{"id":31554592,"url":"https://github.com/ksingh1817/session-auth-express-mongo","last_synced_at":"2026-04-10T15:03:38.637Z","repository":{"id":315403204,"uuid":"1058936788","full_name":"yourskiss/session-auth-express-mongo","owner":"yourskiss","description":"Cred \u0026 Session-based authentication using Express \u0026 mongoDB","archived":false,"fork":false,"pushed_at":"2025-09-29T07:16:51.000Z","size":2327,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-09-29T09:16:51.272Z","etag":null,"topics":["authentication","authorization","compression","cors","ejs","express-rate-limit","express-validator","expressjs","hashedpassword","helmetjs","login-system","mongodb","mongodb-atlas","mongoose","mvc-architecture","nodemailer","otp-verification","swagger","swagger-api","swagger-ui"],"latest_commit_sha":null,"homepage":"https://session-auth-express-mongo.onrender.com/","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/yourskiss.png","metadata":{"files":{"readme":"readme.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-09-17T18:51:26.000Z","updated_at":"2025-09-29T07:19:27.000Z","dependencies_parsed_at":"2025-09-18T12:41:15.468Z","dependency_job_id":"856f7cf0-da71-473c-af38-f62aca48def4","html_url":"https://github.com/yourskiss/session-auth-express-mongo","commit_stats":null,"previous_names":["yourskiss/auth-with-express-and-mongodb","yourskiss/session-auth-express-mongo"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/yourskiss/session-auth-express-mongo","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yourskiss%2Fsession-auth-express-mongo","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yourskiss%2Fsession-auth-express-mongo/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yourskiss%2Fsession-auth-express-mongo/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yourskiss%2Fsession-auth-express-mongo/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/yourskiss","download_url":"https://codeload.github.com/yourskiss/session-auth-express-mongo/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yourskiss%2Fsession-auth-express-mongo/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":278373518,"owners_count":25976150,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-04T02:00:05.491Z","response_time":63,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","authorization","compression","cors","ejs","express-rate-limit","express-validator","expressjs","hashedpassword","helmetjs","login-system","mongodb","mongodb-atlas","mongoose","mvc-architecture","nodemailer","otp-verification","swagger","swagger-api","swagger-ui"],"created_at":"2025-10-04T21:10:43.203Z","updated_at":"2025-12-30T21:19:21.614Z","avatar_url":"https://github.com/yourskiss.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003ch3\u003e๐Ÿงพ Project Overview\u003c/h3\u003e\n\u003cp\u003eThis web application is a secure and scalable user management system built with Express.js, MongoDB Atlas, and Mongoose, following the MVC (Model-View-Controller) architecture. It features robust authentication, role-based access control, session management, and user-friendly CRUD operations.\n\u003cbr /\u003e\nThe app is designed with a focus on security, maintainability, and user experience. It includes critical functionality like email-based OTP verification, password reset, image upload and processing, and soft deletion (activate/deactivate users).\u003c/p\u003e\n \n\u003ch3\u003e๐Ÿ” Authentication\u003c/h3\u003e\n\u003cul\u003e \n\u003cli\u003e\u003cstrong\u003eSession-Based Authentication:\u003c/strong\u003e Managed with \u003ccode\u003eexpress-session\u003c/code\u003e and \u003ccode\u003econnect-mongo\u003c/code\u003e for persistent sessions stored in MongoDB\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eEmail \u0026 Password Login:\u003c/strong\u003e Secure credential handling with \u003ccode\u003eBcrypt\u003c/code\u003e password hashing\u003c/li\u003e \n\u003cli\u003e\u003cstrong\u003eEmail OTP Verification:\u003c/strong\u003e Enforced for both user registration and password reset workflows\u003c/li\u003e \n\u003cli\u003e\u003cstrong\u003eSecure Routing:\u003c/strong\u003e Custom middleware protects sensitive routes and resources\u003c/li\u003e \n\u003cli\u003e\u003cstrong\u003eRole-Based Access Control (RBAC):\u003c/strong\u003e Fine-grained access for \u003ccode\u003euser\u003c/code\u003e, \u003ccode\u003eadmin\u003c/code\u003e, and \u003ccode\u003esuperadmin\u003c/code\u003e roles\u003c/li\u003e \n\u003c/ul\u003e\n\n\u003ch3\u003e๐Ÿ‘ค User Management\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eUser Registration:\u003c/strong\u003e Sign up with email-based OTP verification to ensure valid user identities\u003c/li\u003e \n\u003cli\u003e\u003cstrong\u003eSecure Login:\u003c/strong\u003e Session-based authentication with encrypted credentials\u003c/li\u003e \n\u003cli\u003e\u003cstrong\u003eForgot Password:\u003c/strong\u003e Password reset workflow using OTP sent via email\u003c/li\u003e \n\u003cli\u003e\u003cstrong\u003eOTP Verification:\u003c/strong\u003e Required before completing registration or resetting passwords\u003c/li\u003e \n\u003cli\u003e\u003cstrong\u003eControls:\u003c/strong\u003e Admins/Superadmin can create new users and manage existing accounts\u003c/li\u003e \n\u003cli\u003e\u003cstrong\u003eProfile Management:\u003c/strong\u003e Users can update their personal and account details\u003c/li\u003e \n\u003cli\u003e\u003cstrong\u003eSoft Deletion:\u003c/strong\u003e Toggle user activation status without permanently deleting data\u003c/li\u003e \n\u003cli\u003e\u003cstrong\u003eUser Directory:\u003c/strong\u003e View all users with pagination, sorting, and filtering options\u003c/li\u003e \n\u003cli\u003e\u003cstrong\u003eProfile Picture Upload:\u003c/strong\u003e Upload and auto-resize profile images using Multer and Sharp\u003c/li\u003e \n\u003c/ul\u003e\n\n\u003ch3\u003e๐Ÿ“„ API \u0026 Documentation - \u003ca href=\"https://session-auth-express-mongo.onrender.com/api-docs/\" target=\"blank\"\u003eSwagger\u003c/a\u003e\u003c/h3\u003e\n\u003cul\u003e \n\u003cli\u003e\u003cstrong\u003eInteractive Documentation:\u003c/strong\u003e Explore and test API endpoints directly from the browser\u003c/li\u003e \n\u003cli\u003e\u003cstrong\u003eAuto-Generated Specs:\u003c/strong\u003e OpenAPI-based docs generated from route definitions\u003c/li\u003e \n\u003cli\u003e\u003cstrong\u003eAuthentication Support:\u003c/strong\u003e Easily test secured endpoints using auth headers (e.g., sessions or tokens)\u003c/li\u003e \n\u003cli\u003e\u003cstrong\u003eSchema Validation:\u003c/strong\u003e Ensures request and response formats match the defined API contract\u003c/li\u003e \n\u003c/ul\u003e\n\n\u003ch3\u003e๐Ÿ”Ž Logging \u0026 Monitoring โ€“ \u003ca href=\"https://session-auth-express-mongo.onrender.com/logs/\" target=\"blank\"\u003eWinston\u003c/astrong\u003e\u003c/h3\u003e\n\u003cul\u003e \n\u003cli\u003e\u003cstrong\u003eStructured Logging:\u003c/strong\u003e Logs are categorized by severity levels (info, warn, error) for better traceability\u003c/li\u003e \n\u003cli\u003e\u003cstrong\u003eLog Filtering:\u003c/strong\u003e Easily view logs based on severity and date to aid in debugging and analysis\u003c/li\u003e \n\u003cli\u003e\u003cstrong\u003eAudit-Ready Exports:\u003c/strong\u003e Download logs in \u003ccode\u003e.csv\u003c/code\u003e format for compliance, reporting, or audit purposes\u003c/li\u003e \n\u003c/ul\u003e\n \n\u003ch3\u003e๐Ÿ“˜ Architecture: MVC Pattern\u003c/h3\u003e\n\u003cp\u003eThe application follows the \u003cstrong\u003eModel-View-Controller (MVC)\u003c/strong\u003e architectural pattern to promote separation of concerns, improve maintainability, and support scalable development.\u003c/p\u003e \n\u003cul\u003e \n\u003cli\u003e\u003cstrong\u003eModel:\u003c/strong\u003e Defines data structures and business rules using Mongoose schemas (e.g., \u003ccode\u003eUser\u003c/code\u003e, \u003ccode\u003eOTP\u003c/code\u003e)\u003c/li\u003e \n\u003cli\u003e\u003cstrong\u003eView:\u003c/strong\u003e Server-rendered UI using EJS templates for displaying data and forms to the user\u003c/li\u003e \n\u003cli\u003e\u003cstrong\u003eController:\u003c/strong\u003e Handles application logic, processes incoming requests, manages authentication, and coordinates between Models and Views\u003c/li\u003e \n\u003c/ul\u003e\n\n\n\u003ch3\u003e๐Ÿง  Performance Optimization โ€“ Redis Cloud Integration\u003c/h3\u003e\n\u003cp\u003e To enhance application performance and reduce database load, \u003cstrong\u003eRedis Cloud\u003c/strong\u003e has been integrated using the \u003ccode\u003eioredis\u003c/code\u003e client. This enables fast, in-memory caching for frequently accessed routes data. \u003c/p\u003e \n\u003cul\u003e \n\u003cli\u003e\u003cstrong\u003eDynamic Caching:\u003c/strong\u003e Responses are cached using unique keys based on query parameters (e.g., pagination, sorting, filtering) to ensure accurate results for different requests.