{"id":25761999,"url":"https://github.com/rishiganeshe/authorization-based-authentication-system","last_synced_at":"2026-04-06T21:34:48.956Z","repository":{"id":279369555,"uuid":"938403865","full_name":"RishiGaneshe/Authorization-Based-Authentication-System","owner":"RishiGaneshe","description":"A secure and scalable authentication system implementing role-based authorization, JWT authentication, and Redis-based token blacklisting. Designed for production-grade applications, this system ensures data consistency, security, and atomic operations with database transactions.","archived":false,"fork":false,"pushed_at":"2025-02-25T07:38:14.000Z","size":61,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-02-25T08:28:28.114Z","etag":null,"topics":["atomicity","authorization","expressjs","jwt-authentication","mongodb-atlas","nodejs","redis","sendgrid","transactions"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/RishiGaneshe.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-02-24T22:42:59.000Z","updated_at":"2025-02-25T07:38:17.000Z","dependencies_parsed_at":"2025-02-25T08:28:42.320Z","dependency_job_id":"2630899c-cab3-4264-a9c2-d87b343b816b","html_url":"https://github.com/RishiGaneshe/Authorization-Based-Authentication-System","commit_stats":null,"previous_names":["rishiganeshe/authorization-based-authentication-system"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RishiGaneshe%2FAuthorization-Based-Authentication-System","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RishiGaneshe%2FAuthorization-Based-Authentication-System/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RishiGaneshe%2FAuthorization-Based-Authentication-System/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RishiGaneshe%2FAuthorization-Based-Authentication-System/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/RishiGaneshe","download_url":"https://codeload.github.com/RishiGaneshe/Authorization-Based-Authentication-System/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":240920121,"owners_count":19878735,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["atomicity","authorization","expressjs","jwt-authentication","mongodb-atlas","nodejs","redis","sendgrid","transactions"],"created_at":"2025-02-26T19:27:24.148Z","updated_at":"2026-04-06T21:34:48.945Z","avatar_url":"https://github.com/RishiGaneshe.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# šŸš€ Authorization Based Authentication System \n![Node.js](https://img.shields.io/badge/Node.js-339933?style=for-the-badge\u0026logo=node-dot-js\u0026logoColor=white)\n![Express](https://img.shields.io/badge/Express-000000?style=for-the-badge\u0026logo=express\u0026logoColor=white)\n![MongoDB](https://img.shields.io/badge/MongoDB-47A248?style=for-the-badge\u0026logo=mongodb\u0026logoColor=white)\n![Redis](https://img.shields.io/badge/Redis-DC382D?style=for-the-badge\u0026logo=redis\u0026logoColor=white)\n![SendGrid](https://img.shields.io/badge/SendGrid-00A1E0?style=for-the-badge\u0026logo=sendgrid\u0026logoColor=white)\n![JavaScript](https://img.shields.io/badge/JavaScript-F7DF1E?style=for-the-badge\u0026logo=javascript\u0026logoColor=black)\n![Postman](https://img.shields.io/badge/Postman-FF6C37?style=for-the-badge\u0026logo=postman\u0026logoColor=white) \n\nA **secure and scalable authentication system** implementing **role-based authorization**, **JWT authentication**, and **Redis-based token blacklisting**. Designed for **production-grade applications**, this system ensures **data consistency**, **security**, and **atomic operations** with **database transactions**. \n**Motto**: A robust and adaptable authentication solution for modern applications. With minor modifications, this system can be seamlessly integrated into any project requiring JWT-based authentication.\n\n## šŸ”„ Features \n\nāœ… **Role-Based Authentication** ā€“ Assign and validate user roles for access control. \nāœ… **JWT Authentication** ā€“ Secure authentication with JSON Web Tokens. \nāœ… **Redis Token Blacklisting** ā€“ Secure session management and logout handling. \nāœ… **SendGrid Email OTP Verification** ā€“ Secure user registration with email-based OTP. \nāœ… **Password Hashing** ā€“ Strong password security using **Argon2 / Bcrypt**. \nāœ… **Database Transactions \u0026 Atomicity** ā€“ Prevents partial updates and ensures consistency. \n\n\n---\n\n\n## šŸ“Œ API Endpoints\n\n### šŸ”¹ **1. User Registration \u0026 Authentication**\n| Method | Endpoint | Description |\n|--------|---------|-------------|\n| **POST** | `/sign-up` | Registers a new user by collecting user details and storing them securely. |\n| **POST** | `/sign-up/otp` | Verifies the OTP sent to the user during sign-up. |\n| **POST** | `/login` | Authenticates users and issues a JWT token upon successful login. |\n\n### šŸ”¹ **2. Role-Based Access (Protected Routes)**\n| Method | Endpoint | Description |\n|--------|---------|-------------|\n| **GET** | `/user` | Accessible only to authenticated users. Fetches user-specific data. |\n| **GET** | `/admin` | Accessible only to authenticated admins. Fetches admin-related data. |\n\n\u003e šŸ›” **Authentication \u0026 Authorization:** The above endpoints require **JWT authentication** and role-based access control (RBAC) using middleware.