{"id":28911400,"url":"https://github.com/hackur45/secure-backend","last_synced_at":"2026-05-07T13:47:36.146Z","repository":{"id":294928485,"uuid":"988493904","full_name":"Hackur45/secure-backend","owner":"Hackur45","description":"๐Ÿ” A secure Node.js + Express backend with JWT authentication, email verification, password reset, and protected routes. Built with MongoDB, tested with Postman, and ready for frontend integration.","archived":false,"fork":false,"pushed_at":"2025-06-19T08:07:46.000Z","size":645,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-06-19T08:42:38.754Z","etag":null,"topics":["backend","express-middleware","express-session","jwt-authentication","mongo","nodejs","nodemailer"],"latest_commit_sha":null,"homepage":"https://secure-backend-nnfh.onrender.com","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Hackur45.png","metadata":{"files":{"readme":"readme.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-05-22T16:18:10.000Z","updated_at":"2025-06-19T08:11:43.000Z","dependencies_parsed_at":"2025-06-19T08:42:44.934Z","dependency_job_id":"1be8dfe1-5382-46f7-b8b9-10e0b7986b47","html_url":"https://github.com/Hackur45/secure-backend","commit_stats":null,"previous_names":["hackur45/honors-vi-sem","hackur45/secure-backend"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/Hackur45/secure-backend","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Hackur45%2Fsecure-backend","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Hackur45%2Fsecure-backend/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Hackur45%2Fsecure-backend/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Hackur45%2Fsecure-backend/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Hackur45","download_url":"https://codeload.github.com/Hackur45/secure-backend/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Hackur45%2Fsecure-backend/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":261178660,"owners_count":23120841,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["backend","express-middleware","express-session","jwt-authentication","mongo","nodejs","nodemailer"],"created_at":"2025-06-21T19:05:15.849Z","updated_at":"2026-05-07T13:47:36.140Z","avatar_url":"https://github.com/Hackur45.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# ๐Ÿ” Secure Auth Backend\n\nA secure, scalable, and testable backend application built with **Express.js** and **MongoDB Atlas**. Includes authentication with email-based verification, password reset, rate limiting, and unit testing.\n\n---\n\n## ๐Ÿš€ Features\n\n- โœ… User Registration with Email Verification (Nodemailer)\n- ๐Ÿ” Secure Login with JWT\n- โ™ป๏ธ Email-based Password Reset Flow\n- โš™๏ธ Rate Limiting with `express-rate-limit`\n- ๐Ÿงช Unit Testing with Jest + Supertest\n- โ›” Prevents Simultaneous Logins\n- ๐Ÿ›ก๏ธ Environment Variables via `.env`\n- ๐ŸŒ MongoDB Atlas Integration\n\n---\n\n## ๐Ÿ“ฆ Tech Stack\n\n- Node.js\n- Express.js\n- MongoDB (Atlas)\n- Mongoose\n- Nodemailer (Gmail App Password)\n- dotenv\n- express-rate-limit\n- Jest + Supertest\n\n---\n\n## ๐Ÿ— Backend Architecture\n\n![Backend Architecture](diagram.png)\n\nThe backend architecture includes:\n- Express.js server handling API requests.\n- MongoDB Atlas for data persistence.\n- JWT-based authentication for secure access.\n- Email services for verification and password reset.\n- Middleware for authentication and rate limiting.\n\n---\n\n## ๐Ÿ›  Setup Instructions\n\n### 1. Clone the Repo\n```bash\ngit clone https://github.com/Hackur45/secure-backend.git\ncd secure-backend\n```\n\n### 2. Install Dependencies\n\n```bash\nnpm install\n```\n\n### 3. Create `.env` File\n\n```env\nPORT=5500\nMONGO_URI=your_mongo_connection_string\nJWT_SECRET=your_jwt_secret\nEMAIL_USER=your_email@gmail.com\nEMAIL_PASS=your_app_password\n```\n\n### 4. Start Server\n\n```bash\nnpm start\n```\n\nServer runs on `http://localhost:5500`\n\n---\n\n## ๐Ÿ“ฎ API Endpoints and Utilities\n\n### ๐Ÿ”น POST /api/register\nRegisters a new user by accepting an email address. Sends a verification email with a token to confirm the user's email address. \n*See Postman Screenshot:*![alt text](\u003cPOSTMAN SCREENSHOTS/verification-link-sent-postman.png\u003e)\n\n### ๐Ÿ”น POST /api/verify-registration\nVerifies the user's email using the token sent via email and sets the user's password. Marks the account as verified. \n*See Postman Screenshot:*![alt text](\u003cPOSTMAN SCREENSHOTS/verification-link-token-from-mail.png\u003e)\n![alt text](\u003cPOSTMAN SCREENSHOTS/verification-link-recived-on-gmail.png\u003e)\n\n\n### ๐Ÿ”น POST /api/login\nAuthenticates a user with email and password. Returns a JWT token upon successful login for session management. \n*See Postman Screenshot:*![alt text](\u003cPOSTMAN SCREENSHOTS/login-and-got-bearertoken.png\u003e)\n\n### ๐Ÿ”น POST /api/request-password-reset\nInitiates a password reset by generating a reset token and sending a reset email to the user. \n*See Postman Screenshot:*![alt text](\u003cPOSTMAN SCREENSHOTS/password-reset-email-sent.png\u003e)\n\n### ๐Ÿ”น POST /api/reset-password\nResets the user's password using the valid reset token and new password provided. \n*See Postman Screenshot:*![alt text](\u003cPOSTMAN SCREENSHOTS/password-succesfully-reset.png\u003e)\n\n### ๐Ÿ”’ GET /api/dashboard\nA protected route that requires a valid Bearer token (JWT). Returns a welcome message and the authenticated user's ID. \n*See Postman Screenshot:*![alt text](\u003cPOSTMAN SCREENSHOTS/accesing-protected-routes-using-bearer-token.png\u003e)\n\n---\n\n\n## ๐Ÿงช Running Tests\n\n```bash\nnpm test\n```\n\nRuns unit tests using Jest + Supertest.\n\n---\n\n## โš ๏ธ Notes\n\n* Use Gmail App Passwords (not your main password) for Nodemailer.\n* Reset token and verification token are time-limited and secure.\n* Rate limiting protects against abuse on login and registration routes.\n\n\nPlease refer the `Postman teting Routes.txt` file for more clarification about the routes.\n\n## ๐Ÿ™Œ Contribute\n\nAs always, I'm a bit lazy when it comes to the frontend โ€” so if you're up for it, **feel free to contribute**! I'd love to see a minimal UI built for these authentication routes.\n\nThis repository is **MIT licensed** and open to all. \nPull requests are welcome!\n\nHappy Coding! ๐Ÿ˜€\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhackur45%2Fsecure-backend","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhackur45%2Fsecure-backend","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhackur45%2Fsecure-backend/lists"}