{"id":18504206,"url":"https://github.com/mollybeach/secure-user-api","last_synced_at":"2026-05-18T14:03:49.518Z","repository":{"id":260149598,"uuid":"880463993","full_name":"mollybeach/secure-user-api","owner":"mollybeach","description":"REST API for managing users securely with OAuth2 and JWT authentication.","archived":false,"fork":false,"pushed_at":"2024-10-31T18:35:45.000Z","size":492,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-02-17T01:44:13.210Z","etag":null,"topics":["javascript","jwt","oauth2","postgresql","sequelize-orm"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mollybeach.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-10-29T19:15:22.000Z","updated_at":"2024-10-31T18:35:49.000Z","dependencies_parsed_at":"2024-10-29T21:56:50.482Z","dependency_job_id":"e7184de3-c298-460b-9245-a00f28ecd1c5","html_url":"https://github.com/mollybeach/secure-user-api","commit_stats":null,"previous_names":["mollybeach/secure-user-api"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mollybeach%2Fsecure-user-api","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mollybeach%2Fsecure-user-api/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mollybeach%2Fsecure-user-api/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mollybeach%2Fsecure-user-api/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mollybeach","download_url":"https://codeload.github.com/mollybeach/secure-user-api/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254101559,"owners_count":22014908,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["javascript","jwt","oauth2","postgresql","sequelize-orm"],"created_at":"2024-11-06T14:03:29.440Z","updated_at":"2025-11-10T00:03:45.170Z","avatar_url":"https://github.com/mollybeach.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Secure User API\n\nA simple REST API for managing users securely with OAuth2 and JWT authentication.\n\n## Features\n- OAuth2 authentication with GitHub or Google\n- JWT for session management\n- Secure user registration and login endpoints\n- PostgreSQL database with user data\n- Input validation and protection against SQL injection\n\n## Tech Stack\n- Node.js\n- Express.js\n- PostgreSQL\n- OAuth2, JWT\n- Sequelize ORM\n- React (Frontend)\n\n## PostgreSQL Setup\n\n### 1. Check PostgreSQL Status\nCheck if PostgreSQL is running:\n```bash\nbrew services list\n```\nIf PostgreSQL is not running, you'll see \"stopped\" in the status column.\n\n### 2. Start PostgreSQL\nStart the PostgreSQL server:\n```bash\nbrew services start postgresql\n```\n\n### 3. Verify PostgreSQL Status\nVerify that PostgreSQL is running:\n```bash\nbrew services list\n```\nYou should see PostgreSQL listed as \"started\".\n\n### 4. Connect to PostgreSQL\nConnect to your PostgreSQL database:\n```bash\npsql -h localhost -U your_user_name\n```\n\n## Project Setup\n1. Clone the repository\n2. Install backend dependencies:\n```bash\nnpm install\n```\n3. Setup PostgreSQL database and update `.env` file\n4. Run migrations:\n```bash\nnpx sequelize db:migrate\n```\n\n## Frontend Setup\n1. Navigate to client directory:\n```bash\ncd client\n```\n2. Install frontend dependencies:\n```bash\nnpm install\n```\n3. Start the frontend development server:\n```bash\nnpm start\n```\n\n## Running the Application\n1. Start the backend server:\n```bash\n# In the root directory\nnpm start\n```\n2. Start the frontend development server:\n```bash\n# In a new terminal, in the client directory\ncd client\nnpm start\n```\n3. Visit `http://localhost:3001` in your browser\n\n## API Endpoints\n- `POST /register` - Register a new user\n- `POST /login` - Login and get a JWT\n- `GET /profile` - Get user profile (JWT required)\n- `GET /users` - Get all users (JWT required)\n- `PUT /users/:id` - Update user profile (JWT required)\n- `DELETE /users/:id` - Delete user account (JWT required)\n\n## File Structure\n```\nsecure-user-api/\n├── .git/\n├── client/\n│ ├── node_modules/\n│ ├── public/\n│ │ ├── favicon.ico\n│ │ ├── index.html\n│ │ ├── logo192.png\n│ │ ├── logo512.png\n│ │ ├── manifest.json\n│ │ └── robots.txt\n│ ├── src/\n│ │ ├── components/\n│ │ │ ├── Login.js\n│ │ │ ├── Profile.js\n│ │ │ └── Register.js\n│ │ ├── styles/\n│ │ │ ├── App.css\n│ │ │ ├── Auth.css\n│ │ │ ├── Login.css\n│ │ │ ├── Profile.css\n│ │ │ └── Register.css\n│ │ ├── .DS_Store\n│ │ ├── App.js\n│ │ ├── App.test.js\n│ │ ├── index.css\n│ │ ├── index.js\n│ │ ├── logo.svg\n│ │ ├── reportWebVitals.js\n│ │ └── setupTests.js\n│ ├── .DS_Store\n│ ├── .env\n│ ├── .gitignore\n│ ├── env.example\n│ ├── package-lock.json\n│ ├── package.json\n│ ├── README.md\n│ └── webpack.config.js\n├── config/\n│ ├── config.js\n│ └── db.js\n├── middleware/\n│ ├── jwtAuth.js\n│ └── oauthAuth.js\n├── migrations/\n│ ├── 20241029210158-create-users-table.js\n│ ├── rename-timestamp-columns.js\n│ └── YYYYMMDDHHMMSS-add-timestamps-to-users.js\n├── models/\n│ ├── index.js\n│ └── User.js\n├── node_modules/\n├── routes/\n│ ├── authRoutes.js\n│ └── userRoutes.js\n├── seeders/\n├── .DS_Store\n├── .env\n├── .gitignore\n├── env.example\n├── index.js\n├── package-lock.json\n├── package.json\n└── README.md\n\n```\n\n## Environment Variables\nCreate a `.env` file in the root directory:\n```\nGITHUB_CLIENT_ID=your_github_client_id\nGITHUB_CLIENT_SECRET=your_github_client_secret\nJWT_SECRET=your_jwt_secret\nDATABASE_URL=postgresql://localhost:5432/your_database_name\n```\n\n## Security Features\n- JWT authentication\n- Password hashing with bcrypt\n- Input validation\n- SQL injection protection\n- CORS configuration\n- Protected routes\n- OAuth2 integration\n\n## Development\n- Run tests: `npm test`\n- Run linter: `npm run lint`\n- Build frontend: `cd client \u0026\u0026 npm run build`\n\n## Testing Protected Routes\n\n1. First, get a token by logging in:\n```bash\ncurl -X POST http://localhost:3000/login \\\n -H \"Content-Type: application/json\" \\\n -d '{\"email\": \"user@example.com\", \"password\": \"password\"}'\n```\n\n2. Use the token to access protected routes:\n```bash\ncurl -H \"Authorization: Bearer YOUR_TOKEN\" \\\n http://localhost:3000/users\n```\n\n3. Verify token validity:\n```bash\ncurl -H \"Authorization: Bearer YOUR_TOKEN\" \\\n http://localhost:3000/verify-token\n```\n\n### Common Issues:\n1. \"No token provided\": Add Authorization header\n2. \"Token is invalid\": Check token format and expiration\n3. \"Server error\": Check server logs for details\n\n### Using Postman:\n1. Send POST request to /login\n2. Copy token from response\n3. For protected routes:\n - Add header: Authorization: Bearer YOUR_TOKEN\n\n## Understanding OAuth \u0026 JWT\n\n### OAuth (Open Authorization)\nThink of it like a Valet Key for your car:\n```javascript\n// OAuth is like saying:\n\"Hey GitHub, this user wants to log into my app. \nCan you verify they are who they say they are?\"\n\n// Instead of:\n\"Hey user, create a new username/password just for my app\"\n```\n\n**Real-world example:**\n- When you click \"Login with Google\" instead of creating a new account\n- Like using your hotel key card to access the gym (the hotel verifies you're a guest)\n\n### JWT (JSON Web Token)\nThink of it like a Wristband at a concert:\n```javascript\n// JWT is like:\n\"Here's your wristband (token) that proves you paid for the concert.\nShow it whenever you want to:\n- Get into the VIP area\n- Buy drinks at the bar\n- Access the backstage area\"\n\n// Instead of:\n\"Show your ID and ticket receipt every single time\"\n```\n\n**Real-world example:**\n```javascript\n// 1. When you first log in, you get a token:\nconst token = \"eyJhbGc.eyJzdWIi.4pcPyMD\" // This is your wristband\n\n// 2. For future requests, you just show your token:\nfetch('/api/profile', {\n headers: {\n 'Authorization': `Bearer ${token}`\n }\n})\n```\n\n### How They Work Together\n```javascript\n// 1. User clicks \"Login with GitHub\"\n\"Hey GitHub, is this person legit?\"\n\n// 2. GitHub says \"Yes, here's their info\"\n{\n name: \"user_name\",\n email: \"user_email\",\n githubId: \"user_github_id\"\n}\n\n// 3. Your app gives them a JWT (wristband)\n\"Cool, here's your access token for our app\"\n\n// 4. User uses JWT for future requests\n\"Hi, I have this wristband, can I see my profile?\"\n```\n\n### Simple Benefits:\n\n**OAuth:**\n- No new passwords to remember\n- More secure (big companies handle security)\n- Can easily revoke access\n\n**JWT:**\n- Like a VIP wristband\n- Works everywhere in your app\n- Can't be faked\n- Contains user info\n\nThink of it this way:\n- OAuth is the bouncer checking your ID\n- JWT is the wristband you get after being checked\n\n ","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmollybeach%2Fsecure-user-api","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmollybeach%2Fsecure-user-api","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmollybeach%2Fsecure-user-api/lists"}