\u003c/li\u003e \n\u003cli\u003e\u003cstrong\u003eAutomatic TTL:\u003c/strong\u003e Cached data automatically expires based on the \u003ccode\u003eCACHE_TTL\u003c/code\u003e environment variable, keeping the cache fresh and relevant.\u003c/li\u003e \n\u003cli\u003e\u003cstrong\u003eManual Invalidation:\u003c/strong\u003e Cache entries are cleared when user data is updated/deleted/activated/deactivated to maintain consistency.\u003c/li\u003e \n\u003cli\u003e\u003cstrong\u003eSetup:\u003c/strong\u003e Define \u003ccode\u003eREDIS_HOST\u003c/code\u003e, \u003ccode\u003eREDIS_PORT\u003c/code\u003e, and \u003ccode\u003eREDIS_PASSWORD\u003c/code\u003e in your environment config.\u003c/li\u003e \n\u003c/ul\u003e \n\u003cp\u003eโš ๏ธ Using Redis Cloud Free Tier (trial account) โ€“ may have connection/resource limits.\u003c/p\u003e\n \n\u003ch3\u003eโœ… Testing (Coming Soon)\u003c/h3\u003e\n\u003cp\u003e\nTesting is in progress and will use Node's built-in \u003ccode\u003enode:test\u003c/code\u003e module for unit and integration testing without external libraries.\n\u003c/p\u003e\n\u003c!--\n\u003ch3\u003eโœ… Testing โ€“ Built-in node:test Module\u003c/h3\u003e\n\u003cp\u003e This project uses the built-in \u003ccode\u003enode:test\u003c/code\u003e module (available from Node.js v18+) to implement and run unit and integration tests without requiring external libraries like Mocha or Jest. This approach simplifies setup and reduces dependencies while maintaining test reliability. \u003c/p\u003e\n\u003cul\u003e \n\u003cli\u003e\u003cstrong\u003eMinimal Setup:\u003c/strong\u003e No third-party testing frameworks needed.\u003c/li\u003e \n\u003cli\u003e\u003cstrong\u003eStructured Testing:\u003c/strong\u003e Supports test suites, subtests, assertions, and timeouts.\u003c/li\u003e \n\u003cli\u003e\u003cstrong\u003eBuilt-in Assertions:\u003c/strong\u003e Uses \u003ccode\u003eassert\u003c/code\u003e module for validation.\u003c/li\u003e \n\u003cli\u003e\u003cstrong\u003eWatch Mode (Optional):\u003c/strong\u003e Run tests automatically on file changes with \u003ccode\u003e--watch\u003c/code\u003e.\u003c/li\u003e \n\u003c/ul\u003e\n--\u003e\n \n\u003ch2\u003e๐Ÿงฐ Tech Stack\u003c/h2\u003e\n\n\u003ch3\u003eโš™๏ธ Deployment Tools\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eGitHub\u003c/strong\u003e โ€“ Source code management, version control, and collaboration\u003c/li\u003e \n\u003cli\u003e\u003cstrong\u003eRender.com\u003c/strong\u003e โ€“ Cloud hosting platform for deploying and scaling Express.js applications\u003c/li\u003e \n\u003cli\u003e\u003cstrong\u003eMongoDB Atlas\u003c/strong\u003e โ€“ Fully managed, cloud-based NoSQL database with built-in scalability and high availability\u003c/li\u003e \n\u003cli\u003e\u003cstrong\u003eRedis Cloud\u003c/strong\u003e โ€“ In-memory caching (via \u003ccode\u003eioredis\u003c/code\u003e) to optimize performance for frequently accessed routes\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e๐Ÿ“ฆ Backend Technologies\u003c/h3\u003e\n\u003cul\u003e \n\u003cli\u003e\u003cstrong\u003eExpress.js\u003c/strong\u003e โ€“ Minimal and flexible Node.js web application framework for building APIs and server-side logic\u003c/li\u003e \n\u003cli\u003e\u003cstrong\u003eMongoDB Atlas\u003c/strong\u003e โ€“ Cloud-hosted, highly scalable NoSQL database with built-in monitoring and security features\u003c/li\u003e \n\u003cli\u003e\u003cstrong\u003eMongoose\u003c/strong\u003e โ€“ Elegant MongoDB object modeling (ODM) library for defining schemas and managing data relationships\u003c/li\u003e \n\u003cli\u003e\u003cstrong\u003eEJS\u003c/strong\u003e โ€“ Lightweight templating engine for rendering dynamic server-side HTML views\u003c/li\u003e \n\u003cli\u003e\u003cstrong\u003ecaching\u003c/strong\u003e โ€“ Robust \u003ccode\u003eioredis\u003c/code\u003e client for implementing in-memory caching and improving response performance\u003c/li\u003e \n\u003c/ul\u003e\n\n\u003ch3\u003e๐Ÿ” Security \u003c/h3\u003e\n\u003cul\u003e \n\u003cli\u003e\u003cstrong\u003eBcrypt\u003c/strong\u003e โ€“ Secure password hashing with salting to protect user credentials\u003c/li\u003e \n\u003cli\u003e\u003cstrong\u003eexpress-session\u003c/strong\u003e โ€“ Manages user sessions on the server side\u003c/li\u003e \n\u003cli\u003e\u003cstrong\u003econnect-mongo\u003c/strong\u003e โ€“ Persists session data in MongoDB for scalability and reliability\u003c/li\u003e \n\u003cli\u003e\u003cstrong\u003eexpress-rate-limit\u003c/strong\u003e โ€“ Limits repeated requests to APIs, mitigating brute-force and denial-of-service attacks\u003c/li\u003e \n\u003cli\u003e\u003cstrong\u003eHelmet\u003c/strong\u003e โ€“ Sets various HTTP headers to safeguard against common web vulnerabilities (XSS, clickjacking, etc.)\u003c/li\u003e \n\u003cli\u003e\u003cstrong\u003eCORS\u003c/strong\u003e โ€“ Enables secure, cross-origin resource sharing with fine-grained control\u003c/li\u003e \n\u003c/ul\u003e\n\n\u003ch3\u003e๐Ÿ“‘ Validation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eZod\u003c/strong\u003e โ€“ Type-safe schema validation for incoming data\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edeep-email-validator\u003c/strong\u003e โ€“ Deep email validation for real addresses\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e๐Ÿ“ง Email \u0026 OTP\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eNodemailer\u003c/strong\u003e โ€“ SMTP-based email sending (e.g., for OTPs)\n\u003cli\u003e\u003cstrong\u003eTwilio\u003c/strong\u003e โ€“ SMS Notification on success registation/password changed/forget password. (trial account - self only)\u003c/h3\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e๐Ÿ“ File Upload \u0026 Image Processing\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eMulter\u003c/strong\u003e โ€“ Handles file uploads (e.g., profile pictures)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSharp\u003c/strong\u003e โ€“ Image resizing, compression, format conversion\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e๐Ÿ“ฆ Performance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ecompression\u003c/strong\u003e โ€“ Enables Gzip/Brotli compression for faster load times\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch3\u003e๐Ÿ›ก๏ธ Future-Proofing\u003c/h3\u003e\n\u003cp\u003eThis application is built with extensibility in mind, allowing for easy integration of additional features and technologies as the project evolves.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eCloud Storage for Images:\u003c/strong\u003e Integration with services like Cloudinary, Firebase Storage, or AWS S3 for scalable image hosting\u003c/li\u003e \n\u003cli\u003e\u003cstrong\u003eJWT Authentication:\u003c/strong\u003e Support for stateless API authentication using JSON Web Tokens\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRefresh Tokens:\u003c/strong\u003e Secure token renewal mechanism for long-lived sessions\u003c/li\u003e \n\u003cli\u003e\u003cstrong\u003eMulti-Factor Authentication (MFA):\u003c/strong\u003e Additional layer of login security via email, SMS, or authenticator apps\u003c/li\u003e \n\u003cli\u003e\u003cstrong\u003eCustom Email Templates:\u003c/strong\u003e Use of MJML or SendGrid for responsive and branded transactional emails\u003c/li\u003e \n\u003cli\u003e\u003cstrong\u003eAutomated Testing:\u003c/strong\u003e Integration with testing frameworks like \u003ccode\u003eJest\u003c/code\u003e or \u003ccode\u003eMocha/Chai\u003c/code\u003e for unit and integration testing\u003c/li\u003e\n\u003c/ul\u003e","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fksingh1817%2Fsession-auth-express-mongo","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fksingh1817%2Fsession-auth-express-mongo","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fksingh1817%2Fsession-auth-express-mongo/lists"}