{"id":27607847,"url":"https://github.com/durjoydutta/jwt-auth-api","last_synced_at":"2026-04-16T04:01:12.695Z","repository":{"id":288049085,"uuid":"965689503","full_name":"durjoydutta/jwt-auth-api","owner":"durjoydutta","description":"A secure and easy-to-integrate API providing JSON Web Token (JWT) based authentication for your frontend applications.","archived":false,"fork":false,"pushed_at":"2025-04-20T12:52:16.000Z","size":108,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-22T22:11:29.594Z","etag":null,"topics":["bcryptjs","expressjs","jwt","mongodb","nodejs","nodemailer"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/durjoydutta.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-04-13T17:49:46.000Z","updated_at":"2025-04-20T12:52:19.000Z","dependencies_parsed_at":"2025-04-20T12:09:53.502Z","dependency_job_id":null,"html_url":"https://github.com/durjoydutta/jwt-auth-api","commit_stats":null,"previous_names":["durjoydutta/jwt-auth","durjoydutta/jwt-auth-api"],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/durjoydutta/jwt-auth-api","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/durjoydutta%2Fjwt-auth-api","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/durjoydutta%2Fjwt-auth-api/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/durjoydutta%2Fjwt-auth-api/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/durjoydutta%2Fjwt-auth-api/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/durjoydutta","download_url":"https://codeload.github.com/durjoydutta/jwt-auth-api/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/durjoydutta%2Fjwt-auth-api/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31870516,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-15T15:24:51.572Z","status":"online","status_checked_at":"2026-04-16T02:00:06.042Z","response_time":69,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bcryptjs","expressjs","jwt","mongodb","nodejs","nodemailer"],"created_at":"2025-04-22T22:11:12.826Z","updated_at":"2026-04-16T04:01:12.687Z","avatar_url":"https://github.com/durjoydutta.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# JWT-Auth API\n\nA secure and easy-to-integrate API providing JSON Web Token (JWT) based authentication for your frontend applications. This API simplifies integration while ensuring robust security practices.\n\n## Features\n\n- **JWT Authentication:** Generate, verify, and refresh tokens for secure user sessions.\n- **Easy Integration:** Designed to work seamlessly with any frontend framework.\n- **Role-Based Access Control (RBAC):** Limit access to endpoints based on user roles.\n- **Token Blacklisting:** Manage token revocation for added security.\n- **Extensible Endpoints:** Customize and extend the API functionality as needed.\n- **Comprehensive Logging:** Monitor API usage and security events.\n- **Scalable Architecture:** Built to handle high traffic and concurrent users.\n\n## Prerequisites\n\n- Node.js (version 23.6.0 or higher)\n- Express.js\n- A database (e.g., MongoDB) for storing user data and token blacklists\n\n## Installation\n\n1. **Clone the repository:**\n\n   ```bash\n   git clone https://github.com/yourusername/jwt-auth.git\n   cd jwt-auth\n   ```\n\n2. **Install dependencies:**\n\n   ```bash\n   npm install\n   ```\n\n3. **Configure Environment Variables:**\n\n   Create a `.env` file in the root directory with the following variables:\n\n   ```env\n   PORT=3000\n   JWT_SECRET=your_jwt_secret\n   API_BASE_URL=/api/v1\n   MONGO_URI=your_database_connection_string\n   ```\n\n4. **Start the Server:**\n\n   ```bash\n   npm start\n   ```\n\n## Usage\n\n### 1. User Registration\n\nEndpoint to register a new user.\n\n- **URL:** `/api/v1/sign-up`\n- **Method:** `POST`\n- **Body:**\n\n  ```json\n  {\n    \"username\": \"exampleUser\",\n    \"password\": \"examplePass\"\n  }\n  ```\n\n- **Response:**\n\n  ```json\n  {\n    \"message\": \"User registered successfully\",\n    \"user\": {\n      \"id\": \"user_id\",\n      \"username\": \"exampleUser\"\n    }\n  }\n  ```\n\n### 2. User Login\n\nEndpoint to authenticate a user and generate a JWT.\n\n- **URL:** `/api/v1/sign-in`\n- **Method:** `POST`\n- **Body:**\n\n  ```json\n  {\n    \"username\": \"exampleUser\",\n    \"password\": \"examplePass\"\n  }\n  ```\n\n- **Response:**\n\n  ```json\n  {\n    \"message\": \"Login successful\",\n    \"token\": \"jwt_token_here\"\n  }\n  ```\n\n### 3. Token Verification\n\nSecure endpoints using middleware to verify JWT tokens.\n\n- **Usage in Express Middleware:**\n\n  ```javascript\n  const jwt = require(\"jsonwebtoken\");\n\n  function verifyToken(req, res, next) {\n    const token = req.header(\"Authorization\")?.split(\" \")[1];\n    if (!token) return res.status(401).json({ message: \"Access Denied\" });\n\n    try {\n      const verified = jwt.verify(token, process.env.JWT_SECRET);\n      req.user = verified;\n      next();\n    } catch (err) {\n      res.status(400).json({ message: \"Invalid Token\" });\n    }\n  }\n\n  // Use the middleware for secured routes\n  app.get(\"/api/protected\", verifyToken, (req, res) =\u003e {\n    res.json({ message: \"This is a secured endpoint\" });\n  });\n  ```\n\n### 4. Token Refresh and Logout\n\n- **Refresh Endpoint:** Issue a new token before expiration.\n- **Logout Endpoint:** Revoke tokens by adding the token to a blacklist.\n\n## Integrating with Frontend\n\n- **Setup:** Include the JWT token received upon login with every request to protected endpoints.\n- **Example:**\n\n  ```javascript\n  // Example using fetch API\n  fetch(\"/api/protected\", {\n    headers: {\n      Authorization: `Bearer ${yourJWTToken}`,\n    },\n  })\n    .then((response) =\u003e response.json())\n    .then((data) =\u003e console.log(data))\n    .catch((error) =\u003e console.error(\"Error:\", error));\n  ```\n\n- **Tips:**\n  - Store the token securely (e.g., in httpOnly cookies or secure storage).\n  - Handle token renewal transparently in your frontend for uninterrupted user experience.\n\n### Role-Based Access Control (RBAC)\n\nDefine roles in your user model and protect routes by checking user roles.\n\n```javascript\nfunction permit(...allowedRoles) {\n  return (req, res, next) =\u003e {\n    const { role } = req.user;\n    if (allowedRoles.includes(role)) {\n      next();\n    } else {\n      res.status(403).json({ message: \"Forbidden\" });\n    }\n  };\n}\n\n// Usage Example:\napp.get(\"/api/admin\", verifyToken, permit(\"admin\"), (req, res) =\u003e {\n  res.json({ message: \"Welcome, admin\" });\n});\n```\n\n### Token Blacklisting\n\nImplement a token blacklist store (in-memory, Redis, or your database) to invalidate tokens upon logout or security events.\n\n## Contribution Guidelines\n\n1. Fork the repository.\n2. Create a feature branch.\n3. Commit your changes.\n4. Submit a pull request with a clear description of your changes.\n\n## License\n\nThis project is licensed under the MIT License.\n\n## Contact\n\nFor issues and feature requests, please open an issue on the [jwt-auth Repo](https://github.com/durjoydutta/jwt-auth).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdurjoydutta%2Fjwt-auth-api","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdurjoydutta%2Fjwt-auth-api","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdurjoydutta%2Fjwt-auth-api/lists"}