\n\n### šŸ”¹ **3. Logout Functionality**\n| Method | Endpoint | Description |\n|--------|---------|-------------|\n| **GET** | `/user/logout` | Logs out the user by blacklisting the token to invalidating the user session . |\n| **GET** | `/admin/logout` | Logs out the admin by blacklisting the token to invalidating the admin session. |\n\n---\n\n## šŸ“Œ Authentication Flow\n1ļøāƒ£ **User signs up** via `/sign-up`, and an OTP is sent for verification. \n2ļøāƒ£ **User verifies OTP** via `/sign-up/otp` to complete the registration. \n3ļøāƒ£ **User logs in** via `/login` and receives a JWT token. \n4ļøāƒ£ **Authenticated users can access** `/user`, and admins can access `/admin` (JWT required). \n5ļøāƒ£ **Users/Admins log out** via `/user/logout` or `/admin/logout`, ensuring token invalidation. \n\n---\n\n## šŸ› ļø Technology Stack \n\n- **Node.js \u0026 Express.js** ā€“ Backend framework \n- **MongoDB Atlas** ā€“ Cloud database (āš ļø *Required for transaction support*) \n- **JSON Web Tokens (JWT)** ā€“ Secure authentication \n- **Redis** ā€“ Token blacklisting for session management \n- **SendGrid** ā€“ Email OTP verification \n- **Argon2 / Bcrypt** ā€“ Password hashing for security \n\n---\n\n## āš ļø Caution \n\nšŸ”“ **MongoDB Atlas is required for this system as transactions are not supported by default in local mongoDB databases!** \nLocal MongoDB does **not** support transactions due to the lack of **replica set initialization**, which is essential for **atomicity and consistency** in database operations. \nšŸ”“ **Use Postman for API testing!** \nSince there is no frontend yet, **Postman** (or similar API testing tools) should be used to test the authentication and authorization endpoints. \n\n---\n\n## šŸ“Œ Why Use This Authentication System? \n\nāœ”ļø **Security-First Approach** ā€“ Implements best practices for authentication \u0026 authorization. \nāœ”ļø **Scalable \u0026 Maintainable** ā€“ Designed for real-world applications with high user loads. \nāœ”ļø **Database Integrity with Transactions** ā€“ Ensures **atomicity**, so either all steps complete or none do. \nāœ”ļø **Session Management** ā€“ Token blacklisting prevents **replay attacks** and **unauthorized access**. \nāœ”ļø **Reliable OTP Verification** ā€“ Ensures valid user registrations with email verification. \n\n\n---\n\n## šŸ“Œ How Transactions Ensure Data Integrity \n\nThis system uses **MongoDB transactions** to ensure **atomic operations** when: \n- **Creating a new user** ā€“ The user profile is saved **only if OTP verification succeeds**. \n- **Assigning user roles** ā€“ The role is **set during user registration** only if the OTP verification succeeds. \n- **Revoking JWT tokens** ā€“ The token is **blacklisted only if** session revocation succeeds. \n\nBy using transactions, we prevent **partial updates**, maintaining **data consistency** across the database. \n\n---\n\n## āš™ļø Setup \u0026 Configuration \n\nTo use this authentication system, you **must provide the following environment variables**: \n\n### ** MongoDB Atlas Connection URL, Redis Connection URL, SendGrid Email API (Required)** \nThis system requires a :\n**MongoDB Atlas cloud database** for transaction support,\n**Redis database** for token blacklisting,\n**SendGrid Email API** for user creation and OTP purpose.\n\n```env\n# Redis Connection URL (āš ļø Required for Token Blacklisting)\nMONGO_LIVE=mongodb+srv://\u003cusername\u003e:\u003cpassword\u003e@cluster.mongodb.net/\u003cdbname\u003e?retryWrites=true\u0026w=majority\n\n# Redis Connection URL (āš ļø Required for Token Blacklisting)\nREDIS_LOCAL=redis://\u003cyour-redis-host\u003e:\u003cport\u003e\n\n# SendGrid API Key (āš ļø Required for OTP Emails)\nSEND_GRID=SG.xxxxxxx.yyyyyyyyyyyyyyyyyyyyyyyy\n\n# JWT Secret (āš ļø Required for JWT Signature generation)\nSECRET=xxxxxxx.xxxxxx.yyyyyyyyyy.yyyyyyyyyyyy\n\n# PORT Number (āš ļø Required for Running Application)\nPORT=4001\n\n\n```\n## šŸš€ Entry File \n\nThe **entry point** for this project is: server.js\n\n\nThis file initializes the **Express server**, connects to **MongoDB** and **Redis**, and sets up the required middleware.\n\n## šŸ› ļø How to Clone and Run \n\nTo get and run this server on any machine, follow these steps: \n\n```sh\n# Clone the repository\ngit clone https://github.com/RishiGaneshe/Authorization-Based-Authentication-System.git\n\n# Navigate into the project directory\ncd Authorization-Based-Authentication-System\n\n# Install dependencies\nnpm install\n\n# Create a `.env` file and configure your environment variables\n\n# Start the server\nnode server.js # or use nodemon for live reloading\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frishiganeshe%2Fauthorization-based-authentication-system","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frishiganeshe%2Fauthorization-based-authentication-system","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frishiganeshe%2Fauthorization-based-authentication-system/lists"}