauth-hr","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbhargav-parashar%2Fauth-hr","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbhargav-parashar%2Fauth-hr/lists"}