{"id":20838528,"url":"https://github.com/ctmax-ui/advance-user-auth","last_synced_at":"2026-04-04T08:38:38.475Z","repository":{"id":259826227,"uuid":"861509523","full_name":"Ctmax-ui/Advance-user-auth","owner":"Ctmax-ui","description":"An reusable user authentication and authorization with REST api, that you can implement on your site.","archived":false,"fork":false,"pushed_at":"2024-10-28T04:11:50.000Z","size":143,"stargazers_count":0,"open_issues_count":1,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-01-18T23:18:21.187Z","etag":null,"topics":["bycryptjs","expressjs","jwt","mongodb","mongoose","nodejs","userauthentication"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Ctmax-ui.png","metadata":{"files":{"readme":"README.MD","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-09-23T03:22:53.000Z","updated_at":"2024-11-03T05:02:49.000Z","dependencies_parsed_at":null,"dependency_job_id":"eadf73e8-be5d-4df3-a214-1080c5b7bd7e","html_url":"https://github.com/Ctmax-ui/Advance-user-auth","commit_stats":null,"previous_names":["ctmax-ui/advance-user-auth"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Ctmax-ui%2FAdvance-user-auth","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Ctmax-ui%2FAdvance-user-auth/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Ctmax-ui%2FAdvance-user-auth/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Ctmax-ui%2FAdvance-user-auth/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Ctmax-ui","download_url":"https://codeload.github.com/Ctmax-ui/Advance-user-auth/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243196618,"owners_count":20251857,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bycryptjs","expressjs","jwt","mongodb","mongoose","nodejs","userauthentication"],"created_at":"2024-11-18T01:10:37.178Z","updated_at":"2025-12-24T08:38:50.250Z","avatar_url":"https://github.com/Ctmax-ui.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# User Authentication REST API .\r\n\r\n## Overview\r\nThis is a simple Node.js and Express-based REST API that provides user authentication features like user registration, login, and logout. The API is designed to be a scalable foundation for a complete authentication system and will later include support for Google OAuth, fingerprint, and passkey login. Currently, it supports traditional email/password-based authentication with JWT tokens for session management.\r\n\r\n## Features\r\n- **User Registration and Login** with secure password hashing using `bcrypt`.\r\n- **JWT-Based Authentication**: Secure access with JWT access and refresh tokens.\r\n- **Rate Limiting**: Protects routes from excessive requests.\r\n- **Password Reset**: Sends a password reset link via email using `nodemailer`.\r\n- **Cookie Management**: Uses HTTP cookies to manage session tokens.\r\n- **MongoDB for Data Persistence**: Stores user details securely.\r\n- **Environment-Based Configuration**: Customizable through environment variables.\r\n\r\n### Upcoming Features\r\n- **Google OAuth**: Integration with Google authentication.\r\n- **Fingerprint \u0026 Passkey Login**: Advanced login options for enhanced security.\r\n- **Location login and face detection** : Face auth system and location system.\r\n\r\n## Tech Stack\r\n- **Node.js**\r\n- **Express**\r\n- **MongoDB** (via Mongoose)\r\n- **JWT** for access and refresh tokens.\r\n- **Nodemailer** for sending emails.\r\n- **Express Rate Limit** for limiting excessive requests.\r\n- **bcrypt** for secure password hashing.\r\n- **cookie-parser** for managing cookies.\r\n- **cors** for handling Cross-Origin Resource Sharing.\r\n- **dotenv** for environment variable management.\r\n\r\n## Installation \u0026 Setup\r\n1. Clone the repository:\r\n ```bash\r\n git clone https://github.com/your-repo/user-auth-api.git\r\n ```\r\n2. Navigate to the project directory:\r\n ```bash\r\n cd user-auth-api\r\n ```\r\n3. Install dependencies:\r\n ```bash\r\n npm install\r\n ```\r\n4. Rename the .example.env to .env and fill all the value.\r\n5. Start the server:\r\n ```bash\r\n npm start\r\n ```\r\nThe server should now be running on http://localhost:3000.\r\n\r\n- **NOTE**: Also if you want to see an starter template with this api check here. [Frontend for advance user auth](https://github.com/Ctmax-ui/Frontend-for-advance-user-auth)\r\n\r\n## API Endpoints\r\n\r\n### 1. **User Registration**\r\n\r\n- **POST**: `/api/v1/createuser`\r\n- **Body**:\r\n\r\n  ```json\r\n  {\r\n    \"userName\": \"user\",\r\n    \"userEmail\": \"user@gmail.com\",\r\n    \"password\": \"user\"\r\n  }\r\n- Description: Creates a new user with the given userName, userEmail, and password.\r\n\r\n### 2. User Login\r\n- **POST**: `/api/v1/login`\r\n- **Body**:\r\n  ```json\r\n  {\r\n    \"userEmail\": \"user@gmail.com\",\r\n    \"password\": \"user\"\r\n  }\r\n  ```\r\n- Description: Authenticates a user and returns JWT tokens.\r\n\r\n### 3. User Logout\r\n- **POST**: `/api/v1/logout`\r\n- Description: Logs out the user by clearing their session cookies.\r\n\r\n## 4. Update User Token\r\n- **POST:** `/api/v1/userupdatetoken`  \r\n- **Body:**\r\n  ```json\r\n  {\r\n    \"password\": \"user\"\r\n  }\r\n  ```\r\n- Description: Updates the user token and returns a new access token.\r\n\r\n### 5. Update User Information\r\n- **POST**: `/api/v1/updateuser`\r\n- **Body:**\r\n  ```json\r\n  {\r\n    \"userName\": \"newUserName\",\r\n    \"userEmail\": \"newUserEmail\",\r\n    \"password\": \"newPassword\"\r\n  }\r\n  ```\r\n- Description: Updates the user's information.\r\n\r\n### 6. Get User Information\r\n- **POST**: `/api/v1/getuser`\r\n- Description: Retrieves the current user's details.\r\n\r\n### 7. Check User Access\r\n- **POST**: `/api/v1/userhasaccess`\r\n- Description: Checks if the user is currently authenticated.\r\n\r\n### 8. Refresh Token\r\n- **POST**: `/api/v1/refreshtoken`\r\n- Description: Refreshes the access token if the user is still authenticated.\r\n\r\n### 9. Request Reset Token\r\n/ **POST**: `/api/v1/requestrtoken`\r\n- **Body:**\r\n  ```json\r\n  {\r\n    \"userEmail\": \"user@gmail.com\"\r\n  }\r\n  ```\r\n- Description: Sends a password reset link to the provided email.\r\n\r\n### 10. Reset Password\r\n- **POST**: `/api/v1/resetpassword/:token`\r\n- **Body:**\r\n  ```json\r\n  {\r\n    \"password\": \"newPassword\"\r\n  }\r\n  ```\r\n- Description: Resets the user's password using the provided reset token.\r\n\r\n## Testing the API\r\n\r\nYou can use tools like **Postman** or **cURL** to test the API endpoints locally.\r\n\r\n## Contributing\r\n\r\n1. Fork the repository.\r\n2. Create a new branch (`git checkout -b feature-branch`).\r\n3. Commit your changes (`git commit -am 'Add new feature'`).\r\n4. Push to the branch (`git push origin feature-branch`).\r\n5. Create a Pull Request.\r\n\r\n## Future Enhancements\r\n\r\n- **Google OAuth Integration**\r\n- **Fingerprint \u0026 Passkey Login**\r\n- **Enhanced Rate Limiting and Security**\r\n\r\nFeel free to contribute or raise issues if you encounter any bugs!\r\n\r\n## License\r\n\r\nAdvance user auth is licensed under the [MIT License](LICENSE).\r\n### MIT License\r\n```\r\nCopyright (c) 2023 Praetorian Security, Inc\r\n\r\nPermission is hereby granted, free of charge, to any person obtaining a copy of \r\nthis software and associated documentation files (the \"Software\"), to deal in \r\nthe Software without restriction, including without limitation the rights to use, \r\ncopy, modify, merge, publish, distribute, sublicense, and/or sell copies of the \r\nSoftware, and to permit persons to whom the Software is furnished to do so, subject \r\nto the following conditions:\r\n\r\nThe above copyright notice and this permission notice shall be \r\nincluded in all copies or substantial portions of the Software.\r\n\r\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, \r\nINCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR \r\nPURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE \r\nFOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR \r\nOTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER \r\nDEALINGS IN THE SOFTWARE.\r\n```\r\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fctmax-ui%2Fadvance-user-auth","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fctmax-ui%2Fadvance-user-auth","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fctmax-ui%2Fadvance-user-auth/lists